This Week’s Cybersecurity News, 05/11/2022

Share on

Some things just won’t go away…like spear phishing attempts. For the past few years, they have been very cyclical…and very annoying. Please continue reading to see how this one is a little different.

Current Threats

Spear Phishing Attempts

  • Email With Subject being the same as the To field
    • This morning I got lots of notifications of spam.
    • This is a new version of spear phishing, with the Subject being the recipient’s name.
    • This would be easy for a hacker to do using certain mail merge services that make the messages seem very personalized.
    • Today’s messages were targeting one particular unit’s administration, but it may change tomorrow.
    • An administrator’s name is shown in the From field, but it is a Gmail address.
    • The content is pretty short and asks you to immediately assist the sender, but then reply back to the email.
    • The guise of the attack is to get recipients to think they have been exclusively asked by someone to do an important task as quickly as possible.
    • Since these kinds of attacks have little information, no links, and no attachments (so far), there is no malware or loss of data, but if you are asked to purchase gift cards and email the codes back the hacker makes money and the individual loses money.
    • I recommend blocking the sender by right-clicking on the message preview, choosing Junk, then choosing Block Sender.

Browser Updates

  • Chrome
    • Chrome has released security updates to address vulnerabilities in Chrome.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your Chrome  browser regularly, you may not have the updates.
    • In your browser, go to Settings (the three lines in the upper right-hand corner and scroll down to Help.
    • Click on Help and click on About Google Chrome.
    • A window will open to show you if your browser is up to day and what version you should have.
    • If you don’t have version 1101.0.4951.64, please restart the browser.

Global Cybersecurity News

Russian Media Being Hacked

  • Hackers are targeting Russia with cyberattacks now, defacing Russian TV to show pro-Ukrainian messages.
  • Russia’s RuTube streaming service was taken down due to a cyberattack on all its servers.

Biden Signs Cybercrime Tracking Bill Into Law

  • According to The Register, the Better Cybercrime Metrics Act requires the Department of Justice to work with the National Academy of Sciences to develop a taxonomy that law enforcement can use to categorize different types of cybercrime.
  • It also gives the Department of Justice two years to establish a category in the National Incident-Based Reporting System for the collection of cybercrime reports from federal, state, and local officials.
  • It requires the Government Accountability Office to report on the effectiveness of existing cybercrime mechanisms and highlight disparities in reporting cybercrime data versus other types of crime data.
  • And it requires the National Crime Victimization Survey to add questions related to cybercrime in its surveys.
  • A bipartisan majority of the US House voted to pass the legislation in March, and the Senate passed the companion bill in December 2021.
  • In its most recent IC3 report, the FBI said 2021 set records for the total number of complaints (847,376) as well as losses exceeding $6.9 billion, a jump from the $4.2 billion reported a year earlier.
  • This law is intended to help law enforcement5 identify and prevent attacks.
  • This law is also part of a larger push by the federal government to improve cybersecurity incident reporting, amid the growing threat from Russia.

Thank you for being so cognizant of potential IT security issues. I am always here to help you. If I don’t get back with you quickly enough via email, please call my cell number.