On Monday, May 15, Information Technology Services (ITS) scanned the K-State network for the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017. More than 560 Windows systems did not have the patch, which made them vulnerable to the WannaCry Ransomware. This malware, and its variants, infect systems, encrypt all files, and then require a ransom to “unlock” the files.
ITS and campus system administrators immediately began applying the patch. Within a week, the number of vulnerable systems was reduced to about 80, which were blocked from the K-State network until the patch was applied.
The focus now is on reducing/eliminating unpatched University-owned systems and unpatched systems using the VPN to tunnel into campus. This will minimize the negative impact if a system is brought onto campus, becomes infected, and spreads the malware. ITS will continue to scan the network and block machines.
If you need assistance contact your technical support staff or the IT Help Desk 785-532-7722.
On May 15, initial scanning of the K-State network for the WannaCry Ransomware threat identified over 560 vulnerable Windows systems. In collaboration with system administrators from across campus, there are now fewer than 100 vulnerable systems.
However, K-State continues to be at risk for infection due to vulnerable Windows systems. As of 5:00 p.m. May 25, vulnerable Windows systems were blocked from the K-State network as per University policy
Faculty, staff, and students who use those systems will NOT be able to access the network (wireless, email, Library databases, HRIS, shared drives, etc.) until their systems are patched and complete a security scan. Guests coming to campus also need to have their computers updated and patched.
Information Technology Services thanks system administrators for their quick response and assistance to protect against this vulnerability. For questions about the vulnerability, contact the IT Help Desk at 785-532-7722.
Hosting guests on campus? Inform them about the ransomware vulnerability, WannaCry, and ask them to have the latest software updates applied on their computers.
K-State continues to monitor the network for the ransomware campaign referred to as WannaCry. Unpatched machines, or computers without the latest security updates, coming onto campus are a risk to our network. This is especially concerning with the number of conferences, camps and orientation occurring on campus during the summer months. Therefore, all computers running the Microsoft Windows operating system must have the latest updates applied.
The specific Microsoft update is MS17-010 SMB vulnerability dated March 14, 2017.
Throughout the summer, the network will be scanned daily. Machines without the updates are subject to being blocked.
Guests can contact the IT Help Desk for assistance at 785-532-7722 or firstname.lastname@example.org.
To ensure that your computer is patched to mitigate the WannaCry Ransomware threat and other vulnerabilities, K-Staters on and off campus can set their computers to automatically apply the updates. Information on how to update your computer is available from K-State’s Software Update Service for Windows. K-Staters are encouraged to periodically restart their systems to complete the installation of system updates.
If you need assistance applying the patch, please talk to your technical support person or the IT Help Desk at 785-532-7722.
During this time of the semester, K-State gets hit hard with email scams. There have been 190 scams reported since Sunday resulting in 75 compromised accounts.
What can you do?
Stop and think before you click. YOU are the best defense against these scammers.
If something looks suspicious, do not click on the link. Period. You stop the scammers right in their shoes.
Be really suspicious of emails in your junk folder. Normally, it’s in the junk folder for a reason. When in doubt, throw it out! Continue reading “190 scams and 75 compromised accounts since Sunday!”
by Information Technology Services
CrashPlan, an alternative to traditional computer backups, is available by subscription for faculty and staff. CrashPlan will back up files on your workstation, laptop or desktop computer in a continuous, invisible, uninterrupted manner, and send you a periodic report of the status of your backup. CrashPlan encrypts your data, and then backs the data up to the cloud. Continue reading “CrashPlan subscriptions available for faculty and staff”
According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen.
At K-State during 2016, 2655 phishing scams were reported resulting in 1213 compromised accounts.
Online fraud is an ongoing risk. The following tips can help you prevent identity theft.
Continue reading “IT Security Awareness: Protect yourself and your identity”
by Information Technology Services
On Thursday, March 9, a critical exploit was executed around the world that enabled hackers to take control of web servers. At K-State, the software used to manage the Undergraduate Admissions and Scholarship Application and the Axio LMS (which is in limited use) was attacked. Within an hour of the exploit being known to the world, Information Technology Services (ITS) had an initial block of the attacks in place. Continue reading “K-State stops critical attack on software”
Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.
A few K-State stats:
- In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
- In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!
What does this tell us?
You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!
Learn how to identify phishing scams and don’t give your credentials up to these criminals.
Continue reading “Learn what it takes to refuse the phishing bait!”
You exist in digital form all over the Internet. It is important to ensure that the digital you matches what you are intending to share. It is also critical to guard your privacy — not only to avoid embarrassment but also to protect your identity and finances!
Following are specific steps you can take to protect your online information, identity, and privacy. Continue reading “IT Security Awareness: Keep what’s private, private”