COVID-19 has altered the way we work and study across the world and Sheffield Hallam is no exception to that. This change has brought a number of challenges and risks that have meant adjustments for everyone.
We’ve had to make rapid changes to our University IT infrastructure which was primarily geared to on-site delivery of systems, services and data with a much smaller need for people to use it for working, teaching and studying remotely. Staff and students’ own home Internet Service Providers are also juggling a large increase in sustained demand through the working day (https://www.bbc.co.uk/news/technology-52448607)
Some of the University’s services are cloud-based which means we’re dependent on their providers to resolve any issues and notify us about interruptions to service. Online meeting services like Zoom and WebEx have surges in use at certain times which can affect connection.
The move to remote working has also increased certain risks. The University has protections in place from phishing and malicious websites or downloads but we’ve had to put considerably more resource into responding to the big spikes in phishing threats and frequent Distributed Denial of Service (DDOS) attacks which we’ve been seeing at the University. This isn’t just a Sheffield Hallam issue – Kaspersky (a global cybersecurity provider) reported almost a doubling in DDOS attacks in January – March this year compared to October – December 2019, with certain sectors being specifically targeted (e.g. local government and education https://usa.kaspersky.com/about/press-releases/2020_ddos-during-the-covid-19-pandemic-attacks-on-educational-and-municipal-websites).
All these factors make availability of IT services and access for remote working a difficult balancing act and the University is working hard with our partners and suppliers to minimise their impact.
What is Sheffield Hallam doing to address these issues ?
We’ve moved quickly to expand the availability of remote desktops and VPN connections (which offer increased security and a better connection) and are working to increase the availability of cloud-based labs and other facilities.
Our Security team is working with our own internet service provider (JISC) to put special protective measures in place which safeguard our systems and block DDOS attacks which are particularly prevalent at the moment.
We are also creating guidance for staff who are having connection issues – whether it’s problems with their own equipment and broadband or difficulties authenticating to Sheffield Hallam services and systems.
We understand that these issues can be irritating. Please bear with us as we look at ways to help improve your online experience and make the move, like you, to a totally different way of working.
You may have heard news about issues with the latest Mac OS operating system, High Sierra. At Sheffield Hallam, Digital Technology Services has been recommending that staff do not update University Macs to the new operating system and no University owned Macs that students use have the new operating system installed. If you own an Apple Mac yourself, you should take advice from Apple about how to handle this.
Western Intelligence services have lost control of a number of ‘cyber weapons’. These are essentially toolkits built around one or more vulnerabilities that the intelligence services have discovered but not disclosed to vendors.
The recent WannaCry ransomware which had such devastating effect on the NHS and around the world made use of one such undisclosed vulnerability.
These ‘cyber weapons’ are crafted exploits available across multiple operating systems (Windows, Apple, Linux) and devices (Android, iPhones, Windows phones).
As a result, the threat environment at the moment is very high and system vendors and security companies are working hard to understand the vulnerabilities and provide fixes or protection. Users need to ensure systems are patched or security products installed in order to benefit from this protection and reduce their risk.
Additionally two further attacks have shown disturbing developments.
- UCL was suffered a ransomware attack on 15th June this year that investigation showed was initiated by users browsing a site that was running malicious advertising. The attack itself was initiated via an advert that not only made use of a ‘zero-day exploit’ (a vulnerability not known to vendors and therefore not fixed or protected against) but didn’t require the user to click on anything. Around a dozen computers were infected which resulted in the IT department shutting down all network drives in order to contain and eradicate the infection.
- A further ransomware attack called NotPetya appeared on the 27th June. It made use of the same WannaCry vulnerability in addition to several others. This attack is remarkable because it appears the hackers had no intention of decrypting any of the machines that had been infected. Even those users who dutifully paid $300 received nothing in return.
In this environment it becomes incredibly important that organisations and users take time to ensure their systems are properly protected:
- Always ensure your machines and devices are upgraded regularly. All major Operating System manufacturers offer automatic updates and this feature should be turned on.
- Computers and devices should have some form of anti-virus/anti-malware or internet security suite installed.
- Install ad blockers where possible on all browsers (for more advanced users, look into script blocking add-ons)
- Don’t use an administrator login as your normal login, create a separate user with normal rights and use that for your day to day use. The more rights your account has, the more damage can be done if it is compromised.
- Be vigilant and don’t fall for unsolicited attempts to get you to click links, open attachments or perform some other action (especially where there’s an implied or explicit threat or reward)
- Ensure backups are taken of your most important files. This should be either on a separate system or, preferably, on removable storage.
A particularly nasty phishing scam is currently circulating using an infected PDF attachment to take victims to a fake gmail sign-in page. Once the user has signed in the scam is then sent to other gmail users with information from the sent items folder. This means the phishing attacks can look very convincing with realistic subject lines and appearing to come from known contacts.
Once the hackers have access to your account they may be able to use your personal details and password on other services you use. You can avoid being targeted by enabling two-factor authentication. To check whether the log in page is genuine, look out for the prefix ‘data:text/html’ in the browser location bar, which indicates that you are being directed to an illegitimate web page. The real log in page should start https://accounts.google.com/ServiceLogin
