It seems every week we hear about a data breach on the news at a major company or government institution.  Recent breaches at Equifax, Yahoo, IRS, Target, and OPM are a few good examples.  So what should you do when a data breach notification letter arrives in your mailbox, or you simply hear about it in the news cycle?   My short answer is — don’t panic and pay close attention.

Faced with a breach notice, most people either ignore it, panic, or start closing accounts.   All of these are not helpful so we recommend these steps:

1. Read the notice carefully to learn what information may have been exposed.  Keep this notice handy in case you need to prove your data was compromised through no fault of your own.
2. If you are offered free credit monitoring, take it
3. Pay close attention to your bank accounts and credit card transactions — at least weekly.  Look for any unusual activity.
4. Visit a reputable website that summarizes additional steps to take.  My recommendation is www.ftc.gov/idtheft
5. Know how to place a credit freeze on your credit file
   1.  www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
   2. www.freeze.equifax.com
   3. www.experian.com/ncaconline/freeze
   4. freeze.transunion.com/sf/securityFreeze/landingPage.jsp
6. Enroll in a paid service for identity theft protection.  Each offer similar protection, but depending upon your financial situation, you may choose one over the other  My two recommendations are:
   1. Lifelock – more expensive
   2. Zander Insurance Group – less expensive; has a family plan
7. If you are in the habit of storing credit card information on website (i.e Amazon), enroll in Mult-Factor Authentication if the website has it available

So What should I do moving forward?  Keep up good data-management habits by shredding sensitive documents before throwing them in the trash; use a locking mailbox; and take advantage of the Do Not Call registry.

Let’s face it, if you haven’t received a breach notification letter yet, you probably will in the future.  Not all breaches are created equal and some are worse than others.

If it involves your credit card or debit card, chances are your bank will issue you a new one if they think the risk is high (you can always request a new card if you’re concerned).  If your SSN, birth date, and address are compromised, they have a long shelf life and can be used by cyber-criminals next month, next year, or two years from now — you get the point.  For this reason, take the necessary precaution that’s proportional to your risk level.

1. Use the Duo Mobile App to Accept “Push” Notifications
   For our employees that have a smartphone, download and install the Duo Mobile app from your device’s application store (iTunes App Store, Google Play Store, Windows App Store) and search for “Duo Mobile App”. This is the most secure option and the most cost efficient for you and the University.  If you need assistance, you can stop by any of the IT Service Desks at University Crossing, O’Leary Library or Lydon Library.  Refer to www.uml.edu/mfa to manage your settings.
2. Make Sure Your Mobile Device Number is Your Primary MFA Device
   You can change the order of your MFA devices by visiting www.uml.edu/mfa
3. Take Advantage of the “Remember me for 30 days” Feature
   When this box is checked, this means you are not challenged for a secondary authentication again when you log in to that application from that device for 30 days. Refer to www.uml.edu/mfa to manage this setting.
4. Register Multiple Devices
   We strongly recommend registering at least two devices for MFA, such as your smart phone/cell phone and your office/home phone.    Why?  You may forget your primary device at home and you may need to get access to a protected application.  Refer to uml.edu/mfa to manage your settings
5. Be Cautious
   Try not to blindly accept a “push” or request for a second authentication (sms code, phone call). If you receive a request, and it wasn’t you who generated it, that means someone has your primary password to your account.  Change your password immediately or contact the IT Service Desk (978-934-4357) for assistance.As always, you can check Out the Frequently Asked Questions Document for more useful information by visiting www.uml.edu/mfa .

Click here to view the latest OUCH! newsletter, focusing on staying safe on the road.

As always, please don’t hesitate to contact the IT Service Desk at 978 934 4357 should you have security related questions or concerns!

Apple recently released a critical security update (iOS 9.3.5) addressing three security vulnerabilities, for which there are known exploits. It is strongly recommended that iPhone and iPad users perform this update asap. You may not have yet received a prompt to perform the update, but the update is available on your device(s) via Settings -> General -> Software Update. More information about the vulnerabilities is available below.

Background:
Recently, a foreign government affiliated “cyber-war” company exploited a set of three zero-day vulnerabilities (dubbed ‘Trident’) in Apple’s iOS version < 9.3.5 to spy on a prominent human rights activist. The vulnerabilities, when exploited, can allow the malicious actor(s) to decrypt and steal emails, text messages, call logs, as well as remotely activate the phone’s microphone among other invasions of privacy and device compromises. Apple released an update several hours later that patches the vulnerabilities.

Targets:
While this security bulletin affects the internet community as a whole, the Trident spyware has been seen to specifically target high profile individuals such as political activists and be used against anyone to compromise access and device privacy. In this case, evidence exists where a political dissident and internationally renowned human rights defender Ahmed Mansoor was sent a suspicious text message claiming to have “New secrets about torture of Emiratis in state prisons” with a link. The link in the text message would have compromised the phone. However Ahmed Mansoor, cautious as he was, instead alerted a technology laboratory that works with human rights activists. This lab is called CitizenLab and together with Lookout Mobile Security, they traced the source of the compromise attempt as well as noted the effects of the mobile malware.

Source:
The source was traced to NSO Group Technologies Ltd. “NSO Group, based in Herzelia, Israel […], develops and sells mobile phone surveillance software to governments around the world. The company describes itself as a ‘leader’ in ‘mobile and cellular Cyber Warfare,’ and has been operating for more than six years since its founding in 2010.” – CitizenLab

Extent of Effects:
According to CitizenLab, the Trident spyware would effectively allow the malicious actor to gain complete control over the target phone by jailbreaking it remotely. After jailbreaking the device, the attacker essentially has full and unrestricted access to almost everything the device contains or processes including but not limited to:

– Calls made by phone, WhatsApp and Viber, SMS messages, as well as messages and other data from popular apps like Gmail, WhatsApp, Skype, Facebook, KakaoTalk, Telegram, and others
– A wide range of personal data, such as calendar data and contact lists, as well as passwords, including Wi-Fi passwords. (above list taken from CitizenLab)

The malware also has the ability to persist throughout patches of individual applications since the compromise affects the operating system layer underneath.

Recommendations:
Update any and all Apple iOS devices to the latest version 9.3.5 or greater.

References:
Ahmed Mansoor – https://www.hrw.org/tag/ahmed-mansoor
CitizenLab’s full analysis – https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://wp.nyu.edu/itsecurity/category/alerts/
Lookout Security’s analysis – https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
Apple’s patch notes (iOS v.9.3.5) – https://support.apple.com/en-us/HT207107
Ars Technica news article – http://arstechnica.com/apple/2016/08/apple-releases-ios-9-3-5-with-an-important-security-update/