News

RIT Information Security Advisory: Stealthy Word-wire Cyberattack

Cybersecurity firms are warning of an additional attack that targets the same vulnerabilities targeted by the WannaCry ransomware. Unlike WannaCry, this is not a ransomware attack. Instead the attackers take control of your computer and use it to mine virtual currency (cryptocurrency).

The issue for you is that even though the attackers haven’t yet encrypted your files and demanded a ransom, they’re still able to do that at any time, and they also have access to all files stored on your computer. You MAY notice a slowdown in how fast your computer runs or be unable to access specific resources.... ...

RIT Information Security Alert:: Preparing for WannaCry and Other Ransomware Attacks

We’ve seen many reports about the WannaCry ransomware attack that has been hitting computers worldwide. Although a researcher was fortunate enough to accidentally stop the initial wave of attacks, recent reports indicate that the attackers will be launching a new round of attacks. Researchers suspect that initial infections may have occurred through phishing attacks. The WannaCry ransomware itself is promulgating as a worm through networks worldwide. Worms prey on vulnerabilities in unpatched computers. NO USER INTERACTION needs to occur to be infected.

Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid... ...

RIT Information Security Advisory: Rapid Worldwide Increase in Ransomware Attacks

The BBC and other news outlets are reporting a rapid increase in the number of ransomware attacks worldwide. According to the article, computers have been locked up in thousands of locations worldwide. The increase in attacks may be linked to a group known as The Shadow Brokers, which is the group that claims to have released NSA hacking tools. Although it's unclear at this time, researchers believe the attack is spreading through a worm. Worms prey on vulnerabilities in unpatched computers.

Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid in... ...

Information Security Advisory: Attack through Google Docs Request (Now Mitigated)

Attack through Google Docs (Now Mitigated)

Early today, RIT users were targeted in a phishing attack that masquerades as a document request on Google Docs. The link provided in the email messages are to the legitimate Google login system. Google has now blocked this particular attack from occurring.

Here's one of the variants below. You'll note that it very closely resembles the read Google docs notification email.

How do I know this is a phishing attempt?

  • The days of
  • ... ...

RIT Information Security Education: Phishing and Spear Phishing

The Difference Between Phishing and Spear Phishing

You’ve seen us mention both phishing and spear phishing in alerts and advisories. Here’s a look at the differences.

Phishing 

Phishing attacks are typically emails sent to a wide target audience with the intent of acquiring login credentials, account numbers, Social Security numbers, or other Private Information. The goal of the attackers is to commit Identity Theft. Although it used to be quite easy to identify the attacks because of poor grammar and other “telltales,” the attacks have become more sophisticated. It’s now possible for an attacker to purchase... ...

RIT Information Security Alert: Campus Notification Phishing Attempt

Campus Notification Phishing Attempt

RIT people are receiving an email masquerading as a Campus Notification sent from the RIT Message Center. The message originated from off campus and includes a link to a non-RIT address. Clicking on the link will take you to the phishing site.

 

Here is the phishing email:

 From: "RIT Message" <k.milne-15@student.lboro.ac.uk> Date: Apr 10, 2017 5:55 PM Subject: Campus Notification To: <RIT ADDRESSEE> CC: Hi there, You have an important campus notification Follow the link to read the notification Campus Notification Thank you, RIT Campus Notification, 

How do I know this is... ...

RIT Information Security Alert: Drop Box and "Confirm Your Account" Phishing Attempts

"Confirm Your Account" Phishing Attempts

The phishing attacks have broadened to include a Drop Box associated phish and a simulated RIT Information Security Alert. Both phishes include links to compromised non-RIT websites. 

 

Drop Box Phish

From: Drop Box* <sdinatale@tampabay.com>

You have *1 new important document as of April 04, 2017 which is listed below along with the action that can be taken. You can view or download you documents by visiting preview or download page. Happy Dropboxing! 

- The Dropbox Team

P.S. Learn how to protect your account.

 

Simulated RIT Information Security Alert Phish

Subject: RIT... ...

RIT Information Security Alert: Recognizing that You're Really at myinfo.rit.edu

RIT users continue to be targeted in a phishing attack that masquerades as important messages to employees. The links provided in the email messages closely resemble our myinfo page, but there are a couple of indications that you’ve gone to a spoofed page.

Recognizing the Real RIT myinfo Page

 

Legitimate Site Indications

In the Address Bar: look for the following (from the left):

RIT Information Security Alert: Important Message from Faculty/Staff Phishing Email

RIT users are again being targeted in a phishing attack that masquerades as important messages to employees. The links provided in the email messages resemble our myinfo page.

Here’s one of the variants below. You’ll note that although the end of the link is myinfo.rit.edu, the first part of the link is to a compromised WordPress site. Clicking on that link would take you to the website that mimics myinfo.rit.edu, not to the RIT site. 

------------------------------------------------------------------------------------------------------------------------------------

From: Rochester Institute of Technology [mailto:noreply@rit.edu]

Sent: Tue 3/28/2017 1:15 PM

Subject: Important message from RIT Faculty/Staff

Dear Employee:
You have new important message... ...

RIT Information Security Alert: Your RIT account information Phish

Many RIT faculty, staff, and students have received an email informing recipients that there’s been a database update and they must follow the link and update their account information. The link leads to a spoofed copy of the RIT login page. A copy of the phish is provided below.

 

Sample Phishing Email

From: Rochester Institute of Technology <Sender email address>
Date: Thu, Mar 2, 2017 at 6:01 PM
Subject: Your RIT account information
To: recipient email address

Hello,

Due to a recent update in our database, its is important that you update you account information.... ...