Update: CCCC Phishing Recovery

by Drew Gallant

In November of 2018, Cape Cod Community College (4Cs) fell victim to a cybersecurity attack in which hackers were able to extract over $800,000 from the school in an online phishing scheme. Fraudsters were able to infiltrate the school’s bank accounts by using sophisticated malware, which infected numerous computers in the Nickerson Administration Building.

The fraud started with an email. An employee opened an email which appeared to be from another college, only to realize there was a peculiar attachment to the message which raised many suspicions. The Information Technology (IT) team identified one of the infected attachments and was able to quarantine the virus embedded within, however, the virus had enough time to spread on the system, ultimately replicating itself. After detecting the initial attack, the college was able to block several other attacks on their network.

Illustration by: Harley Turso

Fast forward to April 2019, a 90-day investigation overseen by the FBI concluded with the recovery of $677,594. Some of the money—$278,887—was recovered in the immediate aftermath of the phishing scheme with the help of bank officials.

“The remaining $129,536 has not yet been recovered,” Patrick Stone, 4Cs Director of Strategic Communications and Marketing told the MainSheet in late September. “Authorities are still conducting an ongoing investigation,” said Stone.

4Cs is taking an extremely aggressive route to ensure fraud like this never happen again. With the implementation of training programs, stricter password policies, intensive scanning of all incoming emails, and web browsing protection systems are all parts of the plan to inhibit another breach in security systems in the future.

Richard Wixsom, the college’s Chief Information and Technology Officer, went into detail regarding the crucial steps being taken.

“We’ve introduced an online security training program from a company called KnowBe4,” said Wixsom Tuesday via email. “The College has created a training program for our employees to improve security awareness. KnowBe4 gives the Information Technology department the ability to simulate various types of cyber-security attacks, such as an email phishing attack.

“We’ve also implemented stricter password policies for all employees. All employees are now forced to change their passwords every 91 days. In addition, we’ve introduced a policy that will automatically suspend a user’s account for 30 minutes if there are 5 consecutive bad password attempts.

“We’ve also imposed an inactivity timeout feature that requires employees to input their passwords after 30 minutes of inactivity.”

Wixsom touched on some more new and improved features. “IT has installed a feature on the College’s Microsoft Office 365 platform called Advanced Threat Protection (ATP). ATP performs intensive scanning of all incoming email to block malicious emails from getting through the system. IT monitors this system and modifies it when we discover the system has blocked legitimate emails,” said Wixsom.

“IT has also installed a web browsing protection system called Cisco Umbrella. This system will block any of the computers on campus from accessing known malicious websites. If a user attempts to access a known malicious site, they will receive a message stating that the college has blocked access to the site because it is known to contain malicious files. IT has the ability to allow or block sites manually as well, but we rely heavily on the system to allow or deny access based on information compiled by Cisco,” said Wixsom.

Lastly, and perhaps most importantly, the school has installed new and improved cybersecurity software, AppGuard.

“This software stops any unauthorized software from running on our windows-based computers,” said Wixsom. “It is vastly different than commonly-used antivirus software. Antivirus software uses a concept of black-listing, which stops known viruses that the software has already identified. The flaw in this concept is that new viruses are not stopped until a day or two after someone has encountered that virus. It’s always playing catch-up. AppGuard works off of the concept of white-listing. This concept says nothing can run on a protected computer unless the college authorizes that program. Everything is blocked unless we say it’s okay. AppGuard provides the highest level of security,” concluded Wixsom. AppGuard is also used by the U.S. Department of Defense

The school is collaborating with 15 other community colleges, and nine state universities to up the ante on cybersecurity. Lisa Kopecky, Vice President of Finance and Operations, detailed the mission of the collaboration.

“Given the rise of cybersecurity incidents nationwide, Community Colleges and State Universities in Massachusetts have been in cooperation with Partnership to Advance Collaboration & Efficiency (PACE) this past year to identify and pursue opportunities to strengthen cybersecurity awareness, training and monitoring systems at all participating institutions,” said Kopecky. “PACE came to be when the Massachusetts Association of Community Colleges (MACC) and the State Universities Council of Presidents joined together to address recommendations made by the Department of Higher Education’s Task Force on Collaboration and Efficiency noting that increased collaboration will result in benefits for every institution, its students, and the community,” noted Kopecky.

If you are suspicious of any message or attachment you receive, please contact the IT Help Desk immediately at 774-330-4004, or seek help in the Lorusso Open Lab, room 116.

Categories: Featured, Around Campus