Students Staff

January 19, 2018

Phishing simulation – what we did, why we did it, and the outcome

Filed under: Security — Sara Stock @ 2:28 pm

We’re all at risk from phishing scams, but there are things we can do to reduce the risk.

What we did

In December we used a respected cyber security company called Khipu Networks to create a simulated phishing campaign. Every member of staff, including student staff, received an email over the course of a day. The email pretended to be from the IT Helpdesk. Although we ensured that the phish looked realistic in terms of the fonts, logos, signature and language used there were some subtle clues to it being a phish. The email address it came from had a hyphen where a dot should be, and the web address, if you did a mouse over the link, was not one of ours (although it looked very much like it).

Anyone clicking on the link was taken to a web form and invited to enter their credentials. At this stage the biggest hint that this was a phish is that IT Helpdesk would never ask staff to share usernames and passwords in this way, and nor should any other bona fide organisation. Anyone submitting the form (whether or not they put in any credentials or their real credentials) then received a further email explaining that they had been phished and asking them to watch a short online video, with tips on how to avoid being phished, and take a quiz.

Why we did it

Phishing is the main way that malware, including ransomware, gets into an organisation. We’ve had recent phishing attacks that have led to ransomware and to individuals staff members having their email accounts compromised and people using those accounts to attempt to divert salary payments (in both cases processes have been changed to prevent future damage). Our main line of defence is the awareness of our users. We’ve run two awareness campaigns about the dangers of phishing this year and wanted to see how well they had worked and to assess whether we need more campaigns, more training or a combination of both.

What we didn’t do

We didn’t alert staff beforehand that this was happening in order to maximise the reach. That included IT Services staff, which is why the responses you received if you called were muddled in some instances. We bypassed our normal phishing procedure: we didn’t block emails, we didn’t allow mailscanner to flag mail (although it did in some instances), and we didn’t put out any service alerts.

What happened

We had unfortunate timing in that a real phishing and spam attack that came through a compromised Essex email account happened on the same day. This meant that there were some actual phishing emails in the system on the day, and, more importantly, that the follow-up email (received when anyone entered their Essex details into the fake website) came up to several hours after they hit submit, instead of within a few seconds.

The Helpdesk received a very high number of calls and emails. Various individuals used informal routes to alert colleagues, including email and email lists (Small-Ads). This was all useful as it means that there is a bit of a safety net in place that supports those who might not spot a phish for themselves.

What we learned

Although the number of people who were fooled by the phish was reasonably low – and certainly lower than the 32% reported elsewhere when other institutions have carried out this exercise – it was still substantially higher than the 1% we aspire to. It only takes one successful phish to cause serious problems. Although many people are aware of the fake phish, awareness of our most recent phishing campaign is still low.

We’ve also seen that the IT Helpdesk doesn’t the resources necessary to cope with such an influx of queries, and we’re looking into ways to ensure better support in future.

Looking at the number of calls to the Helpdesk against the numbers when a phishing attack is dealt with in the usual way (blocking emails, mail scanner, service alerts) we’ve been able to demonstrate that our usual countermeasures dramatically reduce the amount of phishing mails coming in and the numbers of people falling prey to phishing attacks.

What’s next

We’re looking at ways to provide better levels of support to the IT Helpdesk.

We will send simulated phishing emails to students over a period of three or four days, yet to be confirmed, in the new year.

We may run a further simulated phishing test for staff at some stage without warning.

What you can do
We will continue to be hit with real phishing attacks, so do please:

  • continue to be alert
  • make yourself aware of how to spot phish
  • report any phish you spot to phishing@essex.ac.uk
  • print out a phishing tips poster if there isn’t already one on a notice board near you..
  • remember: never respond to emails that ask for your username and password. The University will never email you to ask for your password.
The University of Essex will moderate comments and there will be a delay before any posts appear.

January 8, 2018

[Service alert] Password changing and applicant portal problems

Filed under: Other, Uncategorized, [Resolved], [Service Alert] — Trevor Smith @ 12:25 pm

Due to a service outage there may be intermittent problems with access to the applicant portal and the password changing systems today.

We are working hard to identify and resolve this and will post an update when the issue has been resolved.

 


 

A system failure occurred which caused some services to become temporarily unavailable. This has now been resolved.

The University of Essex will moderate comments and there will be a delay before any posts appear.

January 5, 2018

FASER drop-in sessions

Filed under: Elearning, FASER, IT Training, Uncategorized — sgswaine @ 2:37 pm

Lunch and Learn drop-in sessions for users of FASER

To coincide with the release of the new and improved version of FASER due to be released on Monday 22 January, IT Services is holding a series of drop-in sessions designed to help users understand and transition to the new system.

The drop-in sessions will run over a two week period from 22 Jan to 2 Feb and take place over the lunch hour. Participants will discover what key improvements have been made and have a chance to ask questions.

To book simply follow the link to Lunch and Learn: FASER via HR Organiser and login with your UserID and password.

If you’d like more background information about the update, check out the FASER update blog or if you have any questions about booking a place or session content, please don’t hesitate to contact it.helpdesk@essex.ac.uk.

We hope to see you there!

The University of Essex will moderate comments and there will be a delay before any posts appear.

January 4, 2018

‘Serious’ computer chip flaw

Filed under: News, Security — Dan Jolly @ 3:10 pm

Update 19/01/2018

Work to patch all University-owned computers, servers and infrastructure is proceeding well.  Over half of the University’s digital estate has now been patched.

We haven’t observed any problems with the patches so far, however, if you do experience any problems with your computer or device that you think may be related to recent software updates, contact the IT Helpdesk.

Patching work continues.


 

Update 09/01/2018

Work to patch and test core University systems is ongoing.

Our advice for users with personal devices and computers is to check for updates and install them.


 

Original alert 04/01/2018

As you may or may not have heard in the news recently, researchers have discovered two major bugs in computer chips that could allow hackers to steal sensitive data.

One flaw dubbed ‘Spectre’ was found in chips made by Intel, AMD and ARM. The other, known as ‘Meltdown’ affects Intel-made chips alone.

Learn more about this story:

IT Services staff are taking this issue seriously.

We have assembled a small team to assess any potential impact, and work is already underway to test the various patches that have been made available by software vendors.

We are monitoring the situation closely and will publish an update as soon as we know more.

The University of Essex will moderate comments and there will be a delay before any posts appear.

January 2, 2018

FASER Update

Filed under: FASER — Benjamin Steeples @ 4:20 pm

Update 10 January 2018:

We have added a few more frequently asked questions (FAQs) relating to the update. Please see the list of questions at the bottom of this post.

 

Original post:

As previously blogged, over the last 18 months we have been working hard on a new and improved version of FASER, developed in response to feedback from staff and students. The main goal has been to change the underlying infrastructure, paving the way for future enhancements and providing a modest performance and usability improvement.

This new version has been tested by selected volunteers and departments, and we are now putting the finishing touches in place. We aim to release this new version to all staff and students in the spring term.

Key improvements in the new version include:

  • Implementing Single-Sign-On (SSO) to reduce the number of login prompts.
  • Performance improvements. Ensuring FASER only reloads parts of the page that have changed, rather than reloading the entire page every time. We have combined this with additional caching of information and some database changes to ensure that pages and information loads faster than before.
  • Adding calls to action to FASER. These guide staff to common outstanding tasks relating to an assignment, and reduce the number of clicks and page loads required to achieve that task.
  • Rewriting the majority of FASER to take advantage of MVC software design. This allows us to separate the code responsible for the appearance, logic, and underlying data of FASER, and enables us to make changes to the service in a quicker and more responsive manner.
  • Improvements to online annotation. We have listened to feedback and are now working with an alternative supplier to introduce improved online annotation.
  • Increased visibility of and guidance about students with a Specific Learning Disability (SpLD) or Asperger Syndrome Disorder (ASD).
  • Upload checking. FASER now carries out basic checks on uploads, and warns the student if they have submitted a corrupted document.
  • Finally, we have taken the opportunity to fix a lot of minor annoyances and bugs in FASER.

 We are aiming to release this new version to all staff and students on Monday 22 January 2018.

 If you would like a sneak peek of the new version, simply click on the blue banner when you next log in to FASER.

 

Questions you may have:

Why wasn’t I invited to see the new version sooner?
We know you’re all busy, and so last year we ran a FASER Staff Survey which included a question on whether staff were willing to help us test the new version. This acted as our initial list of testers.

Why is the new version being released part-way through an academic year?
Ideally we would have released this at the start of the academic year, but we weren’t happy with the volume of testing and feedback we’d received over the summer. The new version of FASER includes some important new features, so rather than wait another academic year the decision was made to release mid-year.

Won’t this confuse students?
There have been very few changes to the student view of FASER.

Some pages are still slow!
We have made some big improvements to FASER’s performance in the new version, but there is still more work to be done. We aim to implement further performance improvements in the coming year.

I’ve found a problem or encountered something confusing, how do I report this?
Either click on the Tell us what you think link at the top-right of FASER’s web pages, or send us an email at ltt@essex.ac.uk.

I’ve had a sneak peek and something is missing, what’s going on?
We are still putting the finishing touches in place. Rest assured, everything will be there when we release in the spring term.

Why doesn’t the new version do … ?
We have focused on improving FASER’s usability and performance, in addition to laying the groundwork for future enhancements. You may find that a feature you’ve been asking for hasn’t made it into this new version. Don’t worry, it’s still on the list for future versions and we are continuing to work on FASER behind the scenes.

I had an email saying that I would not be able to annotate between 15 and 22 January, will this impact my marking?
This only affects FASER’s inbuilt online annotation feature (Crocodoc). Markers who download work to annotate offline (eg. Word or PDF annotation) will be unaffected, and can continue to mark and provide feedback during this period.

Will there be training on the new version?
Yes, we are tackling this in several ways:

  • Most FASER pages will include a Take a tour of this page link, which guides you through common features of each screen.
  • We have improved FASER’s help and support pages.
  • We will be running drop-in sessions during the start of the spring term. Dates will be announced via email and the IT Services blog.
  • We will be improving the Introduction to FASER Moodle course.
The University of Essex will moderate comments and there will be a delay before any posts appear.

 

Older Posts »