Meldungsnummer: 201909301446
Zeitraum: 30.09.2019
Betroffen: Information E-Mail Nutzung
Due to the actual threats situation and in accordance with Max-Planck-Society and Georg-August-University Göttingen GWDG changes the filtering of email messages, which users of MPG, University and GWDG receive from external senders via GWDG’s email service, beginning on September 30th 2019.
Threat Situation
Actually an increasing number of extremely dangerous viruses, especially the Emotet virus respectively trojan, are send via emails. Such incidents affected already many organisations massively. In recent days, news media already reported about such incidents, which in some cases lead to complete breakdowns of IT-systems of affected organisations.
Up to now, no damages of such attacks affected Göttingen University or GWDG. But attacks against email accounts at GWDG’s email service increase massively. To avoid dangers GWDG, MPG and University decided to change the filtering of emails and to reject emails with certain types of attachments for official e-mail addresses of the University and the GWDG.
Are emails that contain viruses not rejected anyway?
Yes, scanners are checking all emails received by GWDG’s email service for viruses and the service is rejecting all emails containing known viruses.
However signature-based virus scanners cannot detect very new viruses on their first appearance due to the system. In the actual wave of viruses continuous mutations of virus patterns are found, so that it is expected, that at some point such dangerous emails we not be recognised in time and email recipient, which trust into the virus protection of the servers, will receive seemingly harmless, but in reality dangerous emails.
Which filters apply to emails?
All emails with attachments that could potentially contain malware will be rejected. Such attachments are program files with file formats like .exe and .com, scripts like .bat, .cmd or .vbs, but also files, which contain macros.
Different formats of Microsoft Office Programs Word, Excel and PowerPoint belong to the last group.
The formats .docx, .xlsx and .pptx from the actual versions of Microsoft Office are NOT affected, because they cannot contain macros.
All emails with attached Office formats that contain macros like .docm, .xlsm and .pptm are rejected and also all emails with the attached outdated Office formats .doc, .xls and .ppt, if they contain actually macros.
The email service will no more deliver emails, which carry these dangerous attachments.
Senders of such emails will receive an error message, telling them, that the service refused to accept the respective email. The recipient receives an email from support@gwdg.de informing him that an email addressed to him has been rejected. This e-mail contains the details of the sender, the subject and the attachment causing the rejection.
How can I exchange files of blocked types instead?
Using emails to exchange data seems to be a convenient method. Occasionally this fails with large files, because email service providers limit sizes of attachments.
If email systems are blocking data exchanges due to size or kind of files, data exchange platforms are the method of choice- GWDG offers the service GWDG ownCloud for that purpose. It is not recommended to use external cloud services, because official data should be stored on storage systems, which are provided as official service. GWDG ownCloud meets this requirement and offers sharing of files and folders with external partners as well.
Platforms like GWDG ownCloud allow mutual editing of files. This saves users from repeatedly exchanging new versions of a document. This eliminates all the problems of keeping track of many versions stored at different locations. The use of such services not only solves file transfer problems, but offers benefits as well.
For particularly sensitive data, the MPG as well as the UMG each offer the service Cryptshare (for MPG operated by the GWDG). With Cryptshare not only the data transfer to the storage location is encrypted (as with GWDG OwnCloud), but also the storage on the servers. Thus, the operator has no technical means to view the contents of files.
Perspective
We will monitor the threat situation and check how long this measure must be applied.