Zimbra vulnerability causes email outage at Pitt State

  Wednesday, June 26, 2019 9:00 AM

Pittsburg, KS

Russ Hall

On Thursday, June 13, about half of PSU’s employees experienced an email outage. Email was restored at 8:30 a.m. on Friday, June 14.

The outage was caused by a vulnerability in Zimbra, the University’s employee email software. The vulnerability enabled Bitcoin miners to access PSU email servers and use the server horsepower for their mining operations. The issue emerged when a routine restart of two of PSU’s four email servers left them crippled, leading to the outage. It was quickly discovered that the server failure was a result of the Bitcoin miners’ access.

Once the issue was identified, the miners were immediately blocked. It then took nearly 24 hours of around-the-clock work to restore the servers and email access, and another few hours to implement the required virtual private network (VPN) for accessing email when outside a PSU network. Measures taken by Information Technology Services (ITS) ensure that Bitcoin miners are now blocked from University email servers.

“Once VPN was implemented, the miners stopped attempting to access the servers,” said Angela Neria, Chief Information Officer for PSU.

Zimbra does not currently offer security patches for every version of its software, so continued VPN usage was required as long as the University continued its use. Given this inconvenience and ITS’s already-extensive work done to migrate employee email to Outlook, the decision was made to accelerate the planned migration from August 5 to June 24.

“Moving up our Outlook migration helped employees in two ways,” said Neria. “First, we were able to remove the VPN requirement, and secondly, we now have the protection of Microsoft’s robust resources to radically reduce the chances of this happening again.”

Though the VPN requirement is removed, Neria pointed out that it’s best practice to always use VPN for any PSU business when using unsecured networks, such as those in hotels and coffee shops.

Now that the Outlook migration is complete, ITS will rebuild the Zimbra servers with a version of the software that includes a new security patch, enabling employees to access an archive of their emails and calendar entries without using VPN.

Fortunately, the vulnerability in Zimbra impacted only email. There is zero evidence that any student, faculty, and staff data was accessed, nor did it spread to any other PSU systems.

“For many years, PSU has invested in and grown resources and practices to protect data,” said Neria. “We also have great partners in our students, faculty, and staff, who are very aware and vigilant in monitoring potential threats to our data security.”

The migration to Outlook began Friday, June 21 and was completed by Saturday, June 22.