Two separate news items about hacking intrusions have caused me to lose sleep this week. The attacks weren’t against public libraries, but both are against organizations that are enough like public libraries to signal that it’s increasingly likely that one of us will fall victim (as libraries in St. Louis and Spartanburg already have). These stories are a wake-up call. We all know that we need strong passwords, and to keep current on system and program updates, especially security patches; those are first lines of defense against ransomware attacks. But we also need to train ourselves and our clients not to fall victim to increasingly targeted and sophisticated phishing attacks–attacks against our patrons that appear to come from libraries.
- Iranian hackers broke into systems used by 8,000 American professors [MIT Technology Review| Jamie Condliffe] “The hackers broke into systems at 320 universities in 22 countries, including 114 American universities. They stole research that ‘cost the universities approximately $3.4 billion to procure and maintain.'”
- Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment [PhishLabs | Crane Hassold] “While the indictment details the finely-crafted spear phishing campaigns targeting university professors, the attacks tracked by PhishLabs also involved the general targeting of university students and faculty to collect credentials for the victims’ university library accounts.”
- The Ransomware that Hobbled Atlanta Will Strike Again [Wired | Lily Hay Newman] “If all the other high-profile ransomware attacks that have occurred over the last few years haven’t been enough to scare institutions and municipalities into action, maybe the Atlanta meltdown finally will.”
- 4 Lessons Your Organization Can Take From Atlanta’s Ransomware Attack [Entrepreneur | Samuel Edwards] “At this point in 2018, it’s inexcusable for any organization – regardless of whether it’s an entire city government or a small business – not to have a robust cyber security strategy in place. Instead of just looking on and shaking your head at the situation brewing in Atlanta, make sure you’re taking this as a valuable opportunity to learn.”
From the Ohio Web Library:
- SentinelOne. “Survey: 53 Percent of Organizations Blame Legacy Antivirus Protection for Failed Ransomware Prevention.” Business Wire (English), 3.
- Goel, Sanjay, et al. “Got Phished? Internet Security and Human Vulnerability.” Journal of the Association for Information Systems, vol. 18, no. 1, Jan. 2017, pp. 22-44.
- Rash, Wayne. “New Survey Finds 10 Percent Failure Rate in Email Security Systems.” Eweek, 20 Dec. 2017, p. 1.