Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 07/13/2022

Posted on Jul 13, 2022Share on

World map in background with laptop screen with lots of envelopes representing email floating away from the screen


Every day I get asked if certain emails are legitimate or not. That makes me so proud of the faculty,  staff, students, and leadership here at the Institute. It tells me you are very aware of what makes an email questionable and I can’t thank you enough for that! I also appreciate it when you forward those emails to me because it helps me to see when we are having multiple potential threats. Today I am going to give you the emails you can actually believe (at least this week!), as well as the usual current threats, updates, and global cybersecurity news.

Current Non-Threats

  • McLean Employee Experience Survey (email)
    • This email says that it is from University of Tennessee, but the sender’s email address is survey@mcleanco.com.
    • McLean is the company that the University uses for these fairly regular surveys asking about UT as an employer.
    • As soon as I find out about the survey or receive one myself, I do verify it so that I know each instance is legitimate.
  • Attn State of Tennessee employees: Join now (email)
    • This email is from Hinge Health (hello@hingehealth.com) .
    • The email has the Partners for Health TN logo, the State of TN logo, and the Hinge Health logo at the top of the message.
    • The email states that you can get help for muscle, back, or joint issues through the Hinge Health program at no additional cost to you.
    • I was able to verify this information by searching for Hinge Health within Partners for Health TN.
    • While the Hinge Health program is for Blue Cross Blue Shield members, there is another program, RecoveryOne, for Cigna members.
    • You can go to https://www.tn.gov/partnersforhealth/health-options/included-benefits-extras/exercise-therapy-programs.html to find out more information about each program, as well as to sign up.
  • Office Patch Deployment (notification)
    • Several people have asked about an Office updates notification popup they have received.
    • This notification is, in fact, legitimate.
    • This notification is from Endpoint Central, formerly known as Desktop Central, and is designed by default to let you know patches are ready.
    • The UTIA logo is being used and should differentiate this patch from others.
    • While there is a UTIA logo, I can’t guarantee you that this will always make things legitimate because of the ability of cyber actors to copy and use our own logos against us.
    • You should typically be notified in advance of such patches being pushed.
    • When in doubt you can definitely ask me first!

Current Threats

  • New Phishing Scheme
    • This sounds a lot like last week’s vishing threat, but this one is more specific and originates from an email instead of a phone call.
    • Cybersecurity company CrowdStrike has publicly detailed a new phishing campaign that has cyber threat actors posing as legitimate and well-known cybersecurity companies, including CrowdStrike.
    • These threat actors are sending phishing emails claiming that the recipient has been hit by a cyberattack and that they should immediately respond to protect their network.
    • If the recipient does respond, there is a major risk that they are opening the door for hackers to compromise their system, and possibly their network, with malware, ransomware, and other cyber threats.
    • The email has a callback number for the recipient to use and when the victim calls the number, they are connected to an operator who will attempt to have them install remote administration tools (RATs) to gain access to the network.
    • Please don’t believe any email you may receive from a third party telling you that your system has been compromised.
      • If I find out through appropriate channels that your system has been compromised, I will call you first because I don’t want to take a chance on the time it may take for you to see an email.
      • If your system has been compromised, I will disable the network access before calling you, just to avoid any possibility of things getting out of hand.

Software Updates

  • Adobe
    • Adobe has released security updates for multiple products.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Please ensure that you have all the latest updates for the Adobe products you have installed.
      • Go to the “^” in the lower right portion of the system tray and click on the Creative Cloud icon.
      • When the Creative Cloud Desktop window opens, your will see each Adobe app installed on your computer, along with whether or not the app is up to date.
      • Please update all apps that have not yet been updated.

Global Cybersecurity

  • UK Cyber Agencies Issue Ransomware Warning Message
    • In a move that aligns with American law enforcement, two British cybersecurity agencies, the National Cyber Security Centre and the Information Commissioner’s Office, have issued a joint message regarding ransomware.
    • According to an article in ZDNet, these two agencies are asking solicitors to remind their clients that paying any ransom demands will not keep their data safe.
    • In fact, recent ransomware statistics show that not only is paying the ransom not condoned, it actually encourages more ransomware attacks.
    • Ransomware remains the biggest online threat to the UK.

I am so appreciative of all that you do to protect the Institute and its data. If you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time. I am always here to help you.

Thanks!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu