6. Keylogger Attacks
OxCERT has seen a recent large increase in numbers of compromised University accounts (SSO and Remote Access) being abused and believes that almost all of these cases are due to key-loggers or phishing attacks. To reduce further damage the following is now in place:
- All Oxford University passwords that have been entered on a system that has suffered a keylogger attack must be changed.
- OxCERT will request the usernames of people who have or are likely to have used the attacked machine within 30 days so that those details can be used to trace other incidents.
- OxCERT will not immediately disable affected SSO or remote access accounts unless there are signs of current abuse but will require their passwords to be changed before any network blocks are lifted.
- Remote Access accounts will have their password randomized so that once an account is unblocked the user can set a new password using online self- registration.
- As with any such attack it is extremely likely that other passwords, including those for other services within the University, online banking, etc., will have been disclosed. Please make sure affected users are aware of and understand the guidance at www.oucs.ox.ac.uk/network/security/keyloggers.xml
Please watch out for further details of these changes in the OxCERT reports, published at www.oucs.ox.ac.uk/network/security/reports/.