Information Security Office – University of Florida Information Technology News

The Institutional Impacts of a Cyberattack

Posted on January 18, 2024January 18, 2024

Higher education is facing an exponentially growing threat: Cyberattacks. Check Point Software reports educational institutions experienced an average of 2,507 cyberattack attempts per institution per week in the first three months of 2023 alone! Universities and colleges are at a high risk of suffering a data breach or a ransomware attack because the amount and types of data created and stored is extremely valuable to cybercriminals–data like student records, banking information, protected health information, and research data. Restricted data falling into the wrong hands can be devastating for UF, its constituents, to university business partnerships, and for funding from federal and state agencies. The welfare of the campus community and even our recruitment capabilities are all on the line.

Information security is our shared responsibility! Faculty, students, and staff must all be aware of what’s at stake, and do their part to help protect UF from cyberattacks. According to a 2023 IBM Security report, data breaches initiated through compromised credentials (such as GatorLink login information) take the longest for institutions to resolve and can be incredibly costly. Help prevent data breaches by practicing caution when opening any email received in your GatorMail marked [EXTERNAL EMAIL]. These emails come from outside the UF organization and could potentially be phishing attempts. Pay close attention to any email requesting your GatorLink login or other personally identifiable information, and report suspicious messages directly to UFIT with the phish alert report button in the top right corner of your GatorMail.

UFIT’s Information Security Office’s website has recently refreshed its online presence with new resources. Take some time to visit https://security.ufl.edu/protect-yourself/social-engineering/ and learn about different types of cyberattacks and some best practices for protecting yourself…and UF.

The Personal Cost of a Cyberattack

Posted on November 2, 2023

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Work Safely with Restricted Data

Posted on April 24, 2023April 24, 2023

Restricted data refers to data collected, maintained, or managed by the university or through any university activities that are restricted by special protections from federal or state laws, regulatory mandates, or contractual obligations. Improperly working with, storing of, or transmitting restricted data could result in the revocation of research certifications, university business partnerships, and federal and state grants. In addition to the legal liabilities and financial obligations placed on individual employees and the university, a breach or misuse of restricted data would negatively impact UF’s reputation.

Types of restricted data are listed here. They include, but are not limited to, student records (FERPA), protected health information (HIPAA), Social Security numbers and credit card information, and export controlled data (ITAR).

All faculty and staff are required to annually complete the Information Security Awareness training, which includes a section on working with restricted data. UF’s Mobile Computing and Storage Devices Policy explains security and encryption standards required for devices operating with restricted data. UFIT’s Integrated Risk Management team is available to help clarify data classifications and the technologies and tools cleared for use with restricted data. Anyone in the UF community with questions is welcome to email irm-uf@ufl.edu.

Prohibited Technologies Announced by Board of Governors

Posted on April 6, 2023

The University of Florida has complied with the State University System (SUS) Board of Governors Emergency Regulation 3.0075 – Security of Data and Related Information Technology Resources, adopted on March 29, 2023. Regulation 3.0075 requires SUS institutions to remove technologies listed on its Prohibited Technologies List from any university-owned device. Additionally, these technologies must be blocked from the university’s network.

Effective immediately, the installation or use of Tencent QQ, TikTok, WeChat, VKontakte, and Kaspersky on any university-owned device, network, or to conduct any university business including marketing and advertising, is prohibited. Faculty and staff that have any prohibited technologies installed on a university-owned mobile device or computer are required to remove them and cease their use. The prohibited technologies are also now blocked from use on any UF Wi-Fi network.

UF strongly recommends discontinuing use of the prohibited technologies and removing the apps from personal devices as well. Taking this action will help protect personal information as well as university data. University information security staff continuously evaluate technology vendors, software products, and services. UF maintains a list of approved technologies on its Fast Path Solutions website. High-risk software and services that present an unacceptable level of cybersecurity risk are listed as ‘not permitted for use’. More information on the university’s response to SUS Emergency Regulation 3.0075 can be found on UFIT’s https://security.ufl.edu/resources/prohibited-technologies/ webpage.

Avoid Public Wi-Fi

Posted on March 23, 2023March 29, 2023

Traveling this summer? Avoid public
Wi-Fi networks as much as possible.

Using public Wi-Fi is easy because they don’t require a password. However, free unsecured access can allow hackers to watch every keystroke–as you log into bank accounts, GatorMail, make purchases, and access other files. In just seconds, all your personal and financial information can be stolen. According to Forbes, four in 10 people have had their information compromised while using public Wi-Fi.

Restaurants, hotels, and airports are among the most popular places people use unsecured Wi-Fi. Airports offer the perfect cybercrime environment. As people use public, unsecured Wi-Fi to read their emails or check the weather at their destination, someone might be tracking every click. How? One way is that hackers create free public Wi-Fi access networks with names that sound like the official airport Wi-Fi network. For instance, which would you log into: ‘CLT Free WiFi’ or ‘Charlotte Airport WiFi’? If you selected the wrong one from the list of available networks that pop up on your phone, then with just one click you are gifting all your personal information to a hacker. We are all addicted to connecting with friends, work, and family. But remember, you should only use encrypted or password-secured networks. Also, use UF’s VPN connection, so what you do send and receive is encrypted.

Visit https://news.it.ufl.edu/security/safe-travel-is-smart-travel-cyber-vigilance/ for more tips on information security and travelling safely.

MFA Bombing On the Rise at UF

Posted on January 9, 2023

MFA bombing attacks are increasing at UF. MFA bombing is a tactic used to circumvent your UF account’s multi-factor authentication measures. During an MFA bombing, the attacker uses your stolen username and password to repeatedly send ‘Duo Push’ notifications and/or phone call requests, hoping after multiple notifications you will give up and approve the Duo request. Approval will give the attacker access to your GatorLink account. If an attacker can MFA bomb you with repeated Duo requests, it means your GatorLink password is compromised and the attacker is trying to sign in using the stolen password.

To stop the onslaught of Duo attempts, you’ll need to reset your GatorLink password. Visit the GatorLink Account Management portal, select “Forgot/Reset Your Password,” and follow the prompts after selecting “Self-Service Reset.” You will be asked to provide your UFID, Gatorlink username, and additional information used to verify your identify.

It is important to use “Forgot/Reset Your Password,” and not “Change Your Password,” because the latter requires you to sign in–and you may accidentally approve the attacker’s Duo Push instead of your own requested notification!

The Duo requests should stop soon after resetting your password. (It may take a few moments for the attacker to get kicked out.) For more information on MFA bombing, visit UF’s Information Security website’s MFA bombing page.

Clear Your Search Histories

Posted on November 21, 2022November 21, 2022

Did you know your online activity — including the sites you visit, places you view on Google Maps, videos you watch, and more — is tracked and stored? Companies, both legitimate and malicious, use cookies to learn what you do online. How? Companies keep records of your online activity by using a Third-Party cookie, which links the activity from your browser back to the profile they have of you. From there, your information could become compromised and shared with groups interested in stealing your personal information or compromising your university.

Regularly clearing your cookies can help limit this surveillance because doing so breaks the link that companies rely on to identify you. Clearing cookies is easy! If you use Google Chrome, first open your browser, then → Open the “Options” menu located near the top right corner of the window → Select “More Tools” → Select “Clear Browsing Data” → To delete everything select “All Time” → and then “Clear Data.” That’s it! The steps can vary slightly depending on the device and browser used, so visit this page for information on how to clear cookies in your preferred browser.

Learn more ways to keep your personal data private by visiting UF’s Information Security Office website.

Learn How Doxxing Attacks Work

Posted on July 28, 2022October 2, 2022

Recently, news outlets reported threats to a U.S. Supreme Court justice. What began as a social media attack became potentially a physical assault. This type of attack is called “doxxing.” Doxxing is defined as publicly revealing previously private information about an individual or organization, usually via the internet.

Doxxing attacks often focus on a journalist or public figure–like a faculty member–over something they have written. An individual or group opposed to what’s published can severely disrupt the author’s life, and in extreme cases their safety is threatened. Doxxing frequently results in abusive phone calls and text messages, sometimes in conjunction with a social media campaign or series of emails designed to harass and intimidate the writer.

The first step to protecting yourself against doxxing is to find out what information about you is publicly available. Conduct online searches in multiple browsers (e.g., Google, Firefox, Safari) and find out what others can see. Then, request removal of private information you find listed on any website. Also, be careful what you share on social media, especially information that could be used to find you or your family, such as location data in photos or posts. The most important step is to secure all your accounts with strong passwords and multi-factor authentication whenever possible. Visit UF’s Information Security Office “Protect My…” webpage and learn more about keeping personal information private.

Learn the UF Risk Assessment Process

Posted on February 17, 2022October 2, 2022

UFIT is now offering integrated risk management (IRM) system training. The course focuses on the IRM process and responsibilities of system submitters, project owners, and the information security manager or technical contact listed on the assessment request. Log into myTraining and search for UF_ITT104_OLT to take the training.

Development of this training is in response to requests from information security managers and department staff who work with UFIT on risk assessments. The IRM training takes approximately 45 minutes to one hour to complete. Note that completing UF_ITT104_OLT will soon become mandatory in order to maintain either the UF_SEC_TECHCONTACT or UF_SEC_ISM security roles.

UFIT recommends all IT staff involved in university risk assessments take the training. For more information visit https://irm.ufl.edu/. Anyone with questions about the integrated risk management process may email the IRM team at irm-uf@ufl.edu.

Understanding Social Engineering

Posted on January 31, 2022January 31, 2022

Social engineering is the term for exploiting human psychology, rather than traditional hacking techniques, to gain access to buildings, systems, devices, or data. For example, a social engineer might call a UF phone number and pose as an IT support person, trying to trick the employee into divulging passwords. David Maurer in The Big Con writes of 1940s confidence [con] men and how they gained the trust of victims. It’s the same in the 2020s: social engineers want to seem believable whether by email, phone call, text, or in person–they gain the victim’s trust to get what they want. Two types of social engineering techniques are employment scams and tailgaiting:

1. Employment scams are plentiful, and many, if not most, students have received an email advertising a 10 hour per week campus job earning $350 per week. Think twice before clicking on the links in an email advertising a job you didn’t inquire about.
2. Tailgating is when someone enlists your help to gain unauthorized building access. An example is when a person with an armful of packages asks you to open the door with your UFID card since they can’t reach theirs. You naturally want to be helpful, but someone now has access they shouldn’t.

UFIT is launching an updated social engineering webpage this spring. In the meantime, if you suspect an email you receive in your GatorMail may be phishing, report it to abuse@ufl.edu. And remember, Gators…be aware of who you are letting access UF residence halls, academic buildings, and other secure campus spaces.