Recent geopolitical events have increased the risk of cyberattacks that could impact the US. While there are currently no credible or specific cyber threats against America, the Cybersecurity and Infrastructure Security Agency (CISA), warns that cyberattacks can take on various forms including:
• Misinformation spread online via social media and alternative news sources. Misinformation, disinformation, and ‘fake news’ (including charges of ‘fake news’ lodged against legitimate news reporting agencies) should not be considered harmless. They are forms of information warfare designed to create divisions within society. You should always fact check news reporting using multiple reliable and verified information sources.
• Phishing attacks often adopt high profile online trending themes such as COVID-19, election information, wars and military actions, as well as spoofing well known corporations such as Microsoft, Adobe, and Google. Phishing attacks are also launched via social media so be suspicious of any links or messages you encounter on Twitter, Facebook, and LinkedIn. Additionally, limit the amount of personal information you make public on social media as cyber criminals will often perform weeks to months of reconnaissance before launching targeted spear phishing attacks.
• Collateral compromises occur when a cyber-attack spreads beyond its intended target. A high-profile example of this occurred in the 2017 using a piece of malware most commonly known as NotPetya. This cyber-attack is believed to have been launched by Russia against Ukrainian infrastructure including airports, banks, and railways. However, the NotPetya malware quickly spread beyond Ukrainian borders and infected many multinational corporations including FedEx, Merk Pharmaceuticals, and global shipping giant Maersk. While these companies were not directly targeted, they were highly impacted. Indirect effects can be just as devastating as direct attacks.
Here are 4 key UCR cybersecurity tips to keep in mind:
• Whenever possible, use UCR’s virtual private network (VPN) and multi-factor authentication to connect to the campus network.
• Ensure all of your devices are running the latest version of software. This includes mobile phones, laptops, and other computer devices. Outdated software can leave your device more vulnerable to attack.
• Phishing is the primary means cyber criminals use to attack systems, so remain diligent when clicking on links and opening/downloading attachments within emails.
• Report suspicious email by forwarding it as an attachment to abuse@ucr.edu
More best practices and information on how campus users can stay secure can be found at https://its.ucr.edu/cybersmart.