Current Threats, Policies and Procedures

This Week’s Cybersecurity News, 08/05/2022

Posted on Aug 05, 2022Share on

person in a hoodie with a padlock and the words cyber security



Today I have a lot to tell you! There in an upcoming change to an app we have been using for a long time. There are also some updates to three of our IT Security policies. In addition, I have detailed another scam that is currently targeting our students. I have also included some very helpful information for reporting scams and how to be keep your smartphones safe. It seems like I have been all over the security spectrum, but these are the things that are most important at this particular time. Please, as always, share this information with your coworkers, friends, family, clients, and STUDENTS!!! Classes begin soon and I worry that our students are not included when it comes to cybersecurity information, so please help them out!


Important Information

  • Malwarebytes
    • UTK’s Office of Information Technology (OIT) has opted NOT to renew the contract for Malwarebytes.
    • This decision was not made lightly, as we have trusted Malwarebytes for many years.
    • OIT has implemented Microsoft A5 licensing, which includes Microsoft Defender for Endpoint.
    • OIT feels that Microsoft Defender for Endpoint is a better product and that keeping Malwarebytes is redundant.
    • At 5pm on Wednesday, August 17, OIT will be deleting all of the Malwarebytes endpoints on UTK, UTIA, UTSA, and UTFI computers using the Malwarebytes Cloud Console.
    • While this mass removal will occur in the background unnoticed, it *may* force a reboot of some computers, although it is unlikely.
    • While this is not expected to cause any work stoppages or issues, please call the OIT HelpDesk at (865) 974-9900, if you have problems.
    • Microsoft Defender for Endpoint is something that is automatically updated and run for you, but if you notice it is not updating or running as expected, please call the OIT HelpDesk at (865) 974-9900.

  • IT Security Policy Updates
    • UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP)
      • Added new requirement to use only UT-provided email for Institute business.
      • Added that users will not automatically forward UT email to any non-UT account.
      • Added that using UT-provided email for personal business is not permitted.
    • UTIA IT0130 – Personnel Security Policy
      • Added that all employees, including seasonal employees, will be officially terminated per UT’s HR0160 – Termination of Employment policy.
      • Clarified that the access agreement for third-parties acts as acknowledgement of the Institute’s AUP.
    • UTIA IT0311 – Payment Card Industry (PCI) Security Policy
      • Updated Chief Business Officer title to Associate Vice Chancellor for Business and Finance.
      • Updated several details, including acceptable training, password policy, and POS device information.
      • Added a section for Point-to-Point Encryption (P2PE) transactions.
      • Clarified specific responsibilities for the merchant, UTIA CISO, and UTIA AVC for Business and Finance.

Current Threats

  • Spear Phishing (email)
    • I have heard from a couple of different departments that these emails are targeting students, and often specifically incoming freshmen.
    • Please share this information with students now and often!
      • These students are left with the impression that they are gaining favor or some other kind of “credit” if they respond, so make sure they know that is not something our faculty and staff would do.
      • The emails are being sent to look like they are coming from someone within the department, most often a person who has connections to plenty of students.
      • Understand that NO ONE at the Institute (or University) will EVER ask students or staff via cryptic emails to purchase gift cards or anything else and then be repaid later.
      • These messages are sent using “Bcc,” which will suppress all the other recipients to look like they are the only person being contacted, giving that feeling of favor and trust.
      • The emails are very short, asking the recipient to contact the sender right away and only by replying to the email.
      • Check the “reply to” address and you will most often find that it ends in @gmail.com.
      • If you reply (and please don’t), you will get another message saying that the sender, who most often looks to be a professor or supervisor, needs you to go get some gift cards and they will pay you back after emailing them the cards’ codes.
      • Never reply to the messages at all but, instead, call the person the message appears to be coming from using known good numbers.
      • Replying to these messages will often flag the responding person as “vulnerable” and will often cause them to be scammed again at a later time.
    • Please use Reporting Phishing Attempts to forward the message and its Internet headers to OIT Abuse and me.
    • It is important to follow these instructions so that you include the Internet headers when reporting.
  • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.
  • Business Email Compromise (BEC)
    • BECs are nothing new, but I have not use this term because it can be a bit confusing, especially since the word “compromise” is not used in the same way we think of an actual individual’s account being compromised.
      • This is NOT a user’s account being compromised.
      • The user’s account is being spoofed to make others think the emails are coming from a trusted source.
    • A BEC is a spear phishing attack, so all the things I have told you about spear phishing apply to BEC because they are the same.
      • Social engineering is used to establish a layer of trust.
      • There is no link and no payload.
      • These are opportunistic attacks.
      • These are targeted attacks.
      • The most recognizable BEC attacks are:
        1. The Classic Wire Transfer tries to get you to wire payment from a fake invoice to the sender’s account.
        2. The Gift Card Scam is probably used most often, as the sender needs you to do them a favor and go buy gift cards to email codes to the sender.
        3. The Payroll Diversion attempts to get the recipient to change “the sender’s” current direct deposit account to a different bank account.
    • While BEC attacks are a global problem, they are the #1 cyber threat in America.
    • According to the FBI, BEC attacks were on the rise in 2021, with:
      • Total number of attacks = 19,954
      • Average cost per attack = $120,074
      • FBI’s reported losses = $2.4B
      • Increase in losses since 2020 = 28%
    • In order to use the same terminology that you may hear in the news and online, I will start using “BEC (spear phishing)” until we all get used to it.

Reporting and Advice for Cybersecurity

  • Reporting Fraudulent Emails
    • Reporting is a crucial step to preventing scams.
    • Without reporting, the FBI, CISA, the Secret Service, nor anyone else including me, will know the extent of the problem.
    • Without reporting, there is no stopping the problem and no preventing others from being victims.
    • Please know that I am here to help faculty, staff, and students and I will never make judgements if you fall victim to any scam.
    • Please email me and tell me if you have fallen victim to a scam, or you can call my cell phone any time you need to.
    • I will keep things as confidential as I possibly can and will always inform you before I contact anyone to whom I must report a compromise, when I am required to report.
    • Call your financial institution immediately and request that they contact the financial institution where any transfer was sent.
    • Contact your local FBI field office to report the crime.
    • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
    • Report fraud to the FTC.
    • If a scammer has gotten your personal information through a phishing email or it has been stolen in any way, go to IdentityTheft.gov to find out what to do next.
    • Please use Reporting Phishing Attempts to forward the email and its Internet headers to OIT Abuse and me, whether you have fallen victim or not.
  • Smartphone Security
    • Phishing and smishing
    • Cybercriminals try to tempt you into sharing your personal information via malicious links sent via SMS text messages.
    • These malicious links, once clicked, will often download, install, and execute malware without you ever knowing it.
    • This malware can steal all your personal details and account details or can hit you with ransomware.
    • Your bank, credit card companies, utilities, or any other reputable entity will never ask you to share any confidential or sensitive information through a text message (or email!).
    • If you are not sure if the text is legitimate, call the actual entity using their known phone number to inquire before you click on anything.
    • Don’t reply to the text, either, because the address was most likely spoofed.

  • Symptoms of malware infection on your phone
    • Battery draining unexpectedly
    • Unexpected behavior
    • Unknown apps
    • Browser changes
    • Unexpected bills
    • Service disruption
  • What to do if you think your smartphone is compromised
    • Run a malware scan
      • If you choose to purchase a dedicated antivirus app, Avast, Bitdefender, and Norton make trusted apps.
      • You can also use free versions of these apps, but make sure you always choose one with a very high number of downloads and only one that is highly rated.
    • Go through your apps regularly and delete anything suspicious.
    • Check permission levels of apps regularly.
    • Use mobile networks instead of open, public WiFi…always, not just when you think your phone may be compromised.
    • When not using them, turn off Bluetooth, GPS, and any other features that could broadcast your data.

I can never thank you enough for all you do to protect the Institute and its data. And thanks to those who notify me when they aren’t sure if an email is legitimate. It certainly helps me know when there is a problem. If you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.

Thanks!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu