Cyber Criminals Targeting University Payroll Systems
Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks.
San Ramon, CA, November 18, 2014 (Newswire.com) - According to a recent advisory issued by Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks. Cyber criminals harvest credentials and then alter victims’ payroll bank account information to re-route direct deposits to bank accounts controlled by the cyber criminals.
Tactics, techniques and procedures (TTP’s) of the cyber criminals include:
- Altering direct deposit account information
- Spoofed to appear as if message came from the appropriate department, e.g. HR for “salary increase” lures or IT department if “mailbox exceeded”
- Spoofed login screens that are a close replica of legitimate login screen
- Targeting of faculty and staff
- Using university images within e-mails text
- Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers.
- URLs mimicking legitimate (and accessible) portal URLs
- Use of the “salary increase” approach seems to coincide with end of the fiscal year.
The phishing e-mails have contained official institutional images, often via an HTML image link direct to the resource.
“Higher Education is a honey pot for the bad guys. We know of dozens more institutions that have been spearphished than are mentioned in the REN-ISAC report,” according to Greg Wendt, GreyHeller’s Executive Director of Security Solutions.”
GreyHeller’s Security Suite complies with REN-ISAC’s recommended prevention techniques:
- Redacting or masking of sensitive data
- Implementing Two-Factor Authentication at the transaction layer
- Limiting self-service functions by location – on- or off-campus
- Detailed and specific logging of the most critical events
“Our recent Security webinar series focused on helping organizations mitigate cybercrime. How to implement Two-Factor Authentication and Logging/Analysis and Incident Response contain information that will thwart the bad guys,” stated Mr. Wendt.
San Ramon, California-based GreyHeller serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. GreyHeller’s software solutions - PeopleMobile®, ERP Firewall and Single Signon – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about GreyHeller, please visit www.greyheller.com.