Category: Information Security

Prohibited Technologies Announced by Board of Governors

Posted on by tgale@ufl.edu

The University of Florida has complied with the State University System (SUS) Board of Governors Emergency Regulation 3.0075 – Security of Data and Related Information Technology Resources, adopted on March 29, 2023. Regulation 3.0075 requires SUS institutions to remove technologies listed on its Prohibited Technologies List from any university-owned device. Additionally, these technologies must be blocked from the university’s network.

Effective immediately, the installation or use of Tencent QQ, TikTok, WeChat, VKontakte, and Kaspersky on any university-owned device, network, or to conduct any university business including marketing and advertising, is prohibited. Faculty and staff that have any prohibited technologies installed on a university-owned mobile device or computer are required to remove them and cease their use. The prohibited technologies are also now blocked from use on any UF Wi-Fi network.

UF strongly recommends discontinuing use of the prohibited technologies and removing the apps from personal devices as well. Taking this action will help protect personal information as well as university data. University information security staff continuously evaluate technology vendors, software products, and services. UF maintains a list of approved technologies on its Fast Path Solutions website. High-risk software and services that present an unacceptable level of cybersecurity risk are listed as ‘not permitted for use’. More information on the university’s response to SUS Emergency Regulation 3.0075 can be found on UFIT’s https://security.ufl.edu/resources/prohibited-technologies/ webpage.

Avoid Public Wi-Fi

Posted on by tgale@ufl.edu

Traveling this summer? Avoid public
Wi-Fi networks as much as possible.

Using public Wi-Fi is easy because they don’t require a password. However, free unsecured access can allow hackers to watch every keystroke–as you log into bank accounts, GatorMail, make purchases, and access other files. In just seconds, all your personal and financial information can be stolen. According to Forbes, four in 10 people have had their information compromised while using public Wi-Fi.

Restaurants, hotels, and airports are among the most popular places people use unsecured Wi-Fi. Airports offer the perfect cybercrime environment. As people use public, unsecured Wi-Fi to read their emails or check the weather at their destination, someone might be tracking every click. How? One way is that hackers create free public Wi-Fi access networks with names that sound like the official airport Wi-Fi network. For instance, which would you log into: ‘CLT Free WiFi’ or ‘Charlotte Airport WiFi’? If you selected the wrong one from the list of available networks that pop up on your phone, then with just one click you are gifting all your personal information to a hacker. We are all addicted to connecting with friends, work, and family. But remember, you should only use encrypted or password-secured networks. Also, use UF’s VPN connection, so what you do send and receive is encrypted.

Visit https://news.it.ufl.edu/security/safe-travel-is-smart-travel-cyber-vigilance/ for more tips on information security and travelling safely.

Falling for a Phish Can Lead to an MFA Bombing Attack

Posted on by tgale@ufl.edu

Phishing attacks are frequently carried out through emails or texts that appear to come from a reputable source. Cybercriminals are skilled at using deceitful tactics to trick users into revealing personal information such as logins or credit card information. Common phishing tactics include:

Unsolicited work opportunities that lead to requests for bank routing information, or ask the new “employee” to purchase supplies, with the promise of reimbursement
Messages warning of an imminent deactivation of your accounts, such as bank accounts, social media accounts, or subscription services
Emails allegedly from the IRS, FBI, or other federal agency threatening legal action, and directing you to imposter websites requiring you to enter personally identifying information
Urgent requests from fake email accounts impersonating a high-level person in your organization, asking you to purchase gift cards or submit your credit card information.

Pay close attention to any email asking for GatorLink login credentials. Unauthorized access to your GatorLink account can expose your personal or academic information. Once a GatorLink login is compromised, the attacker may repeatedly spam Duo Push requests to your device — otherwise known as “MFA Bombing” — hoping you will accept just to make the requests stop. Approving an unexpected Duo request gives the criminal access to your account. Visit the MFA bombing webpage to learn more about this form of cyberattack.

MFA Bombing On the Rise at UF

Posted on by tgale@ufl.edu

MFA bombing attacks are increasing at UF. MFA bombing is a tactic used to circumvent your UF account’s multi-factor authentication measures. During an MFA bombing, the attacker uses your stolen username and password to repeatedly send ‘Duo Push’ notifications and/or phone call requests, hoping after multiple notifications you will give up and approve the Duo request. Approval will give the attacker access to your GatorLink account. If an attacker can MFA bomb you with repeated Duo requests, it means your GatorLink password is compromised and the attacker is trying to sign in using the stolen password.

To stop the onslaught of Duo attempts, you’ll need to reset your GatorLink password. Visit the GatorLink Account Management portal, select “Forgot/Reset Your Password,” and follow the prompts after selecting “Self-Service Reset.” You will be asked to provide your UFID, Gatorlink username, and additional information used to verify your identify.

It is important to use “Forgot/Reset Your Password,” and not “Change Your Password,” because the latter requires you to sign in–and you may accidentally approve the attacker’s Duo Push instead of your own requested notification!

The Duo requests should stop soon after resetting your password. (It may take a few moments for the attacker to get kicked out.) For more information on MFA bombing, visit UF’s Information Security website’s MFA bombing page.

Avoiding Scammers This Holiday Season

Posted on by tgale@ufl.edu

We are ordering more online nowadays. Broader selection, convenience of shopping from the couch, and increasingly no-charge shipping and returns makes online shopping more attractive than going to an uninspiring mall. Know who else finds online shopping very attractive? Scammers.

Scammers can get a lot of information by following the breadcrumb trails we leave when searching online. (Another reason to clear cache and cookies.) This allows them to create very realistic ways to scam you, including:

Order Confirmation Scams. These are unexpected calls, texts, or emails that often refer to an unauthorized purchase and ask you to act urgently to confirm or cancel the purchase. Scammers try to convince you to confirm payment method (such as providing your credit card number) or your bank account number, or to install malicious software onto your computer/device.

Tech Support Scams. Scammers create fake websites and then text you the URL, claiming to provide tech support for your recently purchased devices. Customers who visit these pages can fall for schemes like paying for a support contract, getting a device repaired, or purchasing of accessories that will never arrive.

UFIT has additional information online to help you identify online scams. Keep your personally identifying information and your money safe, Gators!

Clear Your Search Histories

Posted on by tgale@ufl.edu

Did you know your online activity — including the sites you visit, places you view on Google Maps, videos you watch, and more — is tracked and stored? Companies, both legitimate and malicious, use cookies to learn what you do online. How?  Companies keep records of your online activity by using a Third-Party cookie, which links the activity from your browser back to the profile they have of you. From there, your information could become compromised and shared with groups interested in stealing your personal information or compromising your university.

Regularly clearing your cookies can help limit this surveillance because doing so breaks the link that companies rely on to identify you. Clearing cookies is easy! If you use Google Chrome, first open your browser, then → Open the “Options” menu located near the top right corner of the window → Select “More Tools” → Select “Clear Browsing Data” → To delete everything select “All Time” → and then “Clear Data.” That’s it!  The steps can vary slightly depending on the device and browser used, so visit this page for information on how to clear cookies in your preferred browser.

Learn more ways to keep your personal data private by visiting UF’s Information Security Office website.

Cyber Bowl 2022: Beat FSU!

Posted on by tgale@ufl.edu

For Cyber Security Awareness Month, Florida State University’s Information Technology Services (FSU-ITS) challenged UF to a Cyber Bowl, an online game played on the virtual playing field. The Cyber Bowl will be live from October 3 – 14. It’s set up like a football game with four quarters. Each “quarter” contains one question related to social engineering. So…how do the Gators win?

The university who can get the most students, faculty, and staff game players wins. To register your entry in the game, all that’s needed is a valid UFL.EDU email address. The Florida State community is answering the same questions that UF is. And just for playing the Cyber Bowl, you could win a pair of tickets to the Florida-Florida State game on November 25! UFIT will randomly select one student and one faculty/staff member from all game entries to win the tickets. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions. And hey, learning more about social engineering is a “win” for you and for your university.

To play, visit https://cyberbowl.security.ufl.edu/ anytime between October 3 – 14, answer the questions, and help us beat the ‘Noles! That’s always a good thing, whether we’re playing FSU in a virtual location or a physical one. Thanks for participating in the Cyber Bowl and…GO GATORS!

Cybercrime Spikes at Start of Semester

Posted on by tgale@ufl.edu

Phishing emails, with malware and dangerous links embedded in them, increase at the start of each semester. Why? Cybercriminals know that new faculty, students, and staff do not yet understand what to expect from UF emails, and whether asking for GatorLink password information in an email is standard conduct. (It isn’t.)

In addition to phishing, social engineering includes deceitful activities like spear phishing, smishing, tailgating, and doxxing. Make time to review the Information Security Office’s
social engineering webpage and become familiar with techniques that cybercriminals use. To help the UF community better understand phishing, Dr. Amanda Phalin, Faculty Senate chair and senior lecturer in Warrington’s Management Department, recorded this video, which explains what it is and how it works.

In the past 12 months, UFIT’s security detection systems have caught 98.5% of phishing messages sent from outside the university. Still, some phishing emails do get through. That’s why being vigilant about what you click on is so important. The phish alert report button in GatorMail lets you report suspicious messages. If you receive an email you suspect is a phish, highlight the email and click on the phish alert report button. This action sends the potentially malicious email directly to the Information Security Office so staff can investigate. Emails from outside UF are marked with the [External Email] banner. Apply extra caution when you see this banner, especially if they purport to be from someone at UF.

Have a great semester and GO GATORS!

Learn How Doxxing Attacks Work

Posted on by tgale@ufl.edu

Recently, news outlets reported threats to a U.S. Supreme Court justice. What began as a social media attack became potentially a physical assault. This type of attack is called “doxxing.” Doxxing is defined as publicly revealing previously private information about an individual or organization, usually via the internet.

Doxxing attacks often focus on a journalist or public figure–like a faculty member–over something they have written. An individual or group opposed to what’s published can severely disrupt the author’s life, and in extreme cases their safety is threatened. Doxxing frequently results in abusive phone calls and text messages, sometimes in conjunction with a social media campaign or series of emails designed to harass and intimidate the writer.

The first step to protecting yourself against doxxing is to find out what information about you is publicly available. Conduct online searches in multiple browsers (e.g., Google, Firefox, Safari) and find out what others can see. Then, request removal of private information you find listed on any website. Also, be careful what you share on social media, especially information that could be used to find you or your family, such as location data in photos or posts. The most important step is to secure all your accounts with strong passwords and multi-factor authentication whenever possible. Visit UF’s Information Security Office “Protect My…” webpage and learn more about keeping personal information private.

Identifying Deepfake Videos

Posted on by tgale@ufl.edu

Misleading content online becomes more sophisticated with each technology advancement. One type of “fake news” becoming more prominent across all social channels is the deepfake, a video that’s been modified to make the subject appear to be doing or saying something they did not.

Deepfake videos are made to fool viewers for a variety of reasons including political agendas, financial gain, to embarrass someone or a group, or to use for blackmail. Public figures can be made to say things they never said, inciting viewers or followers to think a certain way and take action based on misinformation. A viral deepfake video supposedly of Tom Cruise has more than a million views. Here’s a breakdown by the video’s creator on how he utilized AI to construct the video: DeepTomCruise TikTok Breakdown.

It is possible to identify some deepfake videos by noticing changes in skin tone, jerky facial movements, or lip movements that do not match dialogue. But as the technology improves these clues could become even harder to spot. If you have concerns about the authenticity of a video purporting to be from UF, please contact the department posting the video or send your concern to the UFIT Help Desk.