OIT Security and Compliance is taking proactive steps to protect campus users and the university from potentially devastating impacts of cyber security breaches.
OIT is seeing significant increases in the number of users who fall victim to phishing attacks that trick them into divulging their university usernames and passwords. Their credentials are then used for malicious actions, such as attempts to gain unauthorized access to personal information or sensitive university systems and data as well as transmission of potentially embarrassing or damaging emails.
OIT is also noticing an increase in hacked websites that could be used to gain access to backend servers with potentially sensitive university data. Websites that accept payments (e.g., via PayPal and Yahoo Stores) are especially important, since they may impact the university’s Payment Card Industry (PCI) compliance program.
In addition, attackers are targeting older systems (e.g., Windows XP) on the network with known security weaknesses. While some of these machines may be low value targets, or void of any sensitive data, they can be used as launch points to higher value target systems that store sensitive data.
To address these issues, Security and Compliance is eliminating vulnerabilities identified on the campus network, including:
- Disabling suspected compromised user accounts until the user takes recommended security actions (e.g., contacting the NC State Help Desk to reset passwords).
- Blocking all Windows XP computers identified on the network. For more information, see OIT blocks Windows XP machines from the campus network.
- Disabling websites that are not registered with Merchant Services but are accepting credit payments.
For more information, contact the NC State Help Desk at 919.515.4357 (HELP) or firstname.lastname@example.org.