Cyber-Security at the University of Kentucky

Monday October 30, 2017

October is National Cyber-Security Awareness Month. Unfortunately, when attacks on cyber-security occur, it is often on large institutions—such as a university. At the University of Kentucky, we are taking various steps to prevent cyber-attacks. With the increasing use of technology in our society, these attacks are becoming all the more popular. 

I would like to update you on the terms, types of attacks, what to do in the event of a cyber-attack, our cyber-security protocol, and give you some tips to prevent attacks on your own devices.

• Cyber-crime— the act of using a computer or other internet technology as a tool, in order to commit illegal acts. Examples include piracy, phishing, fraud, and identity theft.
• Malware— “suspicious software.” It is a software file or program that may contaminate your computer with a virus, worms, spyware, software, and more. Malware can access your own personal data—it might steal, delete, encrypt, hijack, or alter it. It can come through the internet via email, software downloads, and torrent files. It may be on your computer without you even realizing it—if you have frequent pop-ups, your computer is running slowly, or webpages crash frequently, you might have malware on your system.
• Ransomware— Ransomware is a specific type of malware that locks your computer screen or files by freezing it, preventing access until a ransom is paid. Ransomware will typically begin with an unusual file on your computer or a notification on the screen, which will prevent you from using your computer. Following that, instructions will appear on how to pay the ransom. However, ransom payment does not guarantee that your computer will be unlocked.
• Distributed Denial of Service (DDOS) Attack— a single attack on your computer from multiple systems which have been compromised by malware. It creates an overload of incoming traffic and messages, causing the system to shut down.

What types of attacks have occurred recently at UK? 

This semester, we have discovered several phishing emails at the University of Kentucky.  Some recent examples are outlined below.

The first one titled the subject line “EMERGENCY” and sent out a link to an external, non-UK website, claiming that employees would need to login there to re-gain access to their email accounts.

The second attack consisted of an email titled “OVERDUE ACCOUNT,” which falsely notified employees that their accounts had a balance due. It included a link to a payment option, which contained malware.

The University of Kentucky’s Information Technology Services (ITS) and the HealthCare Information Technology teams have been working to resolve any issues caused by such emails. However, we would like to remind all of our colleagues not to provide information or click on links or attachments in emails that are unexpected and from unfamiliar people.

How can you detect a potential scam or attack?

• If there is poor syntax and/or grammar within the message.
• If it comes from an unspecified sender.
• If it includes links that ask you to visit a non-uky.edu address for “secure verification”
• If it comes from a fake reply address (such as chancellor@uky.edu, as we do not have a chancellor at UK)

What should you do if you have replied to a phishing email and/or clicked on a link within a phishing email?

First, change your password immediately via the UK Account Manager (http://password.uky.edu).

Next, call ITS at 859-218-HELP (4357) or email at 218help@uky.edu, to receive individual instructions on what to do next.

If you ever believe that an email is a scam, delete it. You can also contact IsThisEmailSafe@uky.edu to inquire about specific messages. You will only receive a response if the message is safe.

If you think your computer has been compromised, need help understanding the variety of options available to protect your personal data, or have any other questions on this topic, ITS is available 24/7 via phone and email.

At the University of Kentucky, we will continue our efforts to increase cyber-security. I hope you will be mindful with your own technology. As always, we are here to help.

Eric N. Monday

@UKYMonday

#seeblue