Lots has been written in the past about the importance of being vigilant when browsing the web, opening e-mails and their attachments, or when installing third-party software. Remember to “Protect your family” (https://home.cern/news/news/computing/computer-security-protect-your-family) against “An old scam in a new disguise” (https://home.cern/cern-people/updates/2018/08/computer-security-old-scam-new-disguise) i.e. “Malware, ransomware, doxware and the like” (https://home.cern/cern-people/updates/2018/03/computer-security-malware-ransomware-doxware-and)? But we never spoke specifically about CERN…
In the past, attackers were targeting end-users. You. Me. Our families. Everyone. Trying to get hold of your PC, your laptop or your smartphone. Obtaining illicit access. Sniffing out all your passwords. Reading your personal documents. Watching you via the embedded webcam. Listening to you using the embedded microphones. And eventually encrypting your hard disk. Once that’s done, they will blackmail you by asking for money in exchange for the decryption key. And threatening that, if no money is provided, all data will be purged (“Ransomware - when it is too late...”; http://cds.cern.ch/journal/CERNBulletin/2016/20/News%20Articles/2151917?ln=en). With this threat becoming less successful, attackers have started threatening instead to expose your data. Mobbing you. Shaming you. Exposing your intimate details (“Enter the next level: Doxware”; https://home.cern/news/news/computing/computer-security-enter-next-level-doxware). This is why, assuming that you value your privacy and prefer to avoid problems, it is essential to be vigilant when browsing the web, to STOP – THINK – DON’T CLICK on links and URLs received from unknown people, and to pay additional attention when answering e-mails, clicking the links therein, or opening any attached documents (“Click me – NOT!”; https://home.cern/news/news/computing/computer-security-click-me-not).
So what about CERN? While CERN has many protective measures in place (https://cern.ch/security/services/en/index.shtml) to avoid large scale infections of CERN-hosted PCs, laptops and smartphones, and while CERN’s central storage system should provide sufficiently secure and independent back-up solutions for you and your professional data (https://cernbox.cern.ch), the ultimate security of the Organization depends also on you: Sec_rity is not complete without “u”! In particular, attackers have now started to deliberately target companies, enterprises and organisations, and blackmail them by threatening not only to encrypt their (confidential) business data, but to expose that data on public webpages if the affected company does not pay the requested ransom (https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/)... Admittedly, if they want to expose our physics data, we might even want to help them, but CERN also holds some confidential business data (contracts, NDAs), personal data and the like (“Coming soon: A pragmatic Data Protection Policy for an open Organisation”; https://cds.cern.ch/journal/CERNBulletin/2014/10/News%20Articles/1665387?ln=en) that is worth protecting.
So, just like at home please do the same at CERN: be vigilant when browsing the web, STOP – THINK – DON’T CLICK on links and URLs received from unknown people, and pay additional attention when answering e-mails, clicking the links therein, or opening any attached documents. Let us know if you spot something malicious, suspicious or dodgy. And let us know if you have fallen victim to an attack so we can remedy the problem together. Just ping us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report (https://cern.ch/security/reports/en/monthly_reports.shtml). For further information, questions or help, check our website (https://cern.ch/Computer.Security) or contact us at Computer.Security@cern.ch.