Senate hears of ongoing cyber-challenges

Every day, Western firewalls turn back an average of 630,000 attempted cyber-attacks on the network – ranging from phishing attempts to brute force attacks that could otherwise compromise the university’s systems and accounts.

While they’re a lot fewer than the 778,000 daily attack attempts in 2017, it does suggest the extent to which Western is a target by would-be scammers and malicious hackers.

Colin Couchman, Director (Western Technology Services), said most attack attempts are automated, with the vast majority repelled through infrastructure and monitoring mechanisms in the firewall. “They hit our shield and then are repelled from the institution.”

The coming year includes plans to begin multi-factor authentication by users and a security-awareness training program for faculty, students and staff to help protect them and the institution from cyber-security threats.

University Senate received a report Friday from the Working Group on Information Security that detailed some of the steps taken to secure university accounts in the past year.

Western uses a tool that combines real-time analysis of security alerts and applications with security event management – both of which track and manage security information, Couchman said.

Many attacks look for system vulnerabilities and others are phishing attempts – spam emails that attempt to glean personal information from some of 40,000 or so email accounts. University systems detect and block more than 95 per cent of incoming spam messages, the equivalent of tens of millions per month, Couchman said.

Even so, nine people every day are taken in by phishing attempts. The attack usually means the institution has to disable the person’s account and change their passwords.

Couchman noted that number is below the industry average.

Some of these emails are obvious fakes ­– they often promise a percentage of ‘found’ foreign money in exchange for the receiver’s personal information or they even declare ‘this email is not spam.’ Others are more sophisticated, masking the sender’s real email address with a legitimate-sounding name or signature.

For example:

  • “I am contacting you on the basis that you would be wiling to help us. Of course you will also be generously rewarded for your efforts so it will be definitely worthy of your time. Please let me know if you are interested so that I can give you more details.” Clues this is a phishing attempt include promises reward/money for doing nothing, grammatical or spelling errors, and it comes from sender unknown to the user;
  • “UWO Email: Notification of Payment. Re: Refund Payment A refund payment has been processed to you. Attached is the transfer copy for your confirmation and digital signature. LOGON to complete …” This is a less obvious scam, Couchman continued, as it mimics a Western account. Important clues to its being a fake include a ‘reply-to’ address that doesn’t match the sender’s name, a link that doesn’t match Western’s domain name, unusual capitalizations and spellings; and a non-existent Western official named.

Another relatively recent tactic of scammers is sending an email threatening to expose embarrassing details of the recipients’ computer use and demanding immediate payment in bitcoin.

Couchman noted anyone unsure of an email’s legitimacy can check for samples of most recent attempts through WTS and can also check for recent official emails sent by WTS.

WTS recommends the university move to an institution-wide process that forces users to change their passwords at least annually.

It is also working to ensure age-worn passwords (older than five years old) are changed now, to reduce the chances they can be compromised. Passwords for about 9,000 accounts have been changed during the past 18 months.