Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 08/17/2022

Posted on Aug 17, 2022Share on

laptop with red screen and a black pirate flag

Today is more about education than specific issues, which is always the better of the two! First, don’t forget that today is the last day we have Malwarebytes. I also want to tell you about emails and safe domains. Sometimes knowing what to question about an email address can make a big difference! Also, I want to tell you a little about some different types of malware that you may or may not know about. This list is far from exhaustive, but the full list would be quite exhausting! 😊 I will cover additional types in upcoming e-newsletters.

Important Information – REMINDER

  • Malwarebytes
    • UTK’s Office of Information Technology (OIT) has opted NOT to renew the contract for Malwarebytes.
    • This decision was not made lightly, as we have trusted Malwarebytes for many years.
    • OIT has implemented Microsoft A5 licensing, which includes Microsoft Defender for Endpoint.
    • OIT feels that Microsoft Defender for Endpoint is a better product and that keeping Malwarebytes is redundant.
    • At 5pm on Wednesday, August 17, OIT will be deleting all of the Malwarebytes endpoints on UTK, UTIA, UTSA, and UTFI computers using the Malwarebytes Cloud Console.
    • While this mass removal will occur in the background unnoticed, it *may* force a reboot of some computers, although it is unlikely.
    • While this is not expected to cause any work stoppages or issues, please call the OIT HelpDesk at (865) 974-9900, if you have problems.
    • Microsoft Defender for Endpoint is something that is automatically updated and run for you, but if you notice it is not updating or running as expected, please call the OIT HelpDesk at (865) 974-9900.

Current Threats

  • Email from “@email.tg” and other domain oddities
    • This week I received a message about the validity of an email from a user with a .tg domain.
    • The person inquiring about this noticed this domain and that is what made her question the email, which would have otherwise seemed normal. (Thank you!)
    • .tg is the country code top-level domain (ccTLD) for Togo, a country in West Africa.
    • My research on this has shown this domain to be involved in sending spam and was even involved in recent a ransomware attack.
    • I strongly recommend that you always check out the sender’s email address and/or the return address (not always the same!) and do not respond when it doesn’t seem right.
    • If something doesn’t make sense, there is usually a reason why.
    • Refer to this domain listing for generally safe domains, but still think about whether or not it seems right for the sender, as addresses can be spoofed.
      • .gov (government)
      • .edu (education)
      • .mil ((US military)
      • .org (charitable organizations)
      • .net (usually technology and networking)
      • .com (usually commercial businesses)
    • Please disregard emails from ccTLDs like .cn, .hk, .ir, .kp, .ru unless you are 100% certain you know with whom you are dealing.
    • If you receive emails from anyone you do not know or do not expect, please don’t click on any links or open any attachments.
    • And please do not respond to unwanted or unsolicited email offers, as it verifies your email is legitimate and it flags you as a potential victim of future scams.

Malware Types

  • Remote Access Trojan (RAT)
    • RATs allow an attacker to remotely control a computer.
    • RATs are often downloaded through email attachments, links, and downloaded apps.
    • RATs are also used by attackers using social engineering tactics to trick you into installing software containing malware.
  • Virus
    • Viruses can record, corrupt, or delete data.
    • Viruses are spread via opening malicious files.
  • Worm
    • Worms are typically found in email attachments, text messages, social media sites, removable drives, and network shares.
    • A worm will exploit security vulnerabilities, copying itself so it can spread throughout the network.
    • A worm can steal sensitive data, change your security settings, or prevent you from accessing files.
  • Trojan
    • Trojans often appear to be legitimate files or apps, causing users to unknowingly download them.
    • Trojans can download and install other malware.
    • Trojans can record your keystrokes and the websites you visit.
    • Trojans can send your information, e.g., passwords, login information, browsing history, etc., to an attacker.
    • Often the information collected by a trojan will be sold on the Dark Web to other attackers.
  • Loader
    • A loader is a small malicious program that downloads and executes additional payloads on compromised machines without detection.
    • A few weeks ago I mentioned Bumblebee, which is a fairly new and very successful loader.
    • The initial infection can come through links and attachments in an email, then the loader can inject the system with ransomware.
  • Ransomware
    • An attacker will encrypt files on your computer and not allow the possibility of returning the data to you until you pay a ransom.
    • Ransomware attacks target an organization through common system and security misconfigurations.
    • Often ransomware is delivered through credential theft, allowing the attacker to pose and an employee and gaining access to their accounts.

Thank you so much for protecting the Institute and its data. And thanks to those who notify me when they aren’t sure if an email is legitimate. It definitely helps me know when there may a growing problem. As always, if you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.

Thanks!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu