This past week has been equally challenging and rewarding, and I’ve been impressed to see multiple campus groups come together and work collaboratively in pursuit of a singular goal – in this case, to ensure UT Austin’s IT services are well protected from malicious activity. I’d like to recognize the collective work of Information Technology Services (ITS), Academic Technology Support (ATS), and the Information Security Office (ISO).
This particular week saw a worldwide proliferation of “Wannacry,” a ransomware program targeting the Microsoft Windows operating system. On May 12, a large cyberattack was launched using it, infecting more than 230,000 computers in 150 countries, demanding ransom payments*. The attack spread by phishing emails, but could also directly infect any exposed systems throughout a network which had not installed recent security updates. Many organizations and businesses had to completely “turn off” their IT systems. Imagine what that would mean to our campus.
Our remediation efforts began immediately as the ISO proactively sent notice to the campus technical community on warning of this threat. Soon after, vulnerable systems were identified and technical contacts were notified. Work to secure these systems began in earnest, and monitoring tools were leveraged to identify any new threats. As of May 16, all of approximately 6,000 ITS and ATS managed Windows workstations were pushed the required security patches, and remediation is nearly complete. Additionally, each of the 495 Windows servers managed by ITS has been fully remediated.
Thanks to a recent move from our on-premise hardware (Ironports) to a cloud-based solution, the ITS email team was able to turn up expanded URL filtering for incoming mail on the Mail Filtering Service. The value of this service is that it identifies malicious or suspect URLs in an effort to provide an extra layer of security. It stops them before entering our campus network! The fact that this service is in the cloud allowed us to turn up additional capacity almost instantly to handle an attack such as this. For perspective of the magnitude of threats UT Austin faces on a daily basis, in the last seven days, we stopped 13.2 million spam/junk messages that were caught and not delivered. We also identified nearly 35,000 malicious URLs contained in emails and flagged them as dangerous.
We are not likely out of the woods yet, because this program and others like it are still lurking out there. But, due to these extraordinary efforts, UT Austin has not had any “Wannacry” related compromises!
If you are wondering what you can do to help protect yourself and the campus community, here are several tips courtesy of Cam Beasley, UT Austin’s chief information security officer:
· Ensure both university-owned and home systems are patched to the latest level
· Ensure you are running an updated antivirus tool - UT Austin offers options at no charge for university-owned systems
· Ensure that you have a good backup in place for important files and data - consider using UTBox or UTBackup
· Be vigilant of any suspicious looking e-mails and attachments that you might receive
If you have any questions about these recommendations, please contact your local IT Support Staff or the UT Service Desk (firstname.lastname@example.org or (512) 475-9400) for more details. This was truly a team effort and I appreciate everyone’s contributions to make our response to this threat as timely and effective as possible.
Lastly, Saturday marks the Spring Commencement 2017. Congratulations to those graduating and congrats to some members of our ITS team who have family graduating. It’s a big milestone for both of you!