The following email from Cape Cod Community College President John Cox was sent to the college community this afternoon, according to CCCC spokesman Patrick Stone.
From: Cox, John
Sent: Friday, December 07, 2018 1:09 PM
Subject: College Network Security
Last week, several computers in the Nickerson Administration Building on the Cape Cod Community College Campus were attacked by a phishing scheme containing sophisticated, malicious malware designed to evade common antivirus software. As a result of this attack, College banking information was compromised and $807,130 was fraudulently transferred. The College has since identified and prevented several subsequent attacks on our network.
It is important to note that there is no evidence that any personally identifiable information or student/employee record was compromised. Payroll and other financial services will not be impacted, and the College is working with our bank to recover the remaining fraudulent transactions. To date, $278,887 of the funds have been returned and the recovery process is ongoing.
This attack on our College’s security demonstrates the power and danger of modern cybercrime. Despite ongoing cyber security training and continuous upgrades to the College’s network security, those with the power to execute a sophisticated malware attack found a way to do so. In order to combat these types of crimes, we must continue to invest in modern technology that identifies and eliminates these threats before they can detonate, and perhaps more important, we must all be vigilant in recognizing threats at our work stations.
After learning of this attack, our College took prompt action by identifying and containing the virus, then replaced all infected hard drives. The College is also continuing to install next-generation endpoint protection software campus wide, and is reinforcing security protocols with our employees. The College is also working closely with our bank and the Commonwealth, including the Comptroller’s Office, to protect against future attacks.
A criminal investigation is ongoing and the College is working with state and federal authorities.
We once again urge you to use the highest degree of caution upon receipt of unsolicited or unexpected emails or phone calls. You may be familiar with phrase “if you see something, say something.” This hyper-vigilance and practice is relevant to our cyber security as well as our physical security. If you are suspicious of any message or attachment you receive, please contact the I.T. Help Desk at extension 4004 immediately.
In the very near future, we will be rolling out more formal cyber security training for all our faculty, staff, and students.
I encourage you to attend College Meeting on Monday to learn more about what our College is doing to prevent future occurrences, and what you should be looking out for to protect yourself.