Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 03/06/2024

Posted on Mar 06, 2024Share on

Drawing of a man in a suit pointing at the word "access"

Good afternoon.

This week I want to remind you to be extra cautious about Duo alerts. This extra layer of security is supposed to help make authentication even more secure, but the bad guys can find ways to make it work to their advantage if you aren’t paying close attention. I also want to answer a question about Internet headers.

Current Threats

  • Duo Push Alerts
    • There have been several recently compromised UT accounts due to Duo Push alerts.
    • The hackers are trying to get into UT accounts by using passwords that may be harvested or stolen, which will then allow them to request a Duo Push or Passcode.
    • What the hacker will get looks just like what you get if you requested it.
    • Please be very careful when you get any Duo request on your phone.
    • It is so easy to be in a rush and click the request, especially for the Push, without paying much attention.
    • By sending a Push for something that YOU did not initiate can allow hackers access to your UT accounts using your NetID.
    • If you get an alert that you did not initiate, please ignore it, which will cause the request to timeout and the person on the other end will not be able to access your accounts nor data.
    • I would like to add that I highly recommend you NOT check the box to “Remember me for 7 days,” as this will keep anyone who may have access to your password from gaining access to your accounts from the computer you are logged into.

Ask Your CISO

  • Could you remind me why it is so important to include the “Internet header” when reporting email scams to OIT?
    • The Internet header contains technical information that the Exchange administrators can use.
    • For example, the Internet header can show who sent the message, which is very important when the sender’s addresses have often been spoofed to look like it came from someone you know.
    • By checking the header, the Exchange administrators can see the following information and more:
      • If the sender’s email address is different that it appears;
      • What software was used to compose the email;
      • The date and time the email message was sent, based on the computer clock on the actual sender’s computer; and
      • The emails servers it passed through from the time the email was sent until it was received.
    • By seeing this information, the Exchange administrators can then block the sender from being able to send emails to UT addresses (though this can be difficult because of the spoofing).
    • They can also purge specific emails from any UT email accounts, which is particularly helpful so it keeps many others from being able to open the email and click on something they shouldn’t.
    • While it isn’t always convenient to get the header, please try to do so when possible.
    • OIT says any email sent without the header is saved for reference, but OIT will not be able to fully investigate messages sent without the headers.
    • Letting OIT know about any email scam is definitely helpful, but those with the Internet header are most helpful.
    • To get the instructions for reporting these scams, please go to Reporting Phishing Attempts.
    • For Mac users, I am working on an update to this webpage for you!
    • And, finally, I want to mention the “Report Message” button in the Outlook ribbon.
      • Clicking this button actually reports the message to Microsoft to help improve the Microsoft spam filters.
      • Clicking this button doesn’t help our OIT Exchange Administrators with blocking the sender or purging mail from UT accounts.

Thanks for all you do to protect the Institute and its data. I also want you to protect your own data, as well as help your students, clients, family, and friends. Don’t forget that I post these newsletters to https://UTIAsecurity.tennessee.edu. You can find the most current posts on the home page, while all newsletters are archived and easily searchable by categories and tags by going to the UTIAsecurity Knowledge Base.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu