Educause Security Discussion mailing list archives
Re: Unusual pattern of compromised accounts
From: Andy Hooper <hooper () QUEENSU CA>
Date: Mon, 29 Jan 2018 09:29:33 -0500
The payroll direct deposit attack is not unusual. Some make the newspapers, e.g. Boston and Calgary. The attackers may save up the passwords for a while before use. Watch for IP addresses that log in to more than one user name. - Andy Hooper - IT Services - Queen's University - Pollock, Joseph wrote on 2018-01-26 4:17 PM:
Has anyone observed the following: 1. A cluster of compromised accounts with no indication of a common factor such as clicking on a phishing link. Users have no idea how the compromise occurred. 2. The culprits change the user’s direct deposit authorization 3. They may have been familiar with the Banner system. 4. No other activity was observed. We are looking for other indications, such as compromised desktops, but have found nothing as yet. Please reply outside the list if you wish. Joe Pollock Network Services The Evergreen State College
Current thread:
- Unusual pattern of compromised accounts Pollock, Joseph (Jan 26)
- Re: Unusual pattern of compromised accounts Haselhoff, Brent (Jan 26)
- Re: Unusual pattern of compromised accounts Pollock, Joseph (Jan 26)
- Re: Unusual pattern of compromised accounts Robert Smith (Jan 26)
- Re: Unusual pattern of compromised accounts David Santos (Jan 26)
- Re: Unusual pattern of compromised accounts Chris Grooby (Jan 26)
- Re: Unusual pattern of compromised accounts Hiram Wong (Jan 29)
- Re: Unusual pattern of compromised accounts Andy Hooper (Jan 29)
- Re: Unusual pattern of compromised accounts Arffa, Letheshia (Jan 29)
- Re: Unusual pattern of compromised accounts Haselhoff, Brent (Jan 26)