Current Threats, Policies and Procedures, Security Awareness Newsletters

April 2022 IT Security Newsletter

Posted on Apr 29, 2022Share on

computer monitor with login and password for signing in



Since the implementation of Duo’s Two-Factor Authentication in 2019, UTK’s OIT has ended the requirement of changing NetID passwords every 180 day, as long as you are using a strong 12+ character password and unless you have access to certain data. Even if it is not a requirement, I highly recommend changing your password regularly. There are some risks to never changing a password, so today I want to give you some general tips for passwords.

In addition to talking about passwords, I am letting you know the most common current threats, as well as a couple of state-sponsored potential threats.

Please read below to learn more.


Security Tips for April


Passwords

  • Change your password regularly, as in at least once a year.
    • NOT changing your password can lead to compromises, breaches, identity theft, and other incidents.
    • With cybercrime being at a higher level than ever, password hacking software is getting more sophisticated.
    • Not only can these apps try to guess the password, they can recover passwords stored in a local or remote file.
  • Use a different password for each account you log into.
    • If you use the same password for multiple accounts, your identity is much easier to steal.
    • Even if your account’s username is different, the password should also be different.
    • This tips not only applies to your NetID, it also applies to your bank account, your cable account, your utility company, your credit cards, your online shopping, your medical portal, and all your other accounts.
  • Do not reuse or recycle your passwords.
    • Using numbers in a password is great, unless you just add one every time you change the password, e.g., password01, password02, password03, etc.
    • Rotating passwords between accounts is no better than never changing your passwords because the hacker will have few passwords they have to try to crack.
  • Do not write your password down and leave it anywhere near or on the computer, especially with identifying account information.
  • Never, ever, ever share your password with anyone.
  • Do not use obvious things to create your passwords.
    • Remember this from one of my favorite tee shirts I got at a security conference – “hackers small talk”:
      • What is your childhood pet’s name?
      • What street did you grow up on?
      • What was the make of your first car?
      • What is your mother’s maiden name?
  • Use a password manager if you are having trouble creating strong passwords for every account you have.
  • Don’t forget to use multi-function authentication (MFA) or two-factor authentication (2FA) for any account that offers it, like your bank.
  • Refer to the March 2022 IT Security Newsletter on the UTIAsecurity website.

Current Threats

Spear Phishing Attempts (again)

  • Quick Request (Varying subjects or an empty subject line)
    • The message looks like it is coming from your supervisor, a co-worker, or even a friend.
    • While the person you know is seen in the “From” field, check the email address given, as it is almost always from a Gmail address.
    • Looks like it is being sent only to you, when it is actually sent to many others using the BCC: function.
      • This is used in an effort to make it seem like you were singled out for an important task.
    • The message is very vague and often has a sense of urgency.
      • It may ask for your cellphone number.
      • It may also ask you to reply back to the email because they can’t take a call.
      • Think about this…why ask for your cellphone number if they can’t take a call?
    • If you reply, you will most likely be asked to purchase some gift cards, then to email the card numbers back.
    • Please remember that no one at UT will ask you to do this!
    • Also, remember that this is a targeted email that has used social media or departmental websites to find some sort of organizational structure for sending the email.
    • Lastly, remember that, while the Institute’s staff may be targeting, the individuals who respond will end up losing that money if any cards (or anything else) are purchased based on the email.

Multi-factor Authentication

  • Social engineering attacks using multi-factor authentication requests
    • A current trending threat is for attackers to spam multi-factor authentication (MFA and 2FA) prompts in hopes of annoying users enough to approve the login.
    • This is being done by both criminal and nation-state actors.
    • Researchers at Mandiant, a well-known American cybersecurity firm, has reported the Russian state-sponsored actor Cozy Bear launching repeated MFA prompts until the user accepts the request.
    • While I highly advocate for the use of MFA and 2FA, I equally advocate for the use of caution when you receive any MFA or 2FA prompt.
    • If you did not ask for a push or a passcode please do not approve.

Other Questionable Email

  • Amazon “A list has been shared with you”
    • An email from Amazon.com announces that a coworker has shared a new Amazon Business list with your group.
    • The message has gone to many UT employees.
    • This kind of message has been sent before when someone using the UT Amazon Business account through IRIS has created a list.
    • This list has since been removed and there is no threat.
    • I recommend that if want to create a group list in Amazon Business, you ask someone in your business office if there is a trick to doing so in order not to share it with all of UT.

Global Cybersecurity Information

Current Nation-state Cyber Threats

  • North Korea
    • The coordinator of the UN Security Council’s Panel of Experts on North Korea has said this week that a stepped-up focus was needed on cybercrime, which has become fundamental to North Korea’s ability to raising money for its nuclear and missile programs.
  • Russia
    • The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.

Thank you so much for taking the time to read these newsletters! I really appreciate you remembering what you have read, as well. And never hesitate to let me know if you have questions or comments.

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu