OIT responds to increased malware outbreaks

Photo Courtesy of Michael Reed

According to the Office of Information Technology’s (OIT) online service status earlier this week, there has been a “recent increase in malware outbreaks on campus.”

These outbreaks are mainly in the form of e-mails and they are something that OIT’s Information Security (IS) team hopes the community is aware of so that people know what to look out for.

“We’re always being bombarded and people are always trying to attack Georgia Tech at large,” said Jimmy Lummis, OIT Information Security Policy and Compliance Manager, as he spoke more about how often the campus community is targeted by malware.

Right now, the main attacks that have broken through the safeguards have been phishing scams. Phishing is defined by OIT as an “e-mail scam that attempts to obtain sensitive information from unsuspecting users.”

OIT is prepared for this almost-daily occurrence though.

“We have tools on campus to block phishing, malware and spam in general. Usually the tools are pretty good, but, like anything, they’re never perfect. So this just happens to be one that slipped through those protection tools,” Lummis said.

The source of these scams is unconfirmed right now, but as more malware is identified, the tools and software that are in place to combat it are updated to recognize and go on to systematically eradicate it from the system.

The main response is two-fold. OIT first informs the technical community, which responds to the threat, as well as the general public on campus to raise awareness. Once this is done and anti-malware software is able to identify the problems, it can be targeted and destroyed.

OIT then communicates back to their anti-malware and e-mail protection tool vendors to let them know about what’s been found so that they can update their system signatures as well.

Lummis explained how the biggest issue is educating students, faculty and staff in the Tech community who may come into contact with these scams on how to spot them and not fall for them in the first place. OIT believes education and prevention is the easiest way to stop future outbreaks on campus.

OIT also outlined five common ways in that phishing e-mails will try to trick users.

“The Old Fashioned Scam,” involves the sender making a direct request for personal information or money.

“The Fake Link,” involves a phishing message that contains a link that will take users to a fake website or one that downloads a virus directly to their computers.

“The Fake Website,” involves another type of fake link that will take users to a fake website asking for the sensitive information

“A Virus Attachment,” is something that can also come in these e-mails and may give the sender direct access to personal information on the user’s computer itself.

“Fake Contact Information,” may also come through phishing e-mails to attempt to gain a user’s trust so that they will follow up with a phone call to a number listed and provide personal information in this fashion.

The OIT IS team offers training and awareness sessions for any campus group that requests them and is constantly hoping to educate users proactively as to exactly what kind of phishing and malware they may run into, how to spot it and how to correctly respond to it.

As OIT outlined on their IS website, “The biggest thing to remember is that you should never share your login and password with anyone… for any reason… ever.”