Cyber Criminals Targeting University Payroll Systems

San Ramon, CA, November 18, 2014 (Newswire.com) - According to a recent advisory issued by Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks. Cyber criminals harvest credentials and then alter victims’ payroll bank account information to re-route direct deposits to bank accounts controlled by the cyber criminals.

Tactics, techniques and procedures (TTP’s) of the cyber criminals include:

Higher Education is a honey pot for the bad guys. We know of dozens more institutions that have been spearphished than are mentioned in the REN-ISAC report.

Greg Wendt, GreyHeller's, Executive Director, Security Solutions

• Altering direct deposit account information
   
• Spoofed to appear as if message came from the appropriate department, e.g. HR for “salary increase” lures or IT department if “mailbox exceeded”
   
• Spoofed login screens that are a close replica of legitimate login screen
   
• Targeting of faculty and staff
   
• Using university images within e-mails text
   
• Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers.
   
• URLs mimicking legitimate (and accessible) portal URLs
   
• Use of the “salary increase” approach seems to coincide with end of the fiscal year.

The phishing e-mails have contained official institutional images, often via an HTML image link direct to the resource.

“Higher Education is a honey pot for the bad guys. We know of dozens more institutions that have been spearphished than are mentioned in the REN-ISAC report,” according to Greg Wendt, GreyHeller’s Executive Director of Security Solutions.”

GreyHeller’s Security Suite complies with REN-ISAC’s recommended prevention techniques:

• Redacting or masking of sensitive data
• Implementing Two-Factor Authentication at the transaction layer
• Limiting self-service functions by location – on- or off-campus
• Detailed and specific logging of the most critical events

“Our recent Security webinar series focused on helping organizations mitigate cybercrime. How to implement Two-Factor Authentication and Logging/Analysis and Incident Response contain information that will thwart the bad guys,” stated Mr. Wendt.

Recordings of the webinars can be found on GreyHeller’s website.  The full REN-ISAC advisory can be found here.

About GreyHeller

San Ramon, California-based GreyHeller serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. GreyHeller’s software solutions - PeopleMobile®, ERP Firewall and Single Signon  – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about GreyHeller, please visit www.greyheller.com.