October is Cybersecurity Awareness month! The month was originally created by the National Cyber Security Alliance and the Department of Homeland Security. Feel free to check out the events and resources listed below.
Giveaway: Win a $50 UCI Bookstore (“The Hill”) Gift Card!
Complete the quick security quiz and be entered into a drawing for one of three $50 UCI Bookstore (“The Hill”) gift cards! Winners will be picked at random at the end of the October and contacted through email. Participants must have a UCI Gmail account and can only enter in once. You do not have to get all the questions right in order to participate in the drawing and you must be UCI-affiliated to win. Quick Security Quiz Link
Events
Cal-CSIC Presentation – “Education Sector: Back-to-School for Cyber Criminals Too”
Description: The presentation will cover an introduction to Cal-CSIC, the current cyber threat landscape for the education sector for both K-12 and higher education, and go over some current threat trends with a part on mitigation.
Yu Chao is currently a Cyber Threat Warning Analyst with the California Cyber Security Integration Center (Cal-CSIC) embedded with the Los Angeles Joint Regional Intelligence Center (LAJRIC). In addition, he is a Cyber Threat Intelligence (CTI) analyst with the California Army National Guard’s (CAARNG) 171 Cyber Protection Team (CPT). Yu has over 19 years of experience in the military; bringing a wealth of knowledge from assignments focused on Signals Intelligence (SIGINT), all-source fusion analysis at various eschelons, to Emergency Management support through Defense Support of Civilian Operations (DSCA) operations. Yu holds a B.S. in Diplomacy and International Relations from Seton Hall University, and is currently pursuing a Masters In Cybersecurity Engineering at the University of San Diego.
FBI Presentation – “Cyber Threats and Trends in 2022”
Description: The presentation will cover significant cyber activity and trends, threat actors and their motivations, what the FBI’s role is, and ways to protect your business and yourself.
Supervisory Special Agent (SSA) Bryan Willett has been an FBI Special Agent for over 18 years. He has spent the majority of this time investigating cyber violations and has worked in two FBI field offices and at FBI Headquarters, Cyber Division. He is a licensed attorney and has earned several IT Security certifications, including the CISSP. He currently works in the FBI’s LA Field Office where he is the Supervisory Special Agent for FBILA’s Orange County based Cyber Squad.
Location: Parking Lot 12A near the Natural Sciences buildings
Properly disposing of e-waste is an important component of cybersecurity. Improper disposal, donation, or recycling of e-waste may inadvertently disclose sensitive information, which could be exploited by cyber criminals. Each of us is responsible for the security of information assets with which we work.
Much like e-waste, keeping paper records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is both a security and privacy risk. Good document hygiene includes shredding unnecessary paper and deleting e-records with sensitive information that is consistent with the UC University Records Management Program (BFB-RMP-1) and the UC Records Retention Schedule.
Southern California Shredding will be on campus to shred both paper and e-waste products on October 26.
Orange County DA Presentation – “You Are The Gatekeeper”
Description: The presentation will cover various types of cybercrimes handled by the DA’s office and how to identify and protect yourself from becoming a victim. It will also cover basic cryptocurrency tips to protect yourself from scammers and phishing attacks.
DDA DEBORAH KWON
Deborah Kwon has been serving the public as a criminal prosecutor since 2015. She graduated from the Pepperdine University School of Law with a certificate in Criminal Law. She is also certified in Alternate Dispute Resolution by the Straus Institute for Dispute Resolution. Deborah started her career as a Deputy District Attorney at the Tulare County District Attorney’s Office, where she handled countless cases involving serious and violent crimes. In Tulare, she specialized in prosecuting child abuse, animal abuse, sex offender registration failures, gangs, and crimes against peace officers. In 2018, she transferred to the Orange County District Attorney’s Office, where she continued to handle serious and violent crimes. She is currently in the Major Fraud Unit, specializing in Cryptocurrency fraud. Deborah is currently working with various branches of law enforcement to develop the investigative infrastructure to handle matters involving blockchain technology, non-fungible tokens, and all things metaverse.
DDA ANTHONY SCHLEHNER
Anthony Schlehner has been a Deputy District Attorney since 2013 and has devoted his entire career to being a criminal prosecutor. After graduating as his law school’s valedictorian and joining the California bar, he immediately began working for the Orange County District Attorney’s office where he is now part of the Major Fraud Unit specializing in Cyber Crime and Fraud. Throughout his career, he has prosecuted serious and violent felonies, domestic violence, gang crimes, identify theft, narcotics, real estate fraud, and numerous other areas of criminal activity. Anthony is a member of the International Association of Financial Crimes Investigators and is currently working with branches of local law enforcement and the Federal government to develop investigative tactics relating to cryptocurrency fraud.
Use Multi-factor (Two-factor) authentication for your online accounts. This method uses two or more factors for authentication and includes but is not limited to: Something You Have, Something You Know, and something You Are.
Create a long and different password for each online account with a minimum of 8 characters. Use a mixture of different sets of characters and use a password management tool to help store passwords.
Look out for phishing/email scams asking for your information. Some senders may masquerade as someone you know or a legitimate organization. Their aim may be to acquire personal or financial information among other items.
Be sure to automatically backup your data and apply the latest security patches. Doing so will keep your software current and helps to address security vulnerabilities.
Enable session timeouts and lock screens with strong passwords to keep other people from accessing your data if you’re away from your device. This will help to keep your data from being changed by a malicious individual and/or seen by those without the correct clearance.
On 12/9/2021, a critical vulnerability was reported in a widely used Java software called Log4j. Log4j is not an application itself, but a software component commonly used by many commercial, open-source, and UCI-developed applications. The following morning an alert with recommendations was sent to IT Leadership and Unit Information Security Leads across campus.
Impact
Any system using vulnerable versions of Log4j can be remotely exploited by an attacker without requiring a login. The exploit can result in the entire system being taken over and controlled by the attacker, data copied and/or deleted, ransomware installed, other accounts compromised, backdoors installed, and used to pivot to additional systems on the network.
Action Required
Product owners and IT staff on campus should identify and patch software within their units that are vulnerable to this Log4j exploit as soon as possible. This may involve reaching out to your commercial software suppliers, open-source software projects, and/or UCI software developers to check for applications using a vulnerable Log4j component and update them appropriately. More technical details in the FAQ section below.
Currently Log4j 2.17.1 is the most secure version to use. However, keep checking this page regularly as reviews of the software continue and new issues may be discovered requiring another upgrade.
Is Log4j 1.x also vulnerable?
CVE-2021-4104 involves an untrusted deserialization flaw affecting Log4j version 1.2. This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2.x as it addresses numerous other issues from the previous versions. The impact to confidentiality, integrity and availability is high, but the attack complexity is much higher for a successful exploitation as it requires a non-default configuration.
How do I know if my system is affected?
Contact your supplier for purchased software or check project websites for open-source software.
Scanning the network with multiple tools to identify vulnerable systems and notify owners. Note: we cannot rely solely on the results of these automated scans to act upon due to the wide array of software on our network and unique scenarios each can be exploited by this vulnerability.
Blocking known bad IP addresses from the Internet who are attempting this exploit on other systems. Note: we cannot rely solely on these lists as bad actors keep changing.
Monitoring network activity using signatures to detect and block exploit attempts from the Internet. Note: we cannot rely solely on this protection as much of this activity is encrypted using HTTPS and invisible to our monitoring tools.
Updating all OIT services that are using vulnerable Log4j components.
Reporting the existence of vulnerable Log4j files on systems of managed clients. Note: existence of these files alone may not lead directly to an exploit, however they can be a clue to where they are used in a vulnerable application and good practice to cleanup anyway.
Collaborating with other UC locations, sharing information, and checking for malicious activity reported by other institutions.
What if OIT determines my system is exploitable before I can fix it?
OIT Security will do its best to contact the owner of the system as a warning, however due to the urgency of the risk to campus and the long holiday break, a system that is at risk of exploit will be blocked from the network until it can be fixed.
Where can I find additional resources to learn more?
October is Cybersecurity Awareness month! The month was originally created by the National Cyber Security Alliance and the Department of Homeland Security. Participate in the drawing, attend the events, or spread the word to celebrate.
Giveaway: Win a $25 Amazon Gift Card!
Complete the quick security quiz and be entered into a drawing for one of four $25 Amazon gift cards! Winners will be picked at random at the end of the October and contacted through email. Participants must have a UCI Gmail account and can only enter in once. You do not have to get all the questions right in order to participate in the drawing and you must be UCI-affiliated to win. Quick Security Quiz Link
Events
FBI Presentation: Cyber Threatscape
Date: October 26th, 2021 @ 11am
Description: Understanding what the cyber threats are to UCI Faculty and Students. The FBI will share their perspectives on the cyber threat landscape, and will provide tips to protect themselves from these threats.
Supervisory Special Agent (SSA) Michael Sohn is currently leading a squad at the FBI Los Angeles Field Division that is responsible for investigating computer and high-technology crimes. His investigative experience includes cyber terrorism, nation-state and criminal cyber intrusion matters. Prior to his employment with the FBI, he worked as a Cyber Counterintelligence Officer for the Department of the Army, a Counter Terrorism officer for the Defense Intelligence Agency, a consultant at Booz Allen Hamilton and a U.S. Army Officer. Mr. Sohn received a Bachelor of Science in Computer Science from the United States Military Academy, West Point and a Master of Science in Computer Information Systems from Boston University, Boston.
Location: Parking Lot 12A near the Natural Sciences buildings
Properly disposing of e-waste is an important component of cybersecurity. Improper disposal, donation, or recycling of e-waste may inadvertently disclose sensitive information, which could be exploited by cyber criminals. Each of us is responsible for the security of information assets with which we work.
Much like e-waste, keeping paper records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is both a security and privacy risk. Good document hygiene includes shredding unnecessary paper and deleting e-records with sensitive information that is consistent with the UC University Records Management Program (BFB-RMP-1) and the UC Records Retention Schedule.
Use Multi-factor (Two-factor) authentication for your online accounts. This method uses two or more factors for authentication and includes but is not limited to: Something You Have, Something You Know, and something You Are.
Create a long and different password for each online account with a minimum of 8 characters. Use a mixture of different sets of characters and use a password management tool to help store passwords.
Be sure to automatically backup your data and apply the latest security patches. Doing so will keep your software current and helps to address security vulnerabilities.
Look out for phishing/email scams asking for your information. Some senders may masquerade as someone you know or a legitimate organization. Their aim may be to acquire personal or financial information among other items.
Complete this bingo card and turn into the Help Desk at Aldrich Hall 115 by January 11th, 2019 at 5pm to be entered into a drawing. There are three different ways to play (see below). Each drawing will have a different prize based on the complexity of the bingo type. Every individual who turns in a bingo card will receive a small security gift.
Three Ways to Play: (Put a mark on each task when completed)
Four Corners – Complete each task in each of the four corners of this bingo card.
Inside Square – Complete each task within the inside square of this bingo card.
Black Out – Complete every task on this bingo card.
Recently-published research articles have demonstrated a new class of vulnerabilities (dubbed “Meltdown” and “Spectre”) that exist in most modern computer processors. At best, the vulnerabilities could be leveraged by malware and hackers to more easily exploit other security bugs. At worst, they could be abused by programs and logged-in users to read the contents of your computer’s memory (such as passwords).
You should be aware of these attacks because your computer is probably affected, but there is no need for alarm. This is a technical issue that will be addressed as software and operating system providers release updates which can then be installed on your computer.
Recommendations
The best protection from the new vulnerabilities is continuing to maintain good security practices – especially to ensure your operating system, browser, and antivirus software are kept up to date with the latest vendor software patches.
Specifically:
Patch your operating systems, browsers, and other software
Be aware of the effect of your anti-virus product. This type of software may cause problems with Windows updates – you may need an anti-virus update before installing Windows patches.
IMPORTANT NOTE: If you are not running a Microsoft supported anti-virus, the Windows patch may need to be manually enabled. Please contact your local IT support for help.
