IT News

Critical Information: Credible Cyberthreat

October 2020

On Wednesday, October 28, 2020, the University was notified of an imminent cyberthreat that was made against hospitals and health systems throughout the U.S. The warning came from the Department of Health and Human Services (HHS), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). The cyberthreat did not specify the University of Miami Health System or South Florida but was considered extremely credible. Although the threat was specifically for hospitals and health systems, anyone on the University network could have been a source of entry to the entire University system.

We'll continue to monitor the cyberthreat, and encourage everyone to stay vigilant. There has been no known impact to the institution. 

In an abundance of caution, the following actions have taken place:

• Access to Google Drive and Google Docs was blocked from the UM network. You may access them outside of the UM network. As of Monday, November 2, 2020, access to these services was restored on the Coral Gables and Marine campuses.
  • Note: Google Drive links sent via UM email will be blocked by the University's Safe Links protection feature. If you need to access a specific Google Drive link sent via email, please copy and paste the original URL into the web browser.
• Access to email services commonly associated with personal use (Gmail, Yahoo, Hotmail, etc.) have been blocked from the UM network. You may access them from outside the UM network.
• Please contact the UMIT Service Desk at help@miami.edu or 305-284-6565 if you have an urgent need to access one of these services from the UM network.
• An alert system has been put in place to notify you that an email you have received has been sent from an external source. Please take extra caution when opening email or clicking links or attachments when you receive these alerts. They are provided as a visual reminder for you to confirm the sender is a trusted source before opening. Learn more.
• The sensitivity filter that detects spam/phishing has been increased. You may need to check your "Junk Email" folder if you are expecting an email and do not receive it. Learn more.
• The Remote Desktop Protocol (RDP) client on CGCENT domain managed devices has been disabled. Learn more.
• Jackson Health System has blocked all external email applications and Remote Desktop Protocol (RDP) at Jackson facilities, including access to UM email and/or remote access to a UM computer. Learn more.

It is important that you always follow the best practices below:

• Do NOT open any documents or attachments from an unknown source.
• Do NOT click on any links that are sent to you from an unknown source.
• Report suspicious emails or if you opened an attachment or link from an unknown source.
  • If you suspect a message to be a phishing attempt, you can quickly report it using Outlook's "Report Message" feature. If you are not using Outlook or the feature is not available, you can forward the phishing email (as an attachment) to phish@miami.edu.
  • If you are victim of phishing, e.g., you clicked a link and/or downloaded an attachment from a suspicious source, please contact the UMIT Service Desk at: 305-284-6565 or help@miami.edu, as well as the Information Security Office (ISO) at: infosec@miami.edu. 

For more information about phishing, visit: it.miami.edu/about-umit/it-news/phishing/.

New Alert System When Receiving External Email

A new alert system has been put in place to notify you that an email you have received has been sent from an external source. This new security feature is intended as a precaution to protect both you and the University, since malware can spread quickly and infect the entire network.

For emails originating from a non-miami.edu email address, you will see a flag in the subject line with the word [EXTERNAL]. You will also see a banner that notifies you that the email is not from an internal source.

Please take extra caution when opening email or clicking links or attachments when you receive these alerts. They are provided as a visual reminder for you to confirm the sender is a trusted source before opening.

See an example below:

Spam/Phishing Filters Sensitivity Increased

The University has increased the sensitivity of our email spam/phishing filters. If you were expecting an email from an external sender and have not yet received it, please check your "Junk Email" folder in Outlook.

Identifying Safe Senders

If you find a message in your "Junk Email" folder that should not be there, please first review and confirm the senders information, e.g., confirm their email address is valid and is from a trusted "@" domain. Then, click on the email recognized as trusted and select "Junk" on the Outlook toolbar. Select "Never Block Sender" and this email address will be added to the safe senders list and messages from this email address will no longer be sent to the "Junk Email" folder. For reference, see the screengrab below:

Access Email Quarantine

Quarantine is used by Microsoft to determine if an email has a high likelihood of being spam. If the message is suspected to be spam, Microsoft automatically places the message inside the quarantine box. These suspected spam messages never reach your inbox. The University provides all students, faculty, and staff access to their quarantine folders at: miami.edu/quarantine

Please be sure to check your quarantine folder on a regular basis, as messages that are not spam may be inadvertently quarantined by the system. (Note: Retention of quarantined messages has been extended to 30 days to provide more time for release of legitimate mail.) You can also opt in for the spam digest, which provides a list of your quarantined email since the last digest.

If you have any questions, please contact the UMIT Service Desk at 305-284-6565 or help@miami.edu.

Remote Desktop Protocol (RDP) Disabled on CGCENT Domain Managed Devices

The University has disabled the Remote Desktop Protocol (RDP) client on CGCENT domain managed devices. This means that devices, e.g., desktop computers, laptops, etc., connected to the University network will not be able to establish a remote desktop connection.

RDP enables people to connect to an on campus device over a network connection; however, RDP uses a port which is commonly used by cybercriminals to load malicious payload onto computers and take control of devices.

If this change affects your ability to provide support to your business unit(s), please contact the UMIT Service Desk at 305-284-6565 or help@miami.edu.

Accessing UM Email While in Jackson Facilities

Please be advised that Jackson Health System has blocked all external email applications and Remote Desktop Protocol (RDP) due to the current cyberthreat. This means that UM faculty and employees working within Jackson facilities cannot access their UM email account and/or use RDP to remote into a UM computer from a Jackson facility. If you need to access your UM email account while in a Jackson facility, you may do so by:

• Using the UM virtual private network (VPN)
• Using the Jackson guest WiFi network
• Using your mobile cellular service

The University only blocked email services commonly associated with personal use, so there should be no disruption in accessing Jackson emails within UM facilities. If you need IT assistance, please contact the UMIT Service Desk at 305-284-6565 or help@miami.edu.