Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 06/05/2024

Posted on Jun 05, 2024Share on

Picture of laptop and tablet

Good afternoon.

Today I want to tell you about yet another version of the ongoing hiring scams and the latest expiring password scam. I also wanted to let you know about some of the new security initiatives being implemented next week and remind you about proper cyber hygiene when traveling.

Current Threats

  • Hiring (phishing email)
    • The sender’s name varies, but they all appear to have come from @istanbularel.edu.tr.
    • The subject is UNIVERSITY EMPLOYMENT UPDATE!!!.
    • The email content tells you that there is a part-time position requiring you to work four hours per week for $450.
    • There is no attachment and no link, other than an email for Hannah Brook with a Gmail address.
    • There is nothing in the email to point to UT in any way and neither Hannah Brook nor any of the senders are associated with UT.
    • Please remind your students with whom you have contact that this kind of email is a scam!
    • Please do not respond to the email because there will most definitely be a follow up asking you for your personal information, as this is a scam.
    • If you have received an email like this, please report it using Reporting Phishing Attempts & Other Email Scams.

  • Office365 (phishing email)
    • The sender does appear to be a UTK student, but the address was either spoofed or the student’s account was compromised.
    • The subject is School Update.
    • The email content shows the Office365 logo and tells you that your Office365 Password is going to expire in 24 hours.
    • There is a link for “KEEP MY SAME PASSWORD,” but please do NOT click!
    • As we all know, UT does not refer to your password as the Office365 Password and the actual UT login is for more than just Office365.
    • Also, Microsoft changed the name (and logo) from Office365 to Microsoft 365, so UT will use the correct name and logo.
    • OIT will never notify you in this way about password changes.
    • If you have received an email like this, please report it using Reporting Phishing Attempts & Other Email Scams.

Important Information

  • Security Initiatives Being Implemented
  • You have heard me mention that there are new security initiatives being implemented throughout UT and some of you may have seen the OIT Weekly email that came out on Monday, 06/03.
    • On June 10, UTK will start restricting direct access from off-campus networks when connecting to the UTK campus networks.
      • This means that you will be required by UTK to sign in to the UTK VPN, otherwise known as Pulse Secure, to connect to UT-owned and Institute-owned IT assets.
        • This initiative will soon be implemented at every UT campus and institute.
        • Since UTIA is using the UTK network, we will be a part of UTK’s timeline, but some units may vary slightly.
        • For those across the state who are using the SHIELD network in your offices, that is a direct connection to the UTK network, so the VPN is not required when using your computer in your offices.
      • I have always said that this is a requirement when connecting your computer from home and any other outside network when you are doing work-related tasks to protect the Institute’s data, so if you have been using Pulse Secure, you should notice no change.
      • However, if you have not been using the VPN, you will have to log in to Pulse Secure before accessing your work-related systems/data from a non-UTK network.
      • Please make sure you are using the latest version of Pusle Secure, which should be v9.1.15, because the older versions will have issues.
      • To get the latest version, please go to the OIT Software Distribution site and look for VPN.
      • The instructions for connecting to Pulse Secure can be found at VPN: Connect to Pulse Secure | Windows or macOS.
      • Again, if you are using your computer in your office using the UTK wired or wireless networks, you do not need to use the VPN because connecting directly to a UTK network provides protection for the data.
    • Also beginning June 10, Microsoft Defender for Endpoint is required for all Institute-owned, University-owned, and grant-funded desktops, laptops, and servers.
      • Microsoft Defender is a comprehensive, cloud-based endpoint security solution that provides cyberthreat protection to help stop cyberattacks across Windows, Windows Server, macOS, and Linux devices.
      • If you are logging into your device using your UT account, or the computer is in Active Directory or Intune, the device is already configured to use Microsoft Defender.
      • If you are not using your UT account for logging in to your device, please see OIT’s Microsoft Defender Required for All Computers.
    • Reminders for Traveling
      • Please do not share your travel information via social media.
        • When you are away and post your details to social media, that can lead to a host of problems.
        • Cybercriminals can use this information to send targeted emails to friends, family, co-workers, etc., that appear to be from you.
        • Posting photos of personal information could lead to identity theft.
        • In addition, when you post exactly when you are gone criminals can find your home address and take your things.
      • Please make sure you are using a strong and unique password for every single device and account you have.
      • Always use multi-factor authentication for any every login you possibly can.
      • When using a computer to access anything work-related, you must use the UT VPN!
      • In addition to keeping your laptops updated and patched, it is also important to make sure you keep your mobile devices updated.
      • Be sure you enable the ‘track device’ option in your mobile device settings so you can remotely wipe the device in the event it is lost or stolen.
      • Please do not trust public WiFi connections in your hotel, restaurants, coffee shops, airports, etc.
        • Remember that the free WiFi networks may be misconfigured, unmonitored, or “monitored” by cybercriminals.
        • Please use your smartphone’s personal hotspot feature to connect your devices to the Internet.
      • Please do not use public computers at any time when you travel.
        • Public computers are likely unmonitored and unpatched.
        • Anyone could deliberately infect a public computer with malware like a keylogger.
        • Those who know how can go into the computer’s hard drive and extract sensitive information that you typed into a website, social media account, email, etc., even if you cleared the cache, deleted the files, emptied the trash, etc., because that information is still on the hard drive.
      • For international travel, please make sure you know the specific laws where you are visiting.
      • You can visit the US Department of State travel website for pretty much anything you need to know.
      • Keep in mind that every country has very specific laws about IT-related things, even online content that we wouldn’t even think twice about in the US.
      • Some countries have laws against the use of a VPN; so if the country does not allow VPNs, do not attempt to access anything work-related and seriously consider not taking any laptops or mobile devices!
      • This is not a specific IT request, but PLEASE double- and triple-check your bags before you ever head to the airport!
      • Please visit the UT Department of State’s Learn About Your Destination portion of their site to find out very detailed and updated information about your specific destination(s), but be sure to regularly check each destination you plan to visit and read all the alerts and information for that destination.
      • Please note that this travel site can be a little overwhelming when looking for specific information, but I highly recommend reading each section for a destination very carefully and pay especially close attention to the Local Laws & Special Circumstances section.

    Thank you all so much for everything you do each day to protect the Institute and its data. Your keen observation and awareness are greatly appreciated! As always, you can contact me at any time if you have any questions or concerns.

    Sandy

    Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu