Ask Your CISO, Policies and Procedures, Security Awareness Newsletters, Services

This Week’s Cybersecurity News, 02/17/2023

Posted on Feb 17, 2023Share on

different tech devices with scam alert warning

It’s finally Friday! We are still seeing variations of the most recently mentioned current threats, so today I want to focus on a very important policy reminder. I also want to share some helpful information regarding scams, answer a question about Internet headers, and let you know about several necessary updates.

Policy Reminder

  • UTIA IT0130 – Personnel Security Policy
    • This policy is required to ensure that all individuals who are granted access to systems and data classified as moderate, high, or business critical shall be properly vetted to maintain information security objectives.
    • The policy also requires that employees are officially terminated in a timely and appropriate manner to ensure all access to the Institute’s IT assets and data is removed as soon as possible.
    • This is also required for any employee who transfers or has a change in job duties and responsibilities.
    • As CISO, I do remove NetReg entries and Active Directory group accesses (i.g., email and security groups) when I get the daily reports for terminated or transferred employees.
    • However, some accesses are not a part of AD groups, so if you know of employees who may have special accesses, please contact me directly so these can be removed.
    • And from my security awareness training reports each year, I know that there are employees who are not being officially terminated as required, so please make sure this is being done as soon an employee is terminated, including any seasonal employees you are expecting to return the next year.
    • Remember…if someone is not properly terminated in the system they retain access to all systems and data they had before they left and this should never happen.

Scams of All Kinds

  • Have you wondered why you are getting so many phishing, spear phishing, smishing, and vishing attempts these days?
  • Cybercriminals know that almost everyone is online most of the day, whether for work or for our personal lives.
  • Thanks to welivesecurity, I am sharing some significant warning signs for staying alert to these scams.
    1. Unsolicited messages
      • There are so many emails (phishing & spear phishing) and text messages (smishing) that set up unsuspecting people to be potential victims of fraud and cybercrime attacks.
      • These messages are sent without you asking for the information and leave you with a sense of urgency to take action according to the message.
      • The cybercriminals are hoping that you click links and/or attachments, causing malware to be downloaded and installed without your knowledge.
      • They cybercriminals will also hope you place phone calls to the numbers they are providing so they can “help” you, but they are really trying to steal your personal information, including credit card and banking information.
      • Please take a deep breath and don’t proceed without checking the validity of the messages.
    2. Cold Calls
      • These voice phishing calls, or vishing, happen to some of us all day, every day.
      • These calls vary and seem to be coming from Social Security Administration, credit card companies, tech support, supposed vendors, etc., and the goal of the caller is to get you to provide information so they can “help” you with whatever supposed reason they are calling.
      • When you receive one of these calls, have you noticed that after you say “Hello,” there is silence and then a beep?
      • This is a pretty good sign you are receiving a robocall, so hang up immediately.
      • If you don’t answer and the caller leaves a voice mail message, the message is likely to contain a warning that if you don’t <do something> then your account will be suspended, cancelled, etc.
      • Please know that your bank, credit card company, Social Security Administration, and other important and legitimate organizations will never cold call you and ask for your personal information.
      • If you get one of these calls, do the following:
        • Hang up the phone immediately.
        • Do NOT answer any questions and never use the word “yes,” even if they ask if you are <your name>.
        • Do NOT push any buttons on your phone.
        • Hang up the phone already.
      • If you do get an unexpected call that caller ID says is your bank, for example, look up the known number for your bank and call them to see if they had called.
    3. Pop-up alerts on your computer
      • Fake alerts on your computer may say that your computer has malware and direct you in that alert to call a specific number to get help cleaning your computer.
      • Do NOT click any buttons, such as “Allow” or “Deny”.
      • Do NOT call the number given in the pop-up.
      • Immediately close your browser.
      • Scan for viruses and malware.
      • Reboot the computer if the scan reveals no issues.
      • If the scan shows issues, contact me immediately and don’t turn off the computer until we talk.
      • Please remember that a legitimate antivirus/malware program, such as Microsoft Defender, will never tell you to call a number or tell you that it will cost a fee to clean the malware or virus.
    4. Gifts for surveys
      • This often happens in an email (phishing), but is becoming increasingly widespread in text messages (smishing).
      • These messages, phishing or smishing, will contain a link for the “survey” but in reality may start the download and installation of malware, including ransomware, when clicked.
      • There is also a catch involved, often asking you to pay a fee for sending the gift that never really existed.
      • It is always best to remember, “There is no such thing as a free lunch,” which gives some great perspective here.

Ask Your CISO

  • What exactly are Internet headers?
    • An Internet header is a very telling part of an email message that you won’t see without specifically looking for it.
    • An Internet header contains technical details about the message, like who really sent it, the software used to compose it, and routing information that includes all the email servers’ IP addresses that it passed through on its way to the recipient.
    • As I mentioned last week, cybercriminals will often use spoofing to make it look like the email is coming from a trusted friend, co-worker, or supervisor, so the header can tell us more about the true sender.
    • And please don’t worry about understanding the header’s content, as I don’t expect users to analyze headers.
    • However, when you report spam, I would like the headers to be included by following these simple steps, Reporting Phishing Attempts.
    • The email administrators can then use information found in the header to block some of the IP addresses from sending more messages to people at UT.

Browser, OS, and Software Updates

  • Apple
    • Apple has released security updates for multiple products to address vulnerabilities.
    • Please make sure you have applied all available updates for these products:
      1. Safari 16.3.1
      2. iOS 16.3.1 and iPadOS 16.3.1
      3. macOS 13.2.1
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.
  • Microsoft
    • Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
    • Exploitation of these vulnerabilities could allow an attacker to obtain sensitive information.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.
  • Firefox
    • Mozilla has released security updates to address vulnerabilities in Firefox.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your browser regularly, you may not have the latest updates.
    • In your Firefox browser, go to Settings (the three lines in the upper right-hand corner) and scroll down to Help.
    • Click on Help, then click on About Firefox.
    • A window will open to show you if your browser is up to date and what version you should have.
    • If you don’t have Firefox 110, please restart the browser to get the update.
  • Adobe
    • Adobe has released security updates to address vulnerabilities in multiple products.
    • Exploitation of these vulnerabilities could allow an attacker to take control of an affected device.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.

Thank you so much for all you do to protect the Institute and its data. I am here to help you, so please don’t hesitate to let me know if you have questions or concerns. And I truly appreciate all your feedback!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu