The Office of Cybersecurity has a team of analysts that monitor activity on our network and who comes knocking on our doors. As the holiday season approaches, we’ve seen an increase in hackers’ efforts to gain access to UTHSC that our community should be aware of.
During the holidays, criminals know staff take vacation, or organizations have down time, but our systems remain running. Organizations often “slow down” during this time of the year, but the criminal hackers increase their efforts.
We have other factors; the federal government recently announced an increased effort to infect medical facilities with ransomware and there has been evidence of this occurring across the nation, and successful attacks.
There is the news of a COVID vaccine; from the cybersecurity office, every time there is an announcement about one of our researchers, providers, or COVID we see an immediate and exponential increase in attacks on UTHSC as seen below.
Stealing, or even guessing, users’ credentials is an easy access to our network. Because of this, one area we monitor is the number of failed O365 login attempts outside of the U.S. This past week, there were 246 failed foreign login attempt, a 13.89% increase from the previous week.
We also monitor what we call reconnaissance events, or activities where outsiders are attempting to identify our exposures and weaknesses. We’ve seen 110,000 events this past week, a 53.2% increase from the previous week.
This information is intended for awareness and to identify areas of opportunities where we can increase our security controls. If you see any suspicious or odd behavior, contact the Office of Cybersecurity at firstname.lastname@example.org or 901.448.1880. We want to know about it.