Hi Everyone,

We are applying security update to EOAS Email system. It will be in maintenance mode till ~11:45am July 14th.

Thanks for understanding.

Charles.

The new Exchange server includes a feature that you can use to change your password. You can access that feature by first going to your Exchange account using a web browser and visiting https://exchange.eoas.ubc.ca. 

For instructions please follow the steps in this short YouTube video:

https://www.youtube.com/watch?v=79S3rEEmYhw

Useful guidelines for identifying Phishing => https://bit.ly/2NcPKSF

Dear Colleagues,

Yesterday, a faculty member at UBC received a phone call at home from someone pretending to be a staff member from UBC IT offering to help check and update their computer.  This is an example of a “Windows Tech Support” scam, where the cybercriminal is hoping to install malware onto your computer.

Please be vigilant when you receive unexpected phone calls from a number you do not recognize. EOAS IT and UBC IT will never phone you at home to provide check-ups and upgrades on your computer without reason. 

If you receive a phone call from either UBC IT or EOAS IT that you did not expect, please refer that caller to your EOAS IT (Compstaff).

Dear Colleagues,

Please note that ArsTechnica, The Guardian, and several other news sites are hightlighting a new security threat that leverages a trick of character encoding to fool people into thinking they are clicking on a link to Apple's web site when the link is potentially another (malicious), web site. You can read the articles at:

https://arstechnica.com/security/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/

https://www.theguardian.com/technology/2017/apr/19/phishing-url-trick-hackers

If you own an Apple computer, you wil llikely receive periodic email from Apple.com. Please exercise caution when visiting any link that appears to be Apple.com and avoid downloading files or documents from Apple unless you are certain of the source.

Major browser vendors are working on a fix that will mitigate this particular attack vector.

If you believe you have been the victim of a phishing attack, please contact EOAS IT via email at helpdesk@eoas.ubc.ca or by visiting our web site at https://helpdesk.eoas.ubc.ca.

Ransomware can be localized to target individual users or systems, or expanded to larger groups and even organizationally focused with the intent of paralyzing an organization.  Recently, there have been a number of ransomware attacks that exploit unpatched vulnerabilities on servers connected to the internet, resulting in an attack against the entire organization,impacting all operations; in higher education this affected the ability to teach and do research. Some examples include the University of Calgary, San Francisco Municipal Transportation Agency, Hollywood Presbyterian Medical Centre, and Carleton University.  

Below are some similarities and recommended solutions we have been able to draw between these recent organizational attacks:

1.     Vulnerabilities are exploited to gain an initial foothold

Solution:

We strongly encourage everyone to patch all networked systems; focus first on all internet facing servers, paying special attention to java-based servers as they are frequently targeted. If you require assistance in patching your servers, please contact your department’s IT Administrator.  If you are unable to patch your server or get help from your department, please contact security@ubc.ca.

2.     Keyloggers are installed to steal administrative credentials, which are used to map network shares and deploy ransomware

Solution:

For critical accounts that have control over multiple servers/systems (e.g. root, Administrator, etc.), use a privileged account manager that checks in and out the account, changing passwords for each usage.  Privileged accounts should have limited access to only those who need it and used only when necessary.  These accounts must not be used for checking email or web browsing or any other user related activity.

Anti-malware software must also be installed and kept up-to-date on all operating systems, such as Windows, Mac, and Linux.

3.     Ransomware encrypts critical files needed for research, teaching or administrative activities.

Solution:

Use network file shares that are backed up regularly (e.g Home Drive, Teamshare, or Workspace) for the storage of critical files.  Keep backups off-line and accessible only via specific privileged accounts that have restricted usage.

In addition to the above recommendations, we strongly encourage everyone to review and ensure they have the latest patches for their servers.

November 23^rd, UBC will begin blocking incoming network traffic from off campus for a range of network services.

This change will not impact email, web, SFTP, or the Department’s ownCloud service.

The majority of the services that will be blocked are no longer in use or were considered insecure for some time. One example of a service that will be blocked from off campus is print.

In this example, if you were printing from home to a printer here on campus in your office, after tomorrow’s change you will no longer be able to print directly to your office printer from home unless you establish a secure connection using UBC’s myDNS service and your account is configured for access.

A detailed article has been posted at the EOAS Help Desk knowledge base, this article is available to anyone who has already migrated, you can find this article by searching for "ports blocked at the UBC border"

If you require an exemption, for example if you are working with an external government institution that requires access to on campus resources using a service such as Remote Desktop Protocol (RDP), and you have not already contacted EOAS IT or UBC IT – contact us NOW, otherwise your connection may be interrupted.

If you have any questions or concerns, please submit a request through the my.eos.ubc.ca portal, or if you have migrated, you can email the EOAS IT Help Desk at helpdesk@eoas.ubc.ca.

A number of people are reporting receiving emails from American Express with the Subject line: Please activate your Personal Security Key

These emails look legitimate but should be ignored.  If you are an American Express card holder and have doubts about a communication coming from what looks like American Express, or believe you may have responded to one of these emails with your information, your best course of action is to contact American Express using the phone number on the back of the Credit Card.

A screen shot is included below.

As you may be aware, there was a recent denial of service (DDoS) attack that targeted DNS services offered by DynDNS (dyn.com), which resulted in sites and services interrupted for large companies including Paypal, Netflix, and Airbnb. According to press information, the botnet behind the attack leveraged flaws in a brand of smart cameras and DVRs (arstechnica.com/information-technology/2016/10/inside-the-machine-uprising-how-cameras-dvrs-took-down-parts-of-the-internet/).

The code used to exploit the flaw is now in the public domain. UBC and other institutions and companies are experiencing an increase of malicious traffic. The malicious traffic is targeting the University’s DNS servers and our networks are being scanned for insecure devices on port 23/TCP and 2323/TCP. In response, on November 2, 2016, the University will be blocking inbound traffic specific to ports 23 and 2323 for all UBC networks. Port 23/TCP is used by the application telnet (www.packetu.com/2012/04/17/whats-wrong-with-telnet/), and port 2323/TCP is designated as part of the 3d-nfsd protocol, however many vendors use that port as an alternative to port 23/TCP.  I don’t expect this change will impact anyone in our department. If you use telnet or port 2323/TCP to access services on campus from an off campus location, you will need to start using UBC’s myVPN service.

If you are not sure how to use UBC’s myVPN service, please contact helpdesk@eoas.ubc.ca or come drop-in to EOAS Main 113 and we can talk about what needs to be done.

A vulnerability called the DirtyCOW has been disclosed for all Linux systems. The vulnerability is especially problematic for multi-user systems, which allows local-user accounts to gain escalated privileges for the affected system.  

This vulnerability has been assigned CVE-2016-5195.  We recommend applying the latest patches to your Linux machine.  A bulletin has also been created for this: http://bulletins.it.ubc.ca/archives/28072

For more information on this vulnerability, please review the following links:

https://access.redhat.com/security/vulnerabilities/2706661

https://security-tracker.debian.org/tracker/CVE-2016-5195

https://nakedsecurity.sophos.com/2016/10/21/linux-kernel-bug-dirtycow-easyroot-hole-and-what-you-need-to-know/

Dropbox® recently confirmed that 68 million email addresses and password information were stolen from their database.  UBC IT has received the list of credentials that were identified as associated with this breach.  The IT Service Centre has sent out the notification below to these users yesterday.

From: UBC IT ITSC - Do Not Reply

Subject: 2012 Dropbox® Data Breach

This email was sent from an unmonitored mailbox. Please do not reply to it

Dear <email address>,

As you might have heard, Dropbox® recently confirmed that 68 million email addresses and password information were stolen from their database.

UBC IT has been notified that your UBC email address was identified as part of the list of credentials associated with this breach. 

If you use the same password for “Dropbox” as you do for your CWL account or other UBC accounts, please reset your password(s) immediately and use a different password going forward to ensure the safety of your data and any UBC electronic information.

You can change your CWL password at myaccount . ubc . ca (this is a non-clickable link, please type this in your address bar without the spaces)

If you have any questions, please contact the UBC IT Service Centre at it . ubc . ca/helpdesk (this is a non-clickable link, please type this in your address bar without the spaces).

Sincerely,

Rose Chan

Manager, Service Centre

Information Technology | Engage. Envision. Enable.

The University of British Columbia

Tel: 604.822.2008 

A bulletin has also been posted about this notification: hxxp://bulletins.it.ubc.ca/archives/28064.  If you have been impacted by this breach, please update your password immediately.

Regards,

Larry Carson
Associate Director, Information Security Management, UBC