In January the University was again targeted by external attackers with emails containing malicious attachments that attempts to download malware to capture user login credentials. This attack was similar to the major incident in November in that the emails purported to provide information about quotes, itineraries and invoices but actually contained macro-enabled Microsoft Office documents designed to download keylogging malware known as Dridex.
IT Services successfully mitigated the recent attack, preventing an outbreak of malware and follow on issues. This was due to the technical and procedural measures implemented during and following the first attack, which include:
- Enhancements to our email security defences with Nexus blocking the delivery of large numbers of malicious emails;
- Updated anti-virus signatures and the introduction of behavioural analysis to quarantine suspicious files;
- Improved network monitoring and detection capabilities to identify malicious activity quicker;
- Configuring the managed desktop estate to automatically disable macros; and
- Improved communications and engagement with IT Support Staff and users across the University.
The University will remain under threat from these sorts of attack in the future so whilst we continue to develop our technical security measures, we ask that users remain vigilant and report malicious emails to firstname.lastname@example.org.