Alerts and Updates

October 20: KRACK Vulnerability - Update #1


Updates on KRACK vulnerability fixes for several technologies in use at Biola:

  • Apple stated the security vulnerability has been fixed in the beta versions of the next software updates to iOS, macOS, watchOS, and tvOS. The release of these updates are expected this month.
  • Google said that their November 6 patch will fix the issue for Android devices. Android phones made by Google will receive the update instantly, but other Android device owners will need to check with their device manufacturers for the update.
  • Microsoft released updates for Windows on October 10 and Biola’s managed Windows computers are currently receiving the security patch.
  • Cisco’s wireless infrastructure software update is in final testing and should be available within a few days. At that time Biola IT staff will schedule a maintenance window to install.

For more information on the status of other hardware fixes, please refer to this blog: https://char.gd/blog/2017/wifi-has-been-broken-her...


October 19: KRACK Vulnerability Alert


You may have heard about the recently-published “KRACK” vulnerability in wireless network security protocols. Our team is reviewing the published information and is working with our vendor to evaluate the scope of impact and the anticipated timeframe for fixes. (More details about the vulnerability and software update status for some wireless vendors can be found at http://www.zdnet.com/article/here-is-every-patch-f....)

This vulnerability affects most Wi-Fi enabled devices around the world, but an attacker needs to be physically in range of a particular Wi-Fi network and device to carry out the assault.

While industry-wide fixes for this security vulnerability may take some time, there are steps that you can take to secure data sent and received by wireless devices:

  • Update the software on your wireless devices and home wireless routers. Refer to your device vendor’s support site for more information.
  • When sending and receiving sensitive data ensure all web traffic is sent securely via the HTTPS protocol.

Biola IT will continue to monitor this issue. Further updates will be posted on this page.

Thank You,

Information Technology


October 5: Internet Outage Resolution


Dear Biola Community,

At 6:00 a.m. Internet service was fully restored.

Biola University would like to thank Southern California Edison, Time Warner/Spectrum Cable, and Wilcon for their hard work through both nights to restore Biola’s Internet service.

I would like to personally thank the many Biola IT team members who worked to address this problem, whether this was coordinating with Biola’s Internet service providers, developing alternative solutions to connect Biola to the Internet, or communicating the details of this incident with Biola community. Your actions demonstrate a team effort that is appreciated and respected.

Lastly, I would like to thank the Biola community for their patience, prayers, and understanding as IT contended with this service interruption. I welcome your feedback as we continue to improve our services and communication with the university. Please send any comments or questions directly to me.

Many thanks,

Steve Earle

Senior Director, Information Technology

October 3: Internet Outage


At 2:30 a.m. on October 3rd, a car crashed on La Mirada Blvd. destroying multiple power poles and impacting power lines and fiber optic cabling that carries Internet service.

Car Accident La Mirada Blvd

Biola University has two 1Gbit fiber optic lines that supply the campus with Internet services, and both of these lines enter campus from one of the affected poles. Campus Internet service remained operational until 8:30 a.m., when public utilities cut both Internet lines in an effort to clear the road and open up traffic on La Mirada Blvd.

For safety reasons, Southern California Edison needed to complete work on the power lines before the fiber lines could be repaired. SCE communicated to Biola that they would complete their work by 3:00 a.m. on Wednesday morning, after which TWC and Wilcon technicians could begin to repair the fiber optic lines. They estimated these repairs would take 24-36 hours to complete.

Tuesday Afternoon Repairs

Fortunately, by early Tuesday evening telecom providers were able to begin their work to repair one of the fiber optic lines, earlier than anticipated.

The university’s first fiber optic line was reconnected and verified to be functional by 11:15 p.m. Tuesday evening, restoring Internet services to campus. Technicians worked continuously throughout the evening and the next day, and by 6:00 a.m. Thursday morning (October 5) the second fiber optic line was repaired.

Late Night Repairs

Planning was already underway to move one of the fiber optic lines to the other side of campus in an effort to avoid situations such as what happened yesterday. For the past year IT has been working on a comprehensive disaster recovery plan to avoid prolonged service outages in the event of a natural disaster or unforeseen incident (like Monday night).

June 9: Google Phishing Attack


Incident

On the morning June 9, 2017, an email was sent to many Biola accounts with the subject line “Important update notice to prevent account closure.” The email claims to be from Google, but it is a malicious Phishing attack. Do not click on any of the links contained in the email message, or on the attachments.

Remediation

At 11:00 a.m., Information Technology became aware of the Phishing attack.

We immediately blacklisted the malicious website linked in the Phishing email. This means that even if someone clicks on the link in the future, they will not be able to access the website from Biola’s campus. We also created a filter within our Google apps environment to block future iterations of this Phishing attack.

Guidance

If you have not clicked on any links in the Phishing email, your account is still safe. If you did click on the links, please contact the IT Helpdesk at extension 4740.

If you entered your username and password on the malicious website, you should immediately change your password. Follow the instructions here: https://confluence.biola.edu/display/itservices/How+to+Reset+Your+NetID+Password

Awareness

The malicious email is a classic example of Phishing. It contains:

  • Multiple grammar mistakes with an ambiguous greeting and signature
  • Poorly designed attachments and an impersonation of a trusted brand or company
  • An appeal to fear of consequences
  • An odd sender name (not Google) with links to a login page that is not hosted by Google

If you have any questions or concerns, or would like an introductory presentation on Information Security, please contact the IT Helpdesk at 4740.

May 4: Oauth Phishing Attack


Incident

On May 3, 2017, the Biola community suffered from a worldwide phishing attack. While previous phishing attacks tried to trick users into giving away their username and password, this attack requested account access through Google Apps.

An application impersonating Google Docs asked users to grant access to read, send, delete, manage their email, and to manage their contacts. Once given access, the application sent the same malicious invitation to all contacts on the compromised account.

Remediation

Information Technology identified compromised Biola accounts and stopped the malicious application from accessing their data. The Biola Information Security team will continue to review and manage any 3rd party apps that request access to information in Biola Google accounts.

Google has disabled the offending accounts and will continue to update security features in their environment. Google released an official statement on their Twitter account about the incident, which you can read here: https://twitter.com/googledocs

Guidance

Taking a few simple steps can protect you from falling victim to phishing attacks:

  1. Schedule Information Security Basics training for you and your department.
  2. Be cautious when granting applications access to your email, Google Drive, or any other personal information. https://confluence.biola.edu/display/itservices/Google+Apps+Phishing+Attacks
  3. Use Google’s Security Checkup tool to review what apps you have connected to your Google Account. https://g.co/SecurityCheckup
  4. Learn how to identify phishing emails. https://confluence.biola.edu/display/itservices/About+Phishing+Attacks
  5. Always question a website that asks you for your username and password, especially if an email link led you there.

If you have any questions or concerns, or would like an introductory presentation on Information Security, please visit the IT Safe Computing website at https://confluence.biola.edu/display/itservices/Safe+Computing or contact the IT Helpdesk at 4740.

January 26: Ransomware Attack


Incident

On January 26, 2017, a Biola employee accessing their personal email on a university-owned computer opened an attachment that contained a ransomware virus. Once the infected attachment was opened, the virus began to rename and encrypt data on the both the computer and a shared department network drive connected to the computer.

Remediation

IT restored the shared department drive data from a secure backup, no data was lost. The computer did not have a CrashPlan backup and the data was lost.

Guidance

Taking a few simple steps can protect you from falling victim to ransomware:

  1. Confirm Crashplan is backing up the data on your work computer. https://confluence.biola.edu/pages/viewpage.action?pageId=107284749
  2. Learn how to identify phishing emails. https://confluence.biola.edu/display/itservices/About+Phishing+Attacks
  3. Watch this short video on ransomware. https://www.youtube.com/watch?v=FV-HW3NYdF8

If you have any questions or concerns, or would like an introductory presentation on Information Security, please visit the IT Safe Computing website at https://confluence.biola.edu/display/itservices/Safe+Computing or contact the IT Helpdesk at 4740.