Current Events: Russian invasion of Ukraine
————————————————————
With the Russian attack in Ukraine and MIT’s response in both the termination of the MIT Skoltech program as well as hackers from MIT participating and assisting in cyberattacks against Russian government websites, we are sending this alert to let the community know that they should brace for potential retaliatory cyberattacks from Russia or their proxies. Some of the attacks may target specific individuals with known political affiliations and others may target the school or Institute generally as a whole with the potential aim to cause individual harm, chaos, or bring down critical systems.
CISA, the Cybersecurity & Infrastructure Security Agency with the US Department of Homeland Security has issued a warning to prepare for potential large scale nation-state level cyberattacks.
“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
https://www.cisa.gov/shields-up
How this affects you
—————————
Your data is the most valuable thing you own. It is more valuable than the computer it’s saved on. All community members should make sure that they are maintaining backups of their most critical files. Hopefully everyone is at a minimum using Time Machine or Windows Backups along with Dropbox.
Russia has one of the largest nation-state cyberattack capabilities in the world and all users should be extra vigilant for phishing attacks attempting to impersonate faculty, Deans, high level administrators asking for any kind of private information like but not limited to addresses, credit card numbers, or passwords. Also be on the look out for false notices (IT, banking, shipping companies, IRS, etc) claiming you must turn over private information or passwords. These attacks may also appear as fake infection alerts on web browsers that will claim “You’re infected!” and to call phone numbers to get it fixed. The bad actors will then demand control of your computer as well as credit card information where they could then install malware to perpetuate a wider infection and/or theft of and fraud against your identity.
If ANY email you receive feels off to you in any way, especially if it is meant to cause you to feel shock or fear and/or it has an attachment you weren’t expecting or links asking you to “verify” anything or asking for private information, be on alert. Avoid clicking on suspicious links, and do not download any files to open especially if you were not expecting the attachment. No organization will ask you for private information from you over email, not MIT, not your bank, not PayPal, not the government, no one.
Do not fall for it. For emails that are supposed to come from an MIT community member, verify by looking at the return address to see if it’s actually coming from a free email service like yahoo, hotmail, gmail, etc. If it’s not coming from @mit.edu, odds are 98% it’s a fake. We’ve seen these kinds of attacks in the past where bad actors try to impersonate DLC heads, Deans, and Faculty.
Be aware that phishing attacks have also come from the occasional compromised @mit.edu addresses. If you are unsure, forward the email as an attachment (Message->Forward as Attachment in Apple Mail) to us and we can verify it for you.
What you can do
———————–
1) Make sure you have backups, ideally 2. All Mac users should be using Time Machine and all Windows users should be using Windows backup. All users should also be using MIT Dropbox or other similar secure cloud based storage like IS&T managed DLC file servers or DLC controlled Synology servers as their cloud storage and additional backup solution.
2) Always be alert, aware, and skeptical. No one legitimate will ask for money, gift cards, or private information over email. If the email uses fear, you should immediately be on your guard and assume it is a likely scam/phishing attempt. If you know the person sending you the attack emails and it doesn’t sound like them, you may very well be right that it’s not them. The “Are you there” phishing attack is now well known among most DLCs. You can always forward the email to us as an attachment (Message->Forward as Attachment in Apple Mail) for us to verify if you’re not sure.
3) If you definitely know it’s a phishing attack, forward the email as an attachment to phishing@mit.edu so IS&T is aware of the attack. IS&T is the only Institute organization capable of implementing measures to stop these attacks before they enter our inboxes.
a) In Apple Mail with the phishing email selected or open, go to Message->Forward as Attachment
b) In Outlooks instructions to forward as attachment are here:
https://www.howtogeek.com/695636/how-to-forward-an-email-as-an-attachment-in-microsoft-outlook/#:~:text=To%20do%20so%2C%20launch%20%E2%80%9COutlook,from%20the%20drop%2Ddown%20menu.
4) As a user, you can also create a black list to block “Bad Senders”. This can only be done in owa.mit.edu and will only stop that specific email address.
Instructions can be found here:
https://wikis.mit.edu/confluence/display/shassit/Spam+Management+and+Spam+Filtering
Be aware that attempting to block bad emails is often not effective because the bad actors can simply create a new fake email address to get around the bad sender email addresses you created before. Though it may stop the attacks for a short while, the attacks inevitably return with a different email address. It can definitely make you feel like you’re playing an email version of whack-a-mole.
If anyone has any questions please do not hesitate to ask! Remember, there is not such thing as a dumb question.