Cyberattack on RIT

We’re not trying to sound overly dramatic, but we need you to read this alert and take action (and tell your colleagues and fellow students).

RIT and our users (you) are currently under attack by cybercriminals. We’ll provide more information below, but we need you to do the following:

If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.

Your colleague’s account may be compromised. The malicious email may come from them. Please submit suspected phishing/spam by creating a new mail note to spam@rit.edu and attaching the suspicious email. Then delete the suspicious email and/or attachment.

Then delete the suspicious email and/or attachment. If you administer your computer or others, ensure that anti-virus/anti-malware is up to date and functioning .

. If you have clicked on a suspicious link or opened a suspicious attachment, change your password and contact your service desk immediately.

Background

Over the last week, we’ve seen more than 40 email accounts compromised and used for spamming internally to RIT and externally. (This is more compromised accounts than we typically see in a year.) Spamming internally means that you may receive malicious attachments and links from a coworker. At this point, we’re seeing compromised accounts among faculty, staff, and students.

There are several known attack vectors:

Malicious attachments NOT detected by antivirus. The attachment names have varied, but we’ve seen invoice.doc, resume.rtf, sixt_receipt, Capital One 360, etc.

Ransomware attacks using malicious attachments. (Ransomware encrypts your files.)

Spear phishing with malicious links sent from internal and external accounts.

Attempts to use all of the RIT mailing lists to garner additional compromised accounts and send out spam/phishing/malware.

What RIT is doing:

Analyzing the attacks and determining and implementing the best technical defenses. However, the attacks are directed at you and you must be vigilant.

Sharing and receiving information securely with other affected universities. These attacks are being seen across higher education.

Informing the RIT community of best practices and actions we’re taking.

We do not know if this is a short-lived wave of attacks or a siege we will have to endure long term.

If you have questions, please contact us or your service desk.

Ben Woelk '07 CISSP

ISO Program Manager

Information Security Office

Rochester Institute of Technology

ROS 10-A204

151 Lomb Memorial Drive

Rochester, New York 14623

585.475.4122

585.475.7920 fax

ben.woelk@rit.edu

http://www.rit.edu/security/

Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec

Follow us on Twitter: http://twitter.com/RIT_InfoSec