We are InfoSec: Information Security Office at KAUST IT.
Our goal this month: To increase your awareness on how to identify signs of malicious activity and learn when to report incidents.
KAUST provided machines are reasonably protected from known cyber-attacks, most of the time. They have anti-virus and antimalware applications such as Traps pre-installed to protect from malicious infections from websites and software.
However, if you are using a machine NOT provided by KAUST, you may NOT be sufficiently protected since personal machines predominantly DO NOT have the advanced software to keep data on machines secure. Therefore, using personal devices for work can potentially pose a security risk and must be done with caution.
Here are examples of indicators that might help you determine when under attack:
- Anti-Virus Alert: Your anti-virus program has triggered an alert that your system is infected, particularly if it reports that it was unable to remove or quarantine the infected files.
- Browser Hijacked: Your browser’s homepage has unexpectedly changed, or your browser is taking you to websites that you did not want to go to. For example, Ads showing up and redirecting the pages you are visiting.
- Unusual Behavior: There are new accounts on your computer or device that you did not create, or new programs running that you did not install.
- System Pop-ups: Your computer or applications are constantly crashing, there are icons for unknown apps on your desktop, or strange windows keep popping up.
- Unexpected Authorization: A program requests your authorization to make changes to your system, though you are not actively installing or updating any of your applications.
- Password Changed: Your password no longer works when you try to log in to your system or an online account, even though you know your password is correct. Once a cyber-criminal has compromised an account, they often change your password to block you from getting back in.
- Account Hijacked: Friends ask you why you are spamming them with emails or messages that you know you never sent.
- App Permissions: Your mobile device is causing unauthorized charges to premium SMS numbers, or suddenly has unexplained, very high data or battery usage.
- Software Installation: Software you may have accidentally installed can be suspicious. Sometimes installing software that you did not intend to install may end up infecting your computer.
THE SOONER YOU REPORT THE BETTER
If you believe your computer or device has been hacked, do not try to fix the problem yourself. Not only could this cause more harm than good, it could also end up destroying valuable evidence that can be useful for an investigation.
Always be sure to report incidents to IThelpdesk@kaust.edu.sa as soon as possible and make sure you inform that you are suspecting a compromise. You can also contact the Information Security Incident Response Team at isirt@kaust.edu.sa.
If for some reason you cannot contact us, or you are concerned about a delay, disconnect your computer or device from the network and then put it in sleep, suspend, or airplane mode. In case you were skeptical about the hack, it is far better to report than to ignore.
KAUST INFOSEC INCIDENT RESPONSE TEAM
KAUST has a highly trained Information Security Team dedicated to helping protect you. These professionals are experts who understand tactics used by cyber attackers; how they attack and what can be done to defend against them. KAUST’s Incident Response Team has helped design and deploy many of the tools and procedures we are using to secure KAUST. Our team is constantly monitoring our networks and looking for the latest possible attacks. However, with all that said we still need your help. We need you to report any security incidents that you may come across. It is often employees like you that are the first to notice suspicious behavior or come across something wrong.
We will be happy to hear from you; we know you are trying to help.
Contact us, we would be happy to help:
– To report an incident – ithelpdesk@kaust.edu.sa
– For general security inquires – askinfosec@kaust.edu.sa
– For more info about our department visit –https://it.kaust.edu.sa/infosec
KAUST IT
it.kaust.edu.sa
We make IT happen!
