This week has been fairly quiet with regards to new threats. I have heard about the usual threats of phishing, spear phishing, vishing, and smishing. I haven’t mentioned smishing attacks in a few weeks, but they do continue. While smishing is a lot like spear phishing and targets the individual instead of the Institute, I would not be doing my job as CISO or as a caring human being if I didn’t try to protect the Institute’s employees and warn you of all types of threats.

Current Threats

• Smishing (SMS text message + phishing)
  • The sender almost always appears to be someone with whom you have done business or have heard of.
    • Amazon
    • Norton
    • Verizon
    • Wells Fargo
    • Many other well-known and trusted businesses
  • The sender tells you something to entice you (e.g., there is a problem, you have been selected to win, your bill is due or has been paid., etc.) and gives you a link.
  • As easy as it is to click the link, please do NOT click the link.
  • The link will take you to a fake site and will ask for some sort of personal information.
  • The request for information grows…you give one thing, then they ask for something else.
  • If you really believe the text message is real, please type the link address into your browser.
    • Clicking the link itself may activate malware or even worse.
  • And always remember that when you are contacted by a business and they ask you for your personal information, credit card number, etc., immediately discontinue any contact, then call that company using a known and verified phone number to ask about the call you received.

Software Updates

• Apple
  • Apple has announced multiple known exploited vulnerabilities.
  • These vulnerabilities affect iOS, iPadOS, macOS, tvOS, and watchOS.
  • Please make sure you have applied all available updates for these platforms.
    • The latest version of iOS and iPadOS is 15.6.
    • The latest version of macOS is 12.5.
    • The latest version of tvOS is 15.6.
    • The latest version of watchOS is 8.7.

Global Cybersecurity

• United States and Ukraine Expand Cooperation on Cybersecurity
  • The US Cybersecurity and Infrastructure Security Agency (CISA) announced this week that CISA and the Ukrainian State Service of Special Communications and Information Protection on Ukraine (SSSCIP) signed a Memorandum of Cooperation (MOC) to strengthen collaboration on shared cybersecurity priorities.
  • The MOC expands on CISA’s existing relationship with the Government of Ukraine in the areas of:
    • Information exchanges and sharing of best practices on cyber incidents;
    • Critical infrastructure security technical exchanges; and
    • Cybersecurity training and joint exercises.
  • This collaboration, in part, is to help build global resilience against cyber threats.

Thank you for all you do to protect the Institute and its data. I am always here to help you, so if you need me and I don’t get back with you quickly enough via email, or if it is an emergency, please call my cell number at any time.

Thanks!

Sandy