Like during the rise of the coronavirus two years ago, malicious actors are taking advantage of the current global political situation to pursue their criminal deeds. Phishing. Distributing malware. Abusing computing resources. Exploiting this situation of fear, uncertainty and doubt (FUD) to spread misinformation, or creating incentives to make you click on the wrong message, email or QR code. Contrary to during COVID, however, these actors are also calling for help. Asking people to run offensive tools to help them further their deeds and interests. On behalf of CERN, therefore, we ask you to stay exceptionally vigilant and calm.
Be exceptionally vigilant when you receive emails coming from unknown senders or containing unsolicited content. Be careful when opening attachments or links. The same holds true for WhatsApp/Telegram/Signal messages and links therein. And for QR codes. Tame your curiosity and use “STOP – THINK – DON’T CLICK” as the best mantra to avoid endangering your computer, your digital life and the functioning of CERN. Pause when a message arrives from someone you’ve never encountered before, and remember that email senders can easily be spoofed. Consider also the content. Does it make sense to you? Does it speak your language? Does it play on your curiosity? Or fear? Or guilt? Does it try to force you to open the attachment or the link? Just STOP – THINK – DON’T CLICK and cross-check with us at Computer.Security@cern.ch.
Stay calm and do not engage with the pleas of some (other) actors. Do not follow calls to run offensive software, like those used to run distributed denial of service (DDoS) attacks against thirty-party websites. Operating such tools on CERN equipment or the CERN network is in violation of CERN’s Computing Rules (OC5) and any deliberate and conscious operation of those tools will be followed up. Similarly, running such tools at home might be illegal and/or make your ISP believe your computers are infected and block/throttle them.
While we in the Computer Security team are actively monitoring for any attack against our mailboxes and computing facilities, for any abuse of our computing resources, we ask you once more: be exceptionally vigilant and stay calm. Help us to keep the Organization secure.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.