This summer, the IT department’s identity management team, the mail team and the Computer Security Team rolled out additional measures to protect your account and your mailbox. While 2-factor authentication (“T2U4U2FA”) and malware-quarantining (“Fighting spam – the Boss Level”) are definitely intended to provide better protection to you, you are not yet off the hook: Attackers are on the prowl to continue luring you into clicking malicious links, QR codes, SMSes, or opening intoxicated attachments.
You might recall some of the malicious emails from the past, bad QR codes and SMSes, which attempted to social engineer our colleagues into transferring money, or which succeeded breaking into CERN computing accounts and produce fake invoices ─ where, fortunately, no damage happened. We ─ you! ─ are target. And the damage can be substantial: sabotaging accelerator operations and accelerator control systems under “your” supervision, manipulating data with “your” analysis jobs, mis-managing IT services via “your” administrator rights, redirecting money using “your” credentials, transferring personal data protected by “your” password, or tearing CERN into the dirt through “your” social media channels… The list is much longer. Just be imaginative what the malicious evil ─ given lots of time for reconnaissance and information gathering, an objective to do harm or for financial gain, and immense perseverance and all necessary resources to reach that goal ─ can do once it has access to your CERN computing account or to your computer. Think of the services and systems, data & documents your computer can access; think of the power and privileges your account has; think of your work and what can go wrong if this work is performed by a maliciously evil attacker; and then think of the consequences for CERN, its operations and reputation. You got the picture: One wrong click on one malicious link in a webpage/email/WhatsApp message/Instagram feed/SMS, one wrong scan of a malicious QR code, and the lights go off for CERN. Boom! For much longer than repairing a bellow.
Hence, this is why we ask you again and over again to “STOP ─ THINK ─ DON’T CLICK” before accessing a link. And today we ask again, as we are still being requested to “de-quarantine” emails, i.e. to deliver emails which our SPAM filtering system has blocked, emails which have been detected to surely be malicious*. We can and must do better! “STOP ─ THINK ─ DON’T CLICK”: Do you know the sender of the link? Do you expect a message from her/him? Do its contents relate to you, your life or your work? Is it written in a language you understand? Do you trust the corresponding website, the URL the link points to?
If you just answered one question with “no”, stop here. Stay vigilant and careful. Delete the message or check with us at Computer.Security@cern.ch when in doubt. While our “ActiveGuard” mail quarantine is supposed to protect your mailbox from malicious emails and email attachments, while our outer perimeter firewall is supposed to protect against malicious incoming network traffic, while 2-factor authentication is supposed to protect your account from being abused (check out here how to configure your 2-factor token if not done yet), and while the Organization takes every measure to stay resilient and have business continuity and disaster recovery measures in place, you are still an important line of protection. Just “STOP ─ THINK ─ DON’T CLICK” for a securely protected Organization. As the next attack might just be around the corner.
*Admittedly, the SPAM filtering is not 100% perfect, so some de-quarantine requests do make sense… Still, please… “STOP ─ THINK ─ …”!
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.