In the past several weeks an unknown source targeted Emerson with malicious email attacks aiming to steal login information. More than 50 accounts were temporarily hijacked, according to Dennis Levine, Emerson’s Information Security Officer.
Levine estimated that the compromised Emerson accounts sent out 75,000–100,000 spam emails to other emerson.edu emails and the internet at large.
More than a dozen Information Technology staff members have spent 200–300 hours, Levine guessed, working to stop the malicious emails coming in, to reclaim hijacked accounts, and to repair the damage done to Emerson’s online reputation.
IT increased the security on the college’s firewall and spam filter appliance. As well, they changed the mail server’s settings to filter out emails containing certain keywords and originating from specific IP addresses.
They also sent out an email to the community on the 16th, warning of the malicious emails and giving tips on internet security. The message from IT cautioned users against opening links from emails with poor grammar, little context, confusing or unrecognized senders, and off branding.
Levine said compromised staff or faculty profiles could have been used to access sensitive information, but that it appeared that the hackers had only used the login information to send out more emails, regardless of who the accounts belonged to. He said the hijacked emails were a fairly even split between students, faculty, and staff.
He noted that the attack was definitely targeted at Emerson, because the spam emails linked to a page specifically designed to resemble eCommon.
He said the phishing attacks likely began with one Emerson community member accidentally giving away their credentials, which gave the hackers access to all emerson.edu email addresses.
“There is a patient zero someplace,” he said.
The high volume of spam coming from Emerson users led to some spam filtering companies blacklisting emerson.edu addresses, causing some authentic emails from Emerson addresses to fail to deliver.
The IT department is working to fix this issue, but the phishing and compromised accounts are mostly under control, according to Levine.
“We’re at a point now where we feel pretty good,” he said. “The IT department has been working very hard. We’re looking out for everybody’s best interests and we just want everybody to be patient with us.”
Levine thinks educating incoming freshman on cybersecurity would be a good way to prevent incidents like this.
He said that in addition to the email attacks, there has been an increase in social engineering attacks against the college in the past week. Scammers have called various departments requesting student information, as well as calling the finance office pretending to be the IRS.
Levine said none of these attempts were successful, and it is unclear if they are linked to the email attacks.