Recently, a standard SIU.edu account was compromised by a malicious actor. This account did not belong to a high-ranking official like a director, provost, or dean, nor did it have any special technical access or permissions. At first glance, one might assume that such an account being compromised would result only in a minor inconvenience for the individual, requiring them to call SalukiTech and reset their password. However, even a base-level account being compromised can have significant consequences for the individual, the university's critical systems and infrastructure, and potentially hundreds of other institutions worldwide. How did this happen, and what can be done to prevent it?
A single employee responded to a fraudulent email requesting their SIU account password. The attacker then sent the employee a text message, asking them to respond with their MFA PIN. The individual complied, unintentionally giving the malicious actor control over their account.
Although the compromised account lacked special administrative permissions, the attacker was still in full control of that account. While they did not breach critical systems, they managed to distribute tens of thousands of messages in just a few hours. These messages reached not only SIU faculty, staff, and students but also people worldwide, potentially leading to many other individuals and institutions being compromised.
MFA stands for Multi-Factor Authentication. SIU utilizes Microsoft MFA, most commonly through the Microsoft Authenticator app on a phone or tablet. MFA requires an additional verification factor besides the account password, reducing the likelihood of a successful cyber-attack. While MFA can provide robust security for an account, the PIN must be safeguarded diligently.
- Accept your role in the security chain: Be diligent and responsible when vetting communications received by email, text, or phone.
- Think before clicking: Always think before clicking links, opening files, or answering unsolicited texts/calls.
- Guard sensitive information: Never provide sensitive information to anyone by phone, text, or email.
- Create strong passwords: Use strong passwords and change them frequently.
- Understand the importance of MFA: Recognize that MFA is required because it adds an extra layer of security to your account and the university.
SIU will never contact you to ask for your password, MFA code, or personal information. Always reach out to the requesting organization or institution using contact information from their official website before providing any personal information. Remember, MFA requests are never random; an unexpected MFA verification request indicates that someone might be trying to access your account.
SalukiTech is committed to helping keep accounts and information secure. If you have any questions about account security, please contact SalukiTech. In response to malicious attacks, SalukiTech has implemented more identity verification steps to ascertain an individual's identity. Security standards around password change requests and account access restoration have been increased, now requiring visual confirmation (in-person request or photo/video confirmation) to verify the user's identity. While these steps may take extra time, they are crucial for keeping accounts safe and preventing other institutions and individuals from being compromised.