The service desk of the university’s Information Technology Services (ITS) processed 1,132 tickets related to compromises of student accounts in the past year.
Some tickets were duplicates of one account’s compromise, while other tickets involved the hacker managing to log back into separately compromised accounts due to the password not being changed when the account was reset.
Joe Reynoldson, director of the ITS Security Team, warns that further account compromises may result from a breach of data because people often reuse the same password for their websites.
“Assume a faculty member was involved in the LinkedIn data breach in 2012. If that faculty member used the same password for both LinkedIn and USD, then an adversary may be able to use the LinkedIn data to access a USD service online,” Reynoldson said.
The most common way an account’s credentials are stolen is through phishing. One technique is an e-mail attached with a link to a website. Designed to look like an official university website, it is meant to steal the credentials of a student’s university account.
Reynoldson’s advice to students looking to protect their online identities is to pay close attention to e-mail messages they receive and confirm the destination of a hyperlink before you click on it.
“Use different passwords for different online identities, so that a compromise of your social media account does not jeopardize your university email account,” Reynoldson said.
Reynoldson also said students should enable multi-factor authentication of any online identities that support this system. Multi-factor authentication requires something more than a password in order to access an account, thus a successful phishing scheme not resulting in a compromised account.
“The ITS Security Team also provides annual security awareness training to all faculty and staff, so that they are aware of cybersecurity threats,” said Reynoldson.
In February 2018, the Phish Alert Button (PAB) was unveiled to the University. Since then, the Human Firewall has reported more than 4,000 malicious messages.
“Each alert becomes a service desk ticket, and the service desk coordinates with the security team to investigate every ticket,” Reynoldson said.
Every alert is investigated because many attackers design malicious messages to look like legitimate ones, leading to false positives where a legitimate message is mistakenly reported as malicious.
The ITS security team continues to build a database of security intelligence, participating with higher education-focused regional security groups.
“This intelligence is critical in identifying attacks before they can successfully steal university credentials,” Reynoldson said.