On Thursday, September 19 at 4:30pm, ITS staff will be updating an SSO security certificate related to Blackboard logins. The update will not make Blackboard unavailable, but it may cause your course materials to appear unavailable. If you experience issues accessing your course materials, fully quit your browser, restart it, and log back in to Blackboard. 

If you have any access issues with Blackboard after this update, contact us by submitting a ticket though the ITS service portal or by calling the Support Center at 515-271-3001.

–Becky Klein, ITS

Claire, an IT technician on a beautiful college campus, handles cybersecurity for faculty and staff. One fall afternoon, she receives a frantic call from a professor who suddenly can’t login to their email account. Claire quickly realizes something is wrong when the system logs show multiple unauthorized login attempts, including from overseas. She asks, and the professor recalls approving a strange MFA notification earlier that day, assuming it was a routine verification. Within minutes, the attacker hijacked the account, gaining access to sensitive student records and research files. The breach sends ripples through the campus, shaking the college’s reputation and causing panic among faculty and students alike. Claire knows that a single MFA hijack has put years of work and trust at risk, reminding her how crucial it is to stay vigilant. 

Understanding MFA 

Multi-factor authentication (MFA) provides an extra layer of protection beyond a password. By requiring a second form of verification, MFA aims to make it significantly harder for attackers to gain unauthorized access to accounts. However, as security measures evolve, so do cybercriminals’ tactics. One of the latest threats in this ongoing battle is MFA hijacking. Drake ITS staff have seen recent instances of MFA hijacking that’s allowed attackers to compromise accounts. 

What is MFA Hijacking? 

MFA hijacking refers to compromising the multi-factor authentication process to gain unauthorized access to accounts or systems. This includes stealing authentication tokens, intercepting one-time passwords (OTPs) such as those sent via text message (SMS), or exploiting vulnerabilities in the MFA implementation itself. 

How MFA Hijacking Works 

1. Phishing Attacks: One of the most common methods used in MFA hijacking is phishing. Attackers trick users into revealing their credentials and the second authentication factor, often by creating fake login pages that mimic legitimate websites. Once the user enters their username and password, the attacker can capture them in real-time and use them to gain access. 
2. Man-in-the-Middle (MitM) Attacks: In a MitM attack, cybercriminals intercept the communication between the user and the authentication service to capture the authentication token or OTP and use it to log in as the legitimate user. 
3. SIM Swapping: In this attack, the criminal convinces a mobile carrier to transfer the victim’s phone number to a SIM card controlled by the attacker. Once they have control of the victim’s phone number, they can receive the SMS-based OTPs and complete the MFA process. 
4. Session Hijacking: Attackers may hijack an active session if they gain access to the cookies or tokens stored in a browser. This method bypasses the need for MFA entirely because the attacker can impersonate the user without re-authentication. 

Protecting Yourself Against MFA Hijacking 

While MFA remains a crucial security measure, it’s essential to understand that it’s not foolproof. Here are some strategies to help protect yourself against MFA hijacking: 

1. Use Stronger MFA Methods: Use authentication methods less susceptible to hijacking, such as mobile applications using number matching. Avoid using SMS-based OTPs whenever possible, as they are particularly vulnerable to SIM swapping and interception. 
2. Monitor for Anomalies: Regularly check the MFA options configured in your accounts to remove old devices and ensure unrecognized MFA methods have not been added. Hijackers will often add MFA authentications methods to an account to maintain the ability to login in the future.  
3. Report Suspicious Account Activity: As soon as you notice, tell ITS about any suspicious activity on your accounts, such as unexpected login attempts, changes to account settings, or notifications about unauthorized access. Early detection and reporting help mitigate potential damage and prevent further unauthorized access. 

While MFA hijacking is a growing threat in the cybersecurity landscape, it doesn’t render MFA obsolete. It simply highlights the importance of staying informed about the latest threats. By understanding and remaining aware of the risks, you can reduce the likelihood of falling victim to MFA hijacking. 

–Chris Mielke, ITS

Join us, in partnership with NAMI on Campus, for our third annual Suicide Awareness Walk. We will have student and community organizations present to provide various resources for ongoing support, guest speakers, free food, and a community of individuals that value suicide prevention and belonging.

If you are interested in walking, please sign up here: https://forms.gle/gECiaUkdHTKYzcUD7

• When: Sept. 21, 11 a.m.–1 p.m.
• Where: Drake Stadium (enter by the softball field entrance)

If you have any questions, please contact NAMIOnCampus@drake.edu or Kayla.bell@drake.edu.

— Kayla Bell-Consolver, director, Counseling Center

The Robert D. and Billie Ray Center, in association with The Ron and Jane Olson Institute for Public Democracy, was proud to host the second annual Civic Leadership Academy this July on Drake University’s campus. The Academy immersed 26 select rising high school juniors from across the country in a three-day intensive leadership development program focused on civic leadership.

The Academy provided students with the unique opportunity to hear from and visit with legislators and elected officials during visits to the Iowa State Capitol and Judicial Branch, as well as the chance to meet with Lt. Governor Adam Gregg. Students also participated in a service project with Meals from the Heartland and were immersed in Drake University culture with time spent on and off campus experiencing Drake essentials.

–Megan Wesselink, Robert D. & Billie Ray Center

Explore a range of captivating flow art props like the Levi Wand, Diablo, Spinning Plates, Juggling balls, and Hula Hoops in this workshop. Felicia from Cirque Wonderland Studios will guide you on your journey into the art of flow, balance, and coordination in a fun and supportive environment. All props are provided, and no prior experience is needed.

WHEN: September 20 at 5 p.m.
WHERE: Bell Center Studio
WHO: Anyone! All levels are welcome
HOW: Sign up using the Drake Rec App

— Drake Wellness

The Johansen Student Center (Morehouse Hall) project is progressing well, on schedule, and within budget. New courtyard infrastructure and foundations are currently being installed. New studios and collaboration spaces are starting to take shape while preserving the original historic character of the existing building. The entire project team is excited about how this redesigned space will enhance the student experience on campus.

–Heather Winslow, Facilities Planning and Management

If you love Sense and Sensibility (with or without zombies) and Colin Firth’s wet, white shirt moment in Pride and Prejudice, come and hear a scholar of literature and popular culture, Dr. Rachel Feder, as she speaks on “Literature and the Lies We Tell” on Wednesday, September 25 at 5:00 pm in Cowles Library Reading Room. Part of the Susan Glaspell Writers & Critics Series, this talk will explore the ways in which the literature we consume, from Frankenstein to Austen’s work to the songs of Taylor Swift, shapes our personal mythologies. Q&A to follow presentation, and light refreshments will be served.

–Megan Brown, College of Arts and Sciences

The rapid concentration of farm animal production in factory farms makes meat, dairy, and eggs plentiful and cheap, but this type of agriculture comes at a great cost to human health, communities, and the environment. A new book by Johns Hopkins University Press, Industrial Farm Animal Production, the Environment, and Public Health, brings together public health and other experts to examine some of the most critical topics related to industrial farm animal production.

In conjunction with the book’s release, The Harkin Institute is hosting a two-day conference examining pertinent topics such as the history, structure, and trends in the factory farming industry; water and air pollution; infectious disease health effects; community and social impacts; environmental justice and sustainable agriculture; and the impacts of COVID-19 among meatpacking workers. With an introduction by Senator Tom Harkin (retired), the hope of the conference is to highlight the serious risks posed to environmental and human health by current farming systems and to examine local and national strategies for moving towards a system that prioritizes health and well-being.

WHAT: Industrial Farm Animal Production, the Environment, and Public Health Conference
WHEN: September 25 & 26, 2024
WHERE: Parents Hall, Olmsted Center 
RSVP: Drake students can attend for free! Register using this link.

This event is hosted in collaboration with the Johns Hopkins Center for a Livable Future and is part of Iowa Environmental Education Week co-organized with the Iowa Environmental Council.

–Kathryn Kuckelman, Harkin Institute

University Communications and Marketing will hold professional headshot sessions Friday, Sept. 27, from 9:30–11:30 a.m. in Old Main, Conference Room 115. The sessions are free to all students, faculty, and staff.

Select the Register button on the University calendar page. Space is limited.

High-resolution portraits will be made available for download through SmugMug 3–6 weeks after the photos are taken. Images can be downloaded at https://drakeuniversity.smugmug.com/Headshots-1.

— Jimmy Hoover, University Communications and Marketing

As communicated to campus in August of 2023, Drake adjusted its COVID-19 guidance to reflect the expiration of the PHE and integrated COVID-19 into the University’s Contagious Illness Protocols.

These protocols are applicable to any instance in which a student is contagious with a viral or bacterial infection, such as influenza, strep, mononucleosis, or COVID-19. Infectious students cannot attend in-person classes and must contact their instructors to coordinate making up any missed material.

Please visit our Contagious Illness Protocols website to review this information. For additional questions, contact dos@drake.edu.

— Jerry Parker, Vice President & Dean of Students