This Week’s Cybersecurity News, 06/30/2022

Share on

There isn’t too much that has changed in cybersecurity this week. As much as that is a good thing, sometimes the cybercriminals let you think things have calmed down and then sneak in a new threat. Please continue to stay vigilant and contact me anytime you have concerns.

Current Threats

  • Office 365 Passwords (still!)
    • Several people are reporting that they have received an email saying their Office 365 password is about to expire.
    • Office 365 is no longer called Office 365, but rather Microsoft 365.
    • Microsoft 365 uses your NetID and password for authentication, so the notification would likely specify it is your NetID password that is about to expire.
    • It claims to be an “IT Support Announcement,” but if it really was about this password, the message would have OIT, UTK, or something very recognizable. (The email never mentions UT at all.)
    • The email looks like it comes from a vols.utk.edu account, but if it were real this would come from an official address like oit@utk.edu.
    • Please forward the email with the very important Internet headers using these instructions, then delete the email.
  • Bumblebee
    • Anyone who knows me well knows that, in addition to cats and the Yankees, I have a love for bees…with this one exception.
    • There is a new piece of software being used to inject systems with ransomware.
    • This newly discovered malware loader called Bumblebee has been found to be connected to a number of prominent ransomware groups and has already been a key component of many cyberattacks.
    • One recent attack was found to have started an initial infection through a spear phishing email, which had an attachment of a .iso file. (An ISO file is an exact copy of data found on a CD, DVD, or Blu-ray disk.)
    • The Bumblebee loader then contacted a common-and control server to created a duplicate file name but with a randomized name.
    • The loader then created a script to run a certain file every 15 minutes which allowed the ransomware group to encrypt the files on the targeted system.
    • While I don’t expect our users to know what all this means, I do want to keep you aware of how quickly things can change!
    • If you recall, the Institute’s experiences with spear phishing have always been quick and vague messages from someone pretending to be your boss, usually, and asks you to reply to the email so you can help them with something.
    • These past experiences have been rather innocuous because they had no attachments, no links, and depended on you believing your boss would actually ask you to buy gift cards and email the codes to them.

Browser & OS Updates

  • Firefox
    • Mozilla has released security updates to address vulnerabilities in Firefox.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your browser regularly, you may not have the latest updates.
    • In your Firefox browser, go to Settings (the three lines in the upper right-hand corner) and scroll down to Help.
    • Click on Help and click on About Firefox.
    • A window will open to show you if your browser is up to date and what version you should have.
    • If you don’t have version 102, please restart the browser to get the update.
  • Apple
    • Apple has announced multiple known exploited vulnerabilities.
    • These vulnerabilities affect iOS, iPadOS, macOS, tvOS, and watchOS.
    • Please make sure you have applied all available updates for these platforms.

I really appreciate all that each of you do to protect the Institute and its data. I am always here to help you. If I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.

Hope you have a very Happy Fourth of July!!!

Thanks!

Sandy