Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/05/2022

Posted on May 05, 2022Share on

A skull and crossbones besdie of a file that has a padlock



Today I want to let you know about some current threats that are going on. As I stated a couple of weeks ago, sometimes it sounds like I keep repeating the same threat, but they are growing and I want everyone to stay on alert.

Current Threats

Ransomware

  • Dharma Ransomware Attack
    • At the end of last week a few of you asked if I had heard of the attack that had just happened at Austin Peay University.
    • I had heard of it, but I had zero information to share.
    • Unfortunately, I still have heard little about what had happened, other than it being a Dharma Ransomware attack.
    • The Dharma Ransomware attack was first noticed in 2016, and still continues to be a threat.
    • This particular attack takes advantage of an unprotected RDP (Remote Desktop Protocol) in Windows, allowing a hacker to use phishing emails to remote into a network through RDP.
    • According to Coveware, the average payments for Dharma attacks, at $66,687, are lower than the overall ransomware marketplace average.
    • Coveware estimates the average length of this type of attack is 14 days, compared to 19 days average for all ransomware attacks. This is the amount of time from reporting to full data recovery of a Dharma Ransomware attack.
    • Austin Peay’s website states that the attack has been contained and that the IT staff is investigating the incident.
    • Final exams and commencement will continue as scheduled.

     As always, please take these precautions to help prevent any ransomware variant attack:

  • Do not open attachments or click on links in any email you are not sure is absolutely legitimate and from a trusted source.
  • If you are uncertain if an email is legitimate, please don’t hesitate to ask me about it.
  • Back up your data regularly.
    • Use Microsoft 365 (OneDrive for Business) cloud-based storage for all your data up to 5 TB.
    • Use UT’s Google Drive cloud-based storage for data up to 50 GB.
    • Both of these cloud-based storage solutions are certified for FERPA, PII, and HIPAA/PHI data.
    • Both cloud-based storage solutions encrypt data in transit and at rest.
    • Both cloud -based storage solutions are backed up regularly by the providers.
    • Remember that if your data is backed up in a secure location (i.e., the cloud) you won’t have to worry about paying to get the data back!
    • Read more about the Institute’s Backup Guidelines.
  • Check the Knowledge Base on the UTIAsecurity site for additional information on ransomware.
  • If you get a message that you have been hit by a ransomware attack, call me immediately.


Browser Updates

  • Mozilla
    • Mozilla has released security updates to address vulnerabilities in Firefox.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your Firefox browser regularly, you may not have the updates.
    • In your browser, go to Settings (the three lines in the upper right-hand corner and scroll down to Help.
    • Click on Help and click on About Firefox.
    • A window will open to show you if your browser is up to day and what version you should have.
    • If you don’t have version 100, please restart the browser.


Global Cybersecurity News

Russian Hackers

  • Nobelium Returns
    • In early 2020, the hacker group Nobelium breached the Texas-based software company SolarWinds.
    • Nobelium, which is linked to Russia’s intelligence apparatus, used a man-in-the-middle attack to successfully infiltrate sensitive networks that included several critical infrastructure networks.
    • The FBI, using findings published by Cyberscoop, has warned that this group is setting up new infrastructure to launch new attacks.
    • Researchers at Recorded Future identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands.
    • The hackers employ “typosquatting” to trick victims by registering misspelled versions of real brand domains, such as ‘goggle.com’.
    • Nobelium, also known as ATP29 and Cozy Bear, commonly uses typosquatting in their attack campaigns hoping that potential victims won’t notice the slight misspellings.
    • When you get emails from what appear to be known companies, please make sure the domain’s spelling in all uses throughout the email, including signatures, email addresses, etc.. are correct.
    • More importantly, if you get an invoice you didn’t buy anything (e.g., invoices from Amazon for a $600 piece of technology), don’t open any attachment or link!
    • As always, ask me if you have doubts or concerns.

Thank you for your care and concern with potential IT security issues. I am always here to help you. If I don’t get back with you quickly enough via email, please call my cell number.

Thanks!

Sandy


Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu