GBC systems hit with Trojan horse attack

Email for health sciences and community services staff went down for two days before being restored

From Jan. 19 to 21, the email system in the centre for community services and health sciences at George Brown College (GBC) was unavailable for faculty, staff and administrators.

Andrew Riem, GBC’s director of ITS infrastructure and operations, explained that the databases responsible for the email, started to “grow out of control.” At the same time, when the department was investigating the situation, the college’s anti-virus software reported that there were four viruses on the system.

“We assumed that the viruses that we had and the email database (running) out of control were related,” said Riem.

But after investigating, Riem found that the viruses were effectively quarantined and removed by the college’s anti-virus protection before there was any damage to the mailboxes. The reason why the mailboxes went down is still a mystery, but Riem believes that something in email databases became corrupted before being fixed.

The viruses found were Trojan horses, which Kaspersky, a global cybersecurity company, defines as a “type of malware that is often disguised as legitimate software that can be employed by cyber-thieves and hackers trying to gain access to users.”

When Trojans get on a computer system, they can delete, block, modify and copy data as well as disrupt the performance of computers and their networks.

Last year, The Dialog reported that post-secondary schools work with a large amount of sensitive information, making them targets for hacking.

“A lot of people don’t realize that high reputation institutions such as universities and colleges are a prime target for cyber criminals,” said David Shipley, CEO and co-founder of Beauceron Security, a digital security company.

In 2016, the University of Calgary paid $20,000 in ransom after a cyber attack to its systems. Last November, it was reported that the University of the Fraser Valley was attacked by hackers who threatened to release students’ information if the school didn’t give them $30,000. The institution had to suspend access to its web systems and email for days and the personal information of 29 students was compromised.

According to Riem, one of the challenges to keeping the GBC system safe is that while the college has strong information security, with anti-virus programs on all computers, it doesn’t control the personal devices used by professors, staff and students. As a consequence, these devices can be an entrance door for attacks to GBC’s system.

“Because we have to allow people to use their personal devices to connect their network, we are always going to taking a risk,” said Riem.

According to a Canadian Chamber of Commerce survey 52 per cent of companies in Canada who responded said they experienced business losses in 2016 due to cyber crime, with 12 per cent reporting losses of over $1 million. The average cost of a data breach was $6 million.

With files from Natalia Pizarro Silva


GBC systems hit with Trojan horse attack