Cyber Security Quarterly Newsletter 
SEPTEMBER 2022 – Volume 1 Issue 3

 Summer Shoutouts. Stay Cool in Summer.

As we say goodbye to summer breaks and start again welcoming students back to campus for the Fall Semester we want to welcome you back with the next edition of our newsletter. Turn up the heat on cyber attackers by implementing good password hygiene so you can stay cool knowing your better protected.

Infosec wants to give a big shout out to all of you who report phishing emails to us. We can’t emphasize enough how much this helps us identify phishing emails and inform others in the community. Your efforts help keep Chapman students, faculty, and staff safe! We’ll talk more on that in the scams to look out for section down below.

• Cybercriminals can gain access to: money, financial data, mailing lists, important files, sensitive data, as well as servers, systems, and networks all from a simple phishing email (Proofpoint)
• The U.S. was the target of 46 percent of cyberattacks in 2020, more than double of any other country (Microsoft)
• 43 percent of all breaches are insider threats, either intentional or unintentional. (Checkpoint)
• Internet users have grown by 7.6 percent over the past year to reach 4.72 billion, which equates to more than 60 percent of the world’s total population.
• Attackers send 6.2x more phishing emails to corporate inboxes than personal inboxes (Proofpoint)

Security advocate Katrina Thompson says, “Many are still using “password” or something easily guessed, like an email account. Also, many passwords have been compromised in highly publicized breaches and are now floating around dark web forums – for sale or free. And while good security hygiene dictates you should not reuse your password across platforms and applications, many do.”¹ According to a report on the psychology of passwords from 2020, 42% of surveyors reported that having a password that is easy to remember is more important than having a secure password. Furthermore, 66% of individuals reuse old passwords (or variations of it) even though they know it’s not safe².

Follow these simple steps to help keep your password safe:

• Longer passwords are better than shorter ones with a variety of characters
• Don’t reuse passwords or variations of passwords
• Be careful of where you enter your password. Phishing scams are the easiest way to steal credentials.
• Using a password manager helps with password reuse and creating long strong passwords without you having to remember each one.

Please also reference our recently updated blogpost about password security:

1) https://www.computer.org/publications/tech-news/trends/what-is-modern-authentication
2) https://blog.lastpass.com/2021/09/breaking-the-cycle-of-password-reuse/

Passwords
Do you know how long it takes to crack a password? Hive Systems reports that short passwords containing upper and lowercase letters, numbers and symbols can be cracked almost instantly?

https://cdn.digg.com/wp-content/uploads/2022/03/04200125/Square.png

Bug Bounties
Pwn2Own is a hacking contest where security researchers come together to identify and demonstrate vulnerabilities in devices and software. Companies who participate in Pwn2Own give prizes out to those who find weaknesses in their products. In 2022, over $1,000,000 in prizes were given to those who identified security weaknesses³.

It’s important to note that these companies give their express permission for researchers to look for vulnerabilites. Searching for vulnerabilities on systems without a company’s consent can get you into legal trouble.

3) https://www.zerodayinitiative.com/blog/2022/1/12/pwn2own-vancouver-2022-luanch

Unicef Job Scams
Unicef is a legitimate organization who helps provide humanitarian aid to children worldwide. We applaud them for their efforts. However, attackers have taken notice of their efforts and are impersonating Unicef for nefarious purposes. We have seen an increase in job scam emails from individuals pretending to be from Unicef. While primarily targeted at students, staff and faculty can assist in keeping others safe by being aware of the following:

• Unicef only advertises its employment opportunities on its global career website, vacancies pages, or on the websites of their national committees. They also utilize established newspapers, media, and professional platforms like Linked in. Find their official information at unicef.org
• Scam offers tend to look too good to be true.
• Scammers often ask to divulge personal or banking information right from the start.

Remember: Chapman provides examples of type of various scams & phishing attacks at chapman.edu/scams.

**Infosec is always looking for feedback. If you have comments/suggestions/items you would like to see focused on in the newsletter, please email us at infosec@chapman.edu