Here is Part Two of Week One’s content for Cyber Security Awareness Month. This short security related story is about security incidents. If you haven’t already entered the Week One quiz to win a £25 Amazon voucher, see the details on how to enter at the bottom of the post.

It happened a few days ago. Still, Peter hadn’t told anyone.

As he was sitting in his meeting, he couldn’t stop thinking about it.

“Should I say something? People will judge me. They’ll avoid me. They’ll know.”

So Peter didn’t say a word.

Everyone at his company was affected. And most of his friends. And his friends’ friends, too.

Eventually, 10% of the world’s internet-connected computers were compromised.

 

What happened to Peter?

Peter received an email with the subject line ILOVEYOU. He opened the attached love letter. This started the malware’s spread.

What’s malware, you might ask?

Malware is malicious software. It’s computer code that can crash devices. It can also steal data, passwords, browsing history and money.

Malware can also lock and delete personal files – which is one of the ways the “ILOVEYOU” malware hurt Peter and its other victims.

After overwriting files, it emailed itself to everyone in Peter’s contact list.

In total, ILOVEYOU caused more than US$15 billion of damage. It left company reputations in tatters.

Bonus content: Six types of malware

Viruses – Viruses attach themselves to normal files. They run when the file is opened. Viruses rely on people sharing infected files to spread.

Worms – Worms are like viruses, but they spread without any human interaction. The most dangerous types replicate across networks. ILOVEYOU was a worm – which is how it affected so many people.

Trojans – Trojans don’t harbour bloodthirsty Ancient Greeks! But they are brutal. Trojans usually open “backdoors” into computers and networks, granting criminals remote access.

Ransomware – Ransomware is worm-like malware that restricts access to files or systems. It then demands victims pay a ransom to regain access. Paying the ransom doesn’t always overcome the infection. Access may be lost forever.

Spyware – Spyware lets criminals spy. It can track what you’re viewing and what you’re typing. Spyware can even turn on webcams and modify security settings.

Grayware – Grayware is software that sits in the “gray” area between malware and software. Think unwanted browser extensions and pop-up ads. Infections pose little direct threat, but they can trigger spontaneous fits of rage.

 

Was ILOVEYOU avoidable?

It’s unlikely.

But Peter knew about ILOVEYOU early. He could have slowed the spread and reduced the damage it caused.

We can all reduce the impact of malware. It starts with taking responsibility: to prevent, to detect, and to report.

 

Preventing

Verify emails

If you receive an unexpected email, and you are uneasy about doing something as a result, verify.

Verify by calling back the person you think the message is from. Do so using known contact details.

 

Check where links lead before clicking

To see the true destination of a link, hover over the link with your mouse (or press and hold on a mobile/tablet).

Try it: hover over this link google.com.

Some links will be disguised or shortened, like this http://bit.ly/2IINosJ.

Hovering won’t reveal their destination. Instead, search for the link using a reliable search engine.

Pro Tip

Found a suspicious site or receive a suspicious email? Report it on the NCSC website and to your IT department.

Show (and check) file extensions

Attachments can contain malware – that’s how Peter’s nightmare started. Some file types are more likely to contain malware than others.

Image description

The image above is a screenshot of an email which contains an attachment with the file extension ‘.vbs’, this attachment is supposedly a love letter.

File extensions are the last three, four or five letters after a filename, like “essay.docx”.

They make dangerous files easier to spot.

File extensions aren’t always displayed by default. If you use a personal device for work, turning on the “Show file extensions” setting will help you to spot dangerous files.

 

What type of files are dangerous?

All files have the potential to be dangerous. Some are more dangerous than others:

Action files: Files that end with .exe, .vbs or .scr all perform actions when opened or downloaded. They often carry malware.

Macros: Macro-enabled Microsoft Office files can also contain malware. They have an ‘m’ in their file extensions, like “proposal.docm”.

Pro Tip

Microsoft Office will sometimes ask to “Enable macros” or “Turn off protected view”. Doing so can run a series of pre-programmed actions. It’s risky!

Vigilant professionals only open or interact with files they are expecting, and if they know the sender.

Ask for help if you’re ever unsure.

Bonus content: File types

More dangerous:

• Executable – .exe
• Screensaver – .scr
• Visual basic script – .vbs
• MS Word (macro-enabled) – .docxm .docm
• MS Powerpoint (macro-enabled) – .pptxm .pptm
• MS Excel (macro-enabled) – .xlsxm .xlsm

Less dangerous:

• PDF – .pdf .fdf .xfdf
• Image – .jpeg .jpg .png .gif .jp2 .jpx .tif .tiff
• Video – .avi .flv .wmv .mov .mp4
• MS Word (no macros) – .docx .doc
• MS Powerpoint (no macros) – .pptx .ppt
• MS Excel  (no macros) – .xlsx .xls
  

Isolate devices

Malware spreads when devices connect.

Plugging unknown or unauthorised devices into work equipment increases risk. This includes charging cables, USB sticks etc. They can be adapted to carry malware, too.

Refraining from plugging in unauthorised devices – and only charging devices from power sockets – reduces risk.

 

Download apps safely

Malware can be hidden in useful-looking apps. The apps behave like the real thing while stealing data in the background.

Always download apps from reputable sites like the Apple app store or Google Play. Check reviews before downloading.

Work related software can be downloaded from the UCL Software Database: https://swdb.ucl.ac.uk/

 

Heed security warnings

Security warnings are the messages displayed by browsers before they allow access to dangerous sites.

Security warnings can be overridden. Doing so is a risk and potentially a breach of policy.

If security warnings restrict access to sites needed for work, letting someone know is the best thing to do (Line manager, IT Team or Security Team). It’s safer and, long-term, will help others in your organisation too.

 

Detecting

The following can be signs of malware infection:

• People report receiving spam from your email address.
• New icons appear on your desktop or in your web browser.
• Pop-ups appear or programs start running on their own.
• Messages tell you an unknown program is trying to access the internet.
• Your device is unusually slow or crashes at random intervals.

 

A special mention: Ransomware

Ransomware is worm-like malware that restricts access to files or systems. It then demands victims pay a ransom to regain access. Paying the ransom doesn’t always overcome the infection. Access may be lost forever.

It’s the most destructive and prolific form of malware.

If a device has been infected with ransomware, you’ll likely see a message similar to this:

Image description

A large red pop-up containing a ransom note

If you do see a message like this, acting quickly is your chance to make a difference.

 

Reporting

Reporting security incidents protects organisations from criminals. Still, not all security incidents are reported.

Often it’s because people feel responsible, like Peter. Peter chose not to report so as not to bring attention to himself.

It’s okay to make mistakes. It’s not okay to hide them.

In reality, reporting a security incident is more like a “good catch”. Something happens. You notice it. You report it. Good catch.

Security related incidents should be reported to the UCL Information Security Group via https://myservices.ucl.ac.uk/

Week One Quiz

For the chance to win a £25 Amazon voucher answer the following question:

Q: What percentage of identity thieves use social media to access the personal information of victims?

Please send your answers to ISG via https://myservices.ucl.ac.uk/self-service/requests/new/provide_description?from=wizard&service_id=1296&service_instance_id=3679&support_domain=myservices-isg – use the subject line Cyber Security Awareness Month Quiz Entry – Week One.

Hint: The answer is in Week One (Part One) – see below.

Cyber Security Awareness Month – Week One (Part One)

If you haven’t already read Week One (Part One), you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/03/cyber-security-awareness-month-week-one-part-1/

Thanks to CybSafe for providing the content for this blog post!

It is that time of year again, where we remind ourselves of the importance of information security in both our personal lives and at work. We are doing things a little differently this year, we will be providing a series of security related short stories using content from CybSafe, there will be two each week. We will still be running the weekly quiz to win a £25 Amazon voucher so make sure you read all the way to the end!

Are you really a target?

Week One Quiz

For the chance to win a £25 Amazon voucher answer the following question:

Q: What percentage of identity thieves use social media to access the personal information of victims?

Please send your answers to ISG via https://myservices.ucl.ac.uk/self-service/requests/new/provide_description?from=wizard&service_id=1296&service_instance_id=3679&support_domain=myservices-isg – use the subject line Cyber Security Awareness Month Quiz Entry – Week One.

Cyber Security Awareness Month – Week One (Part Two)

If you haven’t already read Week One (Part Two), you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/04/cyber-security-awareness-month-week-one-part-two/

Thanks to CybSafe for providing the content for this blog post!

Do you know someone who deserves recognition for their support in making UCL a more secure place to study and work? If you do, please nominate them for a UCL Cyber Security and Data Protection Award.

The awards recognise the above and beyond work that our staff and students do to help keep UCL safe and secure.

Award Categories:

• Above and Beyond Award – An individual who has gone out of their way to be helpful or proactive in a cyber security activity.
• Keeping UCL Safe Award – An individual who has made a difference to the cyber safety of UCL.
• Departmental Award for good security citizenship – An individual who has been a good cyber security citizen and role model.
• Data Protection Award – An individual who has gone above and beyond to develop how UCL protects personal data.
• Annual CISO Research Collaboration Award – For the academic or researcher who has done exceptional work in bridging the research to practitioner gap.

How to make a nomination:

Please contact the UCL Information Security Group to make a nomination: isg@ucl.ac.uk. Include your reasons for nominating and the category.

The deadline for submissions is the 30th May.

The awards ceremony will take place as part of the UCL Cyber Security and Data Protection showcase event in June and will be presented by the Provost. This is an invite only event, award winners will be contacted in advance with an invitation for the event.

In the realm of online security, one major threat that every institution and person should be wary of is the threat of downloading malware that is presented to look legitimate. This attack vector of using malware to look (and often even act) like wanted software is common enough to even have a name – this type of malware is known as a Trojan. Oftentimes, incidents involving Trojans underscore how skilled hackers can be at presenting their software as the correct software for installation, and without the right knowledge, it can often be hard to distinguish what is the difference between wanted and unwanted software. This blog aims to give some easy ways to protect against unwanted software.

There are a few factors and red flags to be aware of, when downloading software.

• Sponsored search results do not always mean safe search results: It is commonly believed that sponsored search results will be safer than any other search result. However, cybercriminals often invest in those spots to give their code a stronger veneer of legitimacy; sponsored results, therefore, should be treated with the same caution as any other result. For example, shown in here is a malicious sponsored add for software called Trello:

• There may be misleading download buttons on web pages: When downloading software, it can be the case that there seem to be multiple download buttons, each of which leads to a different download. This is a red flag, that should lead to questioning the veracity of the site.
• The importance of checking the URL for authenticity: A URL can provide clues about the legitimacy of a site. Be wary that the URL does not contain misspellings of well-known sites (such as appl.com instead of apple.com), or that use uncommon top-level domains (instead of the usual .com, .co.uk, etc.). Cybercriminals often use misspelt URLs to host their malicious code.
• There can be unprofessional website design and poor grammar: Legitimate companies will put effort into maintaining a professional and polished website. If a site contains spelling mistakes and poor grammar, it could very easily be a site designed to distribute malicious software. However, many malicious sites maintain a professional veneer, too.
• Unrealistic promises or too-good-to-be-true offers: If you find a site that promises a piece of software for a severely reduced price than elsewhere, or that has amazing features for a low cost or free, it’s worth investigating further. Hackers often try to entice you to download their software by creating very enticing offers that would be impossible to match elsewhere.

On top of this, there are easy ways to minimize the risks involved in downloading third party software, above and beyond having a vigilant eye. The following steps will help you defend against any Trojan viruses:

• Download software directly from the official source where possible: Whenever possible, download any software you need from the official sources and vendors (such as downloading Microsoft Office from the official Microsoft page, for example). You can download a lot of software from the UCL software database: https://swdb.ucl.ac.uk/.
• Research the software through reputable sites: Before downloading any software, be sure to research it on reputable technology review sites and forums. These platforms often can help you decide on what software is best to use, and help you avoid bogus software.

By keeping these points in mind, you will be able to decrease the risk in your online life, and keep your devices secure.

In response to the need to safeguard yourself and UCL from ever increasing threats, the Information Security Group is rolling out their staff information security training to students.

A crucial aspect of cybersecurity is not just the technology we use but also how we interact with it. As technology evolves, the primary challenge often lies in training our ability to recognize the more nuanced signs of potential threats. Enhancing awareness and understanding of common cyber threats is, therefore, the easiest way to safeguard yourself and your friends online.

The training is delivered by a third-party company called CybSafe. You should all receive an email from donotreply@cybsafe.com, inviting you to join their platform. The modules are designed to help you detect threats in your day-to-day life, as well as when you interact with UCL systems, ensuring the safety of both you and UCL.

You can find the training here, where you will be able to log in with your normal UCL credentials:

https://app.cybsafe.com/sso-login/ucl/

If you have any questions about the training or security in general, please feel free to reach out to us at isg@ucl.ac.uk. We are here to address any concerns and help bolster our collective cybersecurity defences.

In the digital age, QR codes have emerged as a convenient tool for quickly accessing information with just a scan – whether it’s viewing a restaurant’s menu, connecting to Wi-Fi, or making a quick payment. Since the world went contactless over the pandemic, many of us will have had experiences of using them. Yet QR codes can just as easily be used by scammers for hostile purposes. These attacks can be simple enough, consisting of placing a QR code in a public place, such as on posters advertising products or placed in seemingly random areas to pique your curiosity. Instead, though, the code will direct you to a malicious link. 

So what makes QR code scams so effective? 

1. Curiosity: An intriguing QR code left in a public place can easily attract someone’s attention, either by presenting itself as an advertisement, or placed without any context to pique someone’s curiosity. 

1. Unassuming: Unlike traditional phishing emails or messages, QR codes are faceless. A person can easily have seen enough phishing emails to know how to spot one, but QR codes are a far newer phenomenon, and give away far less information on the surface. This can also make them appear less threatening, not having enough details to arouse suspicion. 

1. Immediacy: Scanning a QR code takes mere seconds, giving individuals less time to think critically about the action they’re taking. 

Fortunately, there are ways to safeguard yourself against QR code scams: 

1. Be Sceptical: Always think twice before scanning a QR code from an unknown source. Even from a source that seems safe (such as a QR code on a parking meter) can be a fake code placed over the real one. 

1. Preview the Link: Some smartphones and QR code reader apps offer a feature that allows you to preview the URL before it opens. You can use it to see if the link looks suspicious, which should help you determine if it’s malicious or not. 

1. Keep Software Updated: Always ensure your mobile operating system and security software are up-to-date, as updates often include fixes for newly discovered vulnerabilities, making your device more resistant to any malware. 

1. Report Suspicious Codes: If you encounter a suspicious QR code, report it to local authorities to prevent others from falling victim to the scam. 

QR codes have simplified many aspects of our life, but as with any technology, they come with risks. By being vigilant and taking appropriate precautions, you can enjoy the benefits of QR codes without falling prey to the hidden dangers. 

It’s the fourth and final week of Cyber Security Awareness Month. This week is all about updating your software. It’s an easy one to forget or to put at the bottom of your To Do list, but it’s an important one as it provides an easy gateway for malicious attackers to get in and compromise your computer. Don’t forget to enter the week four quiz for your last chance to win a £25 Amazon voucher.

Software Updates

• Tip: If you connect it, protect it. Outsmart cyber criminals by regularly updating your software.
• Any device that connects to the internet is vulnerable to risks. The best defence is to keep device security software, web browsers, operating systems and applications up to date. Turn on auto-updates!
• All those update alerts from your software are important to install! Not only do they fix things that might be buggy, but they also patch up any security flaws.
• Pay attention to software update alerts and set your software to auto-update–it’s an easy way to keep things safe. Set it and forget it!
• Outsmart cyber threats! Hackers are always looking for vulnerabilities to exploit. Stay ahead by enabling automatic software updates. Stay safe, stay updated!
• The power of timely updates! Automatic software updates work silently to protect your devices. Say goodbye to outdated software and embrace the power of the latest features, enhanced performance, and tightened security.

Recap of topics covered in this Cyber Security Awareness Month – 4 simple ways to keep your online life more secure:

1. Use strong passwords and download a password manager
2. Turn on multi-factor authentication
3. Recognise and report phishing and
4. Update your software. 

Cybersecurity is everyone’s job – including yours. We all have a role to play in keeping our interconnected world safer and more resilient for everyone.

Remember to complete your CybSafe training

A quick reminder that if you haven’t completed your CybSafe training, please do so here:

https://app.cybsafe.com/sso-login/ucl/

The training can now also be found on InsideUCL: https://app.ucl.ac.uk/InsideUCL/

CybSafe contains a wealth of knowledge including a news feed, a knowledge base and the ability to share videos with friends and family.

Week Four Quiz

Be in with a chance to win a £25 Amazon voucher by answering the question below:

Q: What four things do you need to keep up-to-date?

Please send your entries to isg@ucl.ac.uk with the subject line: CSAM Week Four. The quiz is only open to UCL staff and students who enter using their UCL email address.

For more information on how to protect yourself, your friends and your family see: https://staysafeonline.org

Passwords and Password Managers

It’s week three already! This week is all about passwords and password managers and how important it is to take care to create strong passwords and use password managers to help you store them securely. Also, don’t forget to enter the week three quiz to be in with a chance to win a £25 Amazon voucher.

• Did you know the average person has more than 100 passwords at any given time? Here’s an easy tip: a Password Manager can help you create strong, unique passwords for each account.
• No matter the account, all passwords should be created with these 3 words in mind: Long, Unique (never reuse passwords) and Complex (a combination of upper- and lower-case letters, numbers, and special characters).
• What are some of the advantages of a password manager? They…
  • Save time
  • Generate strong passwords
  • Identify weak passwords

• Organize your ever-growing list of online accounts with a password manager. They can manage all your online credentials like usernames and passwords, storing them in a safe, encrypted database and generating new ones when needed.
• Lock it up! Strong passwords are your first line of defense against cyber threats. Don’t settle for weak combinations. Create unique and complex passwords for each account and consider using a password manager for added convenience and security.
• Avoid common password pitfalls! Hackers love easy targets, so don’t make it easy for them. Say no to password123 or QWERTY. Opt for unique and complex passwords – let a password manager do the heavy lifting for you. It’s time to level up your security.

Reminder to complete CybSafe training

A quick reminder that if you haven’t completed your CybSafe training, please do so here:

https://app.cybsafe.com/sso-login/ucl/

The training can now also be found on InsideUCL: https://app.ucl.ac.uk/InsideUCL/

Week Three Quiz

Be in with a chance to win a £25 Amazon voucher by answering the question below:

Q: What three words should you keep in mind when creating passwords?

Please send your entries to isg@ucl.ac.uk with the subject line: CSAM Week Three. The quiz is only open to UCL staff and students who enter using their UCL email address.

For more information on how to protect yourself, your friends and your family see: https://staysafeonline.org

Week Two: Phishing

The topic for week two is Phishing! I know this feels like a topic that we are always banging on about, but there is a reason for that, it’s such an easy way for an attacker to get in and it’s such an easy thing for us to overlook when we’re feeling tired or overwhelmed with our workload. So at the risk of boring you with a topic you may already be familiar with, please know that we all need a reminder of what to look out for, accidentally clicking on a phishing email could happen to any of us! Oh and don’t forget to enter our week two quiz to win a £25 Amazon voucher.

• Reporting a scam helps warn others against cyber incidents. Don’t hesitate to call out phishing attempts.
• Most cyber incidents start with a phish. To stop it, report it. For UCL email accounts please report to phish@ucl.ac.uk.
• Tips for Spotting a Phishing Attempt:
  • 1) They create a sense of urgency or claim to need help.
  • 2) A promise of reward.
  • 3) Suspicious sender – often the address sending the email will not look right, or might try to mimic a well-known company address, perhaps with a few typos or extra characters. 
  • 4) They ask for personal or financial info.
  • 5) They want you to download a file or click on a link. Don’t take the bait!
• Think before you click! Phishing emails disguise themselves as harmless messages, but they’re dangerous digital piranhas swimming in your inbox. Stay vigilant, spot the signs, and report suspicious emails. Together, we can stay safe!
• Don’t get hooked! Phishing emails are sneaky bait trying to reel you in. Learn how to spot and report them.
• Your inbox is your fortress! Phishing emails try to breach your defenses, but you can outsmart them. Learn the telltale signs of phishing, such as misspellings, suspicious attachments, or urgent requests, and report those fraudulent messages. Protect yourself and others!

Reminder to complete CybSafe training

A quick reminder that if you haven’t completed your CybSafe training, please do so here:

https://app.cybsafe.com/sso-login/ucl/

The training can now also be found on InsideUCL: https://app.ucl.ac.uk/InsideUCL/

Week Two Quiz

Be in with a chance to win a £25 Amazon voucher by answering the question below:

Q: For UCL email accounts, what email address should be used for reporting phishing emails?

Please send your entries to isg@ucl.ac.uk with the subject line: CSAM Week Two. The quiz is only open to UCL staff and students who enter using their UCL email address.

For more information on how to protect yourself, your friends and your family see: https://staysafeonline.org

Week One – Multifactor Authentication

With Summer feeling like a lifetime ago, it’s already October, which can only mean another Cyber Security Awareness Month. We will also be running the weekly quiz to win a £25 Amazon voucher so read on to enter and be in with a chance to win.

This year the topics are based on Cyber Security Behaviours and are as follows:

• Multifactor Authentication
• Phishing
• Passwords and Password Managers
• Software Updates

There is nothing new about these topics and there is a reason why they are always repeated, they are four fairly simple behaviours that when implemented really help to protect you.

Multifactor Authentication

• Make it harder for cybercriminals to compromise your accounts by enabling multifactor authentication.
• Multifactor authentication adds an extra layer of protection to your accounts, making it harder for hackers to get in. Stay one step ahead and lock them out.
• Where should you use MFA?

1. On accounts with your financial info like banks and online stores
2. On accounts with personal info, like social media and healthcare apps
3. On accounts with info you use for work

In summary: Use MFA everywhere!

• Passwords are the frontline gatekeepers of your online kingdom! But why settle for one line of defence when you can have two? Multifactor authentication doubles the security, making your accounts much more fortified. Keep the cyber criminals at bay!

Reminder to complete CybSafe training

A quick reminder that if you haven’t completed your CybSafe training, please do so here:

https://app.cybsafe.com/sso-login/ucl/

Week One Quiz

Be in with a chance to win a £25 Amazon voucher by answering the question below:

Q: What are the frontline gatekeepers of your online kingdom?

Please send your entries to isg@ucl.ac.uk with the subject line: CSAM Week One.

For more information on how to protect yourself, your friends and your family see: https://staysafeonline.org