AUGUSTA, Ga. – Georgia Regents University will present a summit focused on advances in cyber security and ways to promote cyber education Oct. 23 on campus. The summit will be hosted by U.S. Senator Saxby Chambliss (R-Ga.) and feature leaders from the Department of Defense and National Security Agency, including keynote speaker Admiral Michael Rogers, NSA Director and Commander of U.S. Cyber Command.
“As our nation continues to face growing cyber security threats from around the world, cyber education is critically important to strengthening our ability to defend our systems from future attacks,” Chambliss said. “I thank Georgia Regents University for recognizing the value of cyber education and the need to develop curriculums that will train and equip the men and women tasked with protecting our country. I am honored to host this summit that aims to explore the very serious cyber security risks to our nation, improve our armed forces, enhance our education system, and help make Georgia and our nation more secure.”
The summit will begin at 10:30 a.m., with remarks from Senator Chambliss and Admiral Rogers. The remainder of the day will feature opportunities for leaders from the Department of Defense, NSA, and institutions of higher education to meet with university, industry, and community members to discuss ways to implement cyber security curriculum into the classroom and into the community.
“As a leading academic health center located in close proximity to a large military base, we must continue to look for ways to support our military community,” said GRU President Ricardo Azziz. “One way educational institutions can serve this population is to offer a curriculum central to the needs of the men and women of the military. We have already made strides at our university and health system in this area but much more is needed.”
“We’re grateful to Sen. Chambliss and Georgia Regents University for bringing together this event in support of both national security and education,” said Maj. Gen. LaWarren V. Patterson, the commanding general of the U.S. Army Cyber Center of Excellence and Fort Gordon. “Cybersecurity is a critical issue facing our nation, and this initiative has enormous potential to help prepare our young people to protect the nation’s sensitive data, both in uniform and in the private sector. Moreover, GRU’s leading role in this event is another example of the strong partnership Fort Gordon shares with the university and the entire Central Savannah River Area community. We look forward to participating in this tremendous effort.”
For more information please visit http://www.gru.edu/cybersummit
On March 28, 2013, nearly 400 Georgia Regents email accounts received a message titled,
1 New Message:-
The email itself was quite simple. It stated the recipient had one important new message, which had to be viewed by visiting a weblink. The link opened a web browser to what appeared to be the GRU Outlook WebAccess (OWA) login page. The recipient would have to login to OWA to view the message, which seems correct. A login attempt to OWA appears to fail and direct the individual back to the login page. The second login succeeds, but there is nothing in the email account that appears to be important, so this must have been a computer error… or was it?
This seemingly innocent but important email was one of the most targeted phishing attacks experienced by our institution. We are going to examine both the message and the website as an exercise to better equip GRU faculty, staff, and students to recognize and repel a phishing attack.
Let’s first take a look at the email message itself:
Several things should be noted when examining this message. The first thing that should be noticed is the institution is referred to as Georgia Health Sciences University. Official Information Technology Services communications have been updated to correctly reflect the new name of our new University. The next anomaly is that the From: and Reply-To: addresses contain an @pace.edu address. Any official GRU communication will not originate from another university email system. The third incongruity is the message subject contains [BULK/SPAM]. This is a flag placed on the message by our anti-spam/malware protections to notify the recipient there is content that is suspicious, but did not meet the rules to block the message for delivery.
Up to this point, this attack really was not much different from the phishing attacks experienced nearly every day by our customers. This attack deviated from the norm when the site in the email was visited:
The page appears in all ways but one to be the official Georgia Regents University Outlook WebAccess login page. Even the logo has been copied from our official site to raise the legitimacy of the phish. The only visible difference is the web page name in the address bar: ninoceram.ir/docs/owa.gru.edu.htm. This is not a GRU website. The legitimate login sites for GRU web mail are https://owa.gru.edu for the Health Sciences campus and www.outlook.com/aug.edu for the Summerville campus. This false page captured any login credentials entered into it then redirected the browser to the true GRU Outlook WebAccess site.
Information Technology Services identified the computers that visited the malicious site, and has contacted the computer owners and instructed them to change their password if their credentials were entered into the phishing site. Steps were also taken to block the phishing web site. If you believe your account credentials may be compromised due to this attack or another attack, please contact the ITS Service Desk at 706-721-4000 or firstname.lastname@example.org.