With the usual consternation, we see the end of the year is approaching apace*. That means it’s time to review what Father Christmas and his elves, gnomes and reindeers, if you happen to believe in them, have put under the computer security tree. Time to see what gadgets you can expect to protect you in 2023, and what goodies you can use to make your personal and professional life more secure.
Neither this year’s annual closure nor the New Year fireworks will stop any bad witches from poking into CERN. Like in 2022, when they kept the Computer Security team busy with the alleged extortion of 200 GB of data by some red-nosed script kiddies (where these 200 GB were found to be public files linked to CERN’s “root” software), two one-hour distributed denial-of-service snowball attacks against CERN’s outer perimeter firewall (which was nicely absorbed by the latter) and a “CEO-fraud” attack against one of our account managers aiming to steal some money (which was spotted before any transaction was approved). Internally, too, CERN was facing some “trouble”: remember our annual phishing campaign?
So, it’s time for some big presents! This winter, our elves and gnomes have filled your stocking with new anti-malware software for your personal devices used at home or at CERN for professional duties. Just take their voucher and install that protective software from the CERN app store for Windows (“ESET Endpoint Security”) or via the Mac Self-Service (“ESET Endpoint Antivirus”). On top of that, you’ll find some hardware tokens in your Christmas hamper. They call them “YubiKeys”, in either USB-A or USB-C style, ready to better shield your CERN computing account. Join the community of 1500+ people who have already enrolled for the CERN two-factor authentication scheme for ultimate silver bullet protection. And, if you’ve already done so, pass your YubiKey on to some colleagues who haven’t. Your personal present to them, handed over because you care and for their enjoyment. Last but not least, there are the usual gift cards: our security reindeers together with the unicorns in the IT department are just waiting for your feedback on how to better protect your systems and services, how to enhance their security stance and how to improve their software components and configuration. Just scratch off your scratch card to reveal that they are ready to help (ping them at Computer.Security@cern.ch to be sure).
Behind the scenes, our angels will continue to monitor your CERN computing account to spot weird abuses, like logins from “unusual locations” or when your password happens to be same as one that has been exposed via a data breach outside CERN. They’ll also continue to scan your devices, systems and services for vulnerabilities, weaknesses and misconfigurations, and keep a watchful eye for malicious network traffic, logins or scorched Christmas turkeys. You’ll get a Christmas card with the details of anything they spot.
We wish you brilliant and magical end-of-year festivities, surrounded by your friends and family. Whether you call it Christmas, Hanukkah or nothing at all, remember that our presents – the anti-malware, the YubiKeys, the consulting cards – are there to protect your digital life, give you more security and spare you from the digital evil of this world. For a Happy New Year. Cheers!
*Physicists estimate that the end of the year approaches at the unbelievable speed of about 86 400 seconds per day every day!
______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.