Campus has seen a drastic increase in the number of phishing attempts we receive from compromised UIUC student senders. The Privacy & Cybersecurity team identified several actions for prevention, mitigation and reduction and shared them with IT Security Liaisons and IT Council. They will be rolled out in phases.
Three steps will be taken this month.
- Requiring Two-Factor Authentication for compromised accounts
Since the addition of Duo 2FA to the staff and faculty login process, there has been no significant impact from compromised accounts among these groups. As a step toward enrolling all students in 2FA, anyone whose university email account has been compromised will automatically be enrolled in 2FA.
- Simplifying Spam Reporting
We will enable a new spam reporting Outlook add-in that makes it simple and quick to report suspicious email. The tool from Proofpoint appears in your Outlook toolbar once installed. It has been beta tested and user feedback is positive.
- Adding Email Address Limits (rate limiting)
Attackers send great numbers of email messages as a routine tactic. To help stop large volume attacks, we are establishing lower set limits on the number of addresses that email accounts can send to from a Microsoft O365 account for a single message. The university has identified best practices and tools for sending Massmails, and users will be directed to these solutions and to an exception process on a case-by-case basis.
The Cybersecurity Operations Center (CSOC) has been working 24-hours-a-day to keep data, assets, and privacy from being compromised. Cyberattacks will continue to evolve and improve. These actions and others will help reduce compromised accounts and make prevention and trapping tools work better.
Messages to specific user groups with instructions and resources regarding additions and changes are forthcoming.
The security investment is allowing us to dedicate resources and tools to this effort. I will continue to keep you informed regarding threats and the solutions we have for reducing and eliminating them.
Interim Chief Privacy and Security Officer