With the mounting geo-political tensions between Russia and Ukraine, and the threat of sanctions being imposed by the U.S., Governor Kathy Hochul has issued a statement warning New Yorkers to be mindful of possible Russian cyber attacks on their personal accounts. Additionally, Governor Hochul and Federal officials have called on businesses to prepare for potential cyber attacks. Last week, CISA, the NSA and the FBI issued a joint advisory regarding the continual targeting of U.S. cleared defense contractors and sub-contractors (CDCs) of all sizes. These ongoing intrusions have provided Russian nation-state actors with sensitive proprietary documents and internal communications which provide insights into defense systems, timelines, infrastructure and information technology.
Nation – state actors and scammers use many of the same TTPs (tactics, techniques & procedures). We offer the following recommendations to better secure both yourself and NYU:
- Use lengthy and unique passwords for each account. All of your passwords should be easy to remember, but hard to guess.
- Consider the use of a passphrase that reflects an aspect of your life/experience such as, I buy coffee at the corner deli every morning around 8am.
- Use MFA (multi-factor authentication) on all available accounts.
- Update your devices and software regularly as updates address most known
vulnerabilities. - Be on the lookout for phishing messages, which may arrive via email, text messages, social media or as web pop-ups. Please be reminded not to click embedded links or open attachments in unexpected messages or updates.
- To confirm message legitimacy, contact the sender via an independently obtained method of communication, such as a trusted phone number.
- Be on the lookout for ransomware, which is malware that encrypts files on devices and connected systems. Ransomware is most commonly delivered via phishing messages. If you see file extensions changing or a ransom message displaying onscreen, disconnect your device from the NYU network, and all other connected systems and devices. Next, power off your device, and contact your local IT Admin and security@nyu.edu, using the following email subject line “URGENT: RANSOMWARE”. For more information on ransomware, see the following blog post: Fight the Ransomware Phish!
- Only download software from trusted sources such as the App Store or Google play. Downloads from other sources may come with malware.