Re: Unusual pattern of compromised accounts

[David Santos <SantosD () FELICIAN EDU>]

Hi Joe,

I know your College has been in the news over the last year or so; I would start to question if this could somehow be 
related; is that your common factor? Looks like the culprits went after financials and I would assume internal breach 
with maybe only one compromised account (someone within payroll for example).

David Santos
IT Security & Helpdesk Manager,
Information Technology

[cid:image002.jpg@01D396C2.FCA65F60]

Felician University
262 South Main Street
Lodi, NJ 07644
P: 201-559-6075
www.felician.edu<http://www.felician.edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pollock, 
Joseph
Sent: Friday, January 26, 2018 4:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Unusual pattern of compromised accounts

Has anyone observed the following:


  1.   A cluster of compromised accounts with no indication of a common factor such as clicking on a phishing link. 
Users have no idea how the compromise occurred.
  2.  The culprits change the user's direct deposit authorization
  3.  They may have been familiar with the Banner system.
  4.  No other activity was observed.

We are looking for other indications,  such as compromised desktops,  but have found nothing as yet.

Please reply outside the list if you wish.

Joe Pollock
Network Services
The Evergreen State College

______________________________________________________________________
This incoming email has been scanned by the MessageLabs Email Security System for Felician University.
______________________________________________________________________

______________________________________________________________________
This outgoing email has been scanned by the MessageLabs Email Security System for Felician University.
_____________________________________________________________________