QU raises cybersecurity concerns amid war in Ukraine
March 1, 2022
With the political unrest between Ukraine and Russia, Quinnipiac University urged its community to remain vigilant about email scams that could potentially infiltrate the university’s technology system.
Quinnipiac’s information security department has received several warnings regarding phishing messages sent to the university’s community, according to a Feb. 25, email from Chief Information Security Officer Robert Jasek.
Although Jasek said that he doesn’t believe that there’s currently a threat at Quinnipiac, he said it is important for the community to remain cautious due to the war between Ukraine and Russia.
After years of tension between the two countries, forces from Russia invaded Ukraine Feb. 24, with Russian President Vladimir Putin referring to the invasion as a “special military operation.”
Given the history of Russian hacking groups using malicious software to breach information from other countries, including a 2015 cyberattack on Ukraine, Jasek said there are currently information security concerns in the U.S.
“It is a known thing that we do see attacks from (Russia),” Jasek said. “What we’re worried about is if something spins off from an attack on Ukraine.”
Jasek said hackers typically breach networks in other countries by using phishing and scam emails to coerce users into sharing personal information or click on external website links. He said emails targeting Quinnipiac students often include offers for fraudulent job opportunities.
Despite some being aware of these internet invasions, Jasek said students can potentially be susceptible to the emails while facing the demands of being a college student.
“When you’re distracted with all your schoolwork, you’re on autopilot, you’re not really thinking and you see this email and say ‘Gee, I could use the extra money,’” Jasek said. “You’re going to do something like respond to them and you’re going to click on a link.”
Hackers typically ask for personal information such as an address, cellphone number and banking information. Some emails will prompt users to click a website link, which when clicked, can introduce malicious software on the user’s computer. If the computer is connected to Quinnipiac Wi-Fi, hackers can then gain access to the university’s network.
“That’s the bigger concern for us at this point, because once they get inside our network it’s really hard to find them,” Jasek said. “Typically the way defenses work is you’re trying to stop badness from coming in, and you’re sort of assuming that goodness on the inside is goodness.”
Quinnipiac’s information security department has taken efforts to promote vigilance against fraudulent emails in recent years.
In June 2021, Jasek notified the community of the addition of a banner at the top of email messages coming from outside Quinnipiac’s network. The cautionary message notifies the recipient that it “originated from outside of the organization” and to not “follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.”
Despite the urge for vigilance, some students say they are not concerned about the potential for suspicious messages.
Alexandra Peña, a sophomore nursing major, said she has received untrustworthy job offer emails in the past and can typically detect when a message is not legitimate.
“It’s pretty easy to pick out that it’s not Quinnipiac for the reason of all the typos,” Peña said. “I do feel like it’s kind of weird. Some people can believe it so I feel like it’s a little concerning. But I feel like most people know what’s real and what’s not.”
However, Peña said the ability to identify fraudulent emails depends on each person’s individual experience with online literacy.
“If you have some sort of experience or you can easily recognize these things, I feel like you should be OK,” Peña said. “There are people out there that are easily susceptible just for the reason that they don’t know. I feel like it really depends.”
Marc Gartenburg, a junior finance major, said he is concerned about phishing messages because he’s known victims of hacking.
“I know people who have (been hacked) and it’s definitely frightening,” Gartenburg said. “You have to go out and tell people like ‘I didn’t send that message.’ It’s frightening and also something you don’t want to have to deal with.”
With Russia’s history of targeting cyber information from other countries, Gartenburg said the current conflict in Ukraine exacerbates hacking worries.
“It definitely makes me feel concerned because I don’t want my information out there in the wrong hands, no one does,” Gartenburg said. “As we’ve seen in the past, Russia is very good at (hacking) … Apple could be next and a lot of (Quinnipiac students) are iPhone users so it’s scary.”
Any student who believes they have received a fraudulent email is encouraged to forward the message to [email protected], or to call the information security office at 203-582-3625. Jasek said the office will verify the sender and the con- tents to ensure it is safe for students to open and or respond to.