Q&A: How can Duke stay safe from ransomware?
In his role as Director of Information Security at Duke University, Richard Biever, the campus computer security office, as well as the head of information security for Duke University’s health system , Randy Arvay and the ISO DUHS, are responsible for protecting Duke against malicious attacks, including ransomware, a type of cyber attack that can cripple digital infrastructure, disrupt operations and cost millions of dollars.
Ransomware is a strain of malware that threatens to encrypt, publish, corrupt or block data, essentially holding it hostage, until a ransom can be paid. Recently, a ransomware attack forced Howard University to briefly cancel classes. Earlier this year, ransomware forced the Colonial Pipeline to suspend operations, causing gas shortages across much of the Southeast. And last year, the Durham City Government’s computer system was crippled by a ransomware attack.
“It’s easy money,” Biever said. “The idea is, why do hackers prey on individuals for hundreds of dollars when you can pursue bigger targets and get millions?” ”
Biever and his colleagues from Duke Computer Security Office work hard to protect Duke’s digital systems from malware attacks like ransomware. Ransomware attacks often start with phishing emails. Last month, Duke received around 103 million emails, with around 69 million messages automatically blocked. However, of the 39 million delivered, there is still a chance that some phishing messages will get through.
Staff, faculty, and students all play a role in security efforts by not falling for the trap and reporting potential phishing attempts that could lead to malware. With Cyber Security Awareness Month in October, Working @ Duke spoke with Biever to better understand the threat of ransomware and how community members can defend themselves against it.
What does the ransomware do?
Biever said that, like any type of malware, ransomware can find its way onto a computer when a user opens a compromised file, often disguised as a document from a common program such as Microsoft Word, Excel or Adobe (pdf) . And while the scam may start out small, with just one infected device, ransomware can quickly turn into a big problem as it is designed to spread rapidly across networks, infecting devices and data.
And like a time bomb, the ransomware is designed to encrypt all data on the devices it accesses at the same time, crippling entire computer systems and disrupting their operations. When this happens, the only way for an organization to reverse the encryption and regain access to its computer systems is to pay a ransom – often millions – to the people behind the cyber attacks.
“They look for vulnerabilities in the system and then use them as an entry point to deploy the initial malware,” Biever said. “The more they spread, the more systems they have access to. And once they hit a certain point, they turn on encryption.
Why is ransomware a threat?
Ransomware has been around for decades, but its earliest incarnations focused on infecting individual computers, forcing users to pay to regain access to data. But in recent years, hackers have gained access to more powerful tools that make it easier to infect entire networks with malware from a computer.
“They’ve taken a liking to their ambition, so they’re fighting for the fences,” Biever said.
Biever said this has made ransomware a much more attractive approach to more sophisticated cybercriminals looking to earn larger sums of money, and for foreign governments trying to destabilize financial infrastructure and systems. from the country.
According to a report by digital security firm Checkpoints, there were 93% more ransomware attacks in the first half of 2021 than at the same time last year.
Biever said the increase is mainly due to more personal and professional communication online and often on the same devices.
“Now you can see situations where what you’re doing from a personal point of view – going to a website, checking your emails or something like that – could end in negative action that would be transferred to the business side.” or professional, ”Biever said. . “It becomes the gateway for something to spread further in your corporate network. “
Why are higher education institutions and health organizations targeted?
Healthcare organizations have been a popular target for ransomware attacks in recent years. In 2021, the US Department of Health and Human Services reported that 34% of healthcare organizations have been the target of ransomware attacks in the past year.
Biever said Duke’s academic, research and healthcare operations make him an attractive target for ransomware because the areas contain sensitive data.
“Higher education is well known for being focused on collaboration and information sharing,” Biever said. “Our aim is to encourage academic and research activities. This could provide opportunities for attackers to send emails appearing to be from potential collaborators or apply social engineering techniques to try and take advantage of the open and trusting attitude that many of us have. have.
What role can faculty, staff, and students play in protecting Duke from ransomware?
Biever and his team in the Office of Computer Security, along with their counterparts at Duke University Health System, are fighting ransomware cyber attacks on multiple fronts. They stay on top of the latest threats and vulnerabilities and make sure to send critical updates and fixes to devices managed by Duke. They also use security tools and methods to help identify and respond to potential attacks.
But as Biever points out, even with these security measures, Duke’s students, staff, and faculty can still help. He said it’s important to install updates – most install automatically when you restart your computer – when they’re recommended. These often include security patches that fill in the loopholes that hackers can exploit.
And Biever stressed the importance of being a savvy email user by not clicking on attachments unless you are sure what it is, that it is from a trusted source, and reporting suspicious emails to Duke IT Security Office by clicking on the “Report Phishing.” link. to Duke “on Outlook email accounts.
To sharpen a team’s online meaning, managers can request to participate in monthly or quarterly drills in which Duke’s security experts send teams mock phishing emails. Duke University Health System employees are automatically enrolled in the program.
And October being Cyber Security Awareness Month, Duke’s Office of Information Technology (OIT) is hosting the Duke security challenge, a game that gives Duke students, staff and faculty a chance to win prizes while learning about cybersecurity.
On October 27 at noon, ILO will also be offering a Learn Computer Science for Lunch Webinar, “Security 2021: Protect Yourself and Your Data in a Changing Threat Landscape. “
“There are a number of things you can do to protect yourself,” Biever said. “But, one of the most important things our community can do is stay in the know and if it looks like something is wrong, don’t click on it. Don’t investigate it yourself. Talk about it. to someone.
For a deep dive into the threat posed by ransomware, check out this webinar from a recent edition of Virtual Security Academy from Duke’s Office of Computer Security.