Netizen Cybersecurity Bulletin: 3 October 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Phish Tale of the Week!
  • GhostDNS Hacks Over 100,000 Routers
  • Browser Notification Spam
  • Cybersecurity Buzzwords to Know
  • How can Netizen Help?

FEMA Tests Emergency Alert System Oct 3 starting at 2:18 ET

Phish Tale of the Week

This week’s phishing email claims it originates from “Microcorporation” and is asking the user (T4NG) to reconfirm a password. This is one of the more obvious examples of a phishing attempt; poor formatting, grammar, spelling, and it does not even address the actual name of a person, as well as the fake link.

phis3

Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

GhostDNS Hacks Over 100,000 Routers

A widespread malware campaign known as GhostDNS has hijacked over 100,000 home routers. The infection modifies the routers’ DNS setting to hack users with malicious web pages, namely, banking sites to steal users’ login credentials. The GhostDNS system operates mainly at four different modules:

DNSChanger module: This is the main module that can run scripts (an automated series of instructions) to exploit routers in the Shell, Javascript (Js), and Python (Py) programming languages; each language being a submodule of the former.

Web Admin module: Not too much information has been found regarding this module. However, it seems to be an administrative panel for the attackers to utilize when secured into a login page.

RogueDNS module: The RogueDNS is responsible for resolving targeted domain names from the attacker-controlled web servers. These web servers mainly included banking websites and cloud hosting services.

Phishing Web module: When a targeted domain has been successfully exploited, in this case, the domain is resolved through RogueDNS, the Phishing Web module points the server to the fake version of whatever website the user tries to visit, where the attacker can then steal credentials.

The GhostDNS campaign is organized and highly scaled, making use of different attack vectors coupled with automated processes, making the malware particularly dangerous.

Recommendations:

• To help protect your network from GhostDNS, due diligence provides the best defense:
• Ensure your router’s firmware is the most current version.
• Set a strong, complex password for the router.
• If at all feasible, disable remote administration to the router to increase security.
• Change the default local IP address.
• Hardcode a trusted DNS server into the router or at the operating system.

Browser Notification SPAM

Browser notifications enable websites to pop-up alerts, such as for breaking-news bulletins from a news site. Like so many features online, something good has been exploited. BleepingComputer.com reported this issue last week.

Sites are now tricking users to accepting browser notifications in order to promote unwanted extensions, fake software, adware bundles, adult sites, and scam sites.

scam1

For example, in the image above the site tricks the user into thinking they subscribe to notifications in order to view a video.

Once the users signs-up for notifications, the site will either perform a redirect to another site or display the video. In addition, the visitor will now receive spam browser notifications delivered directly to their desktop. These spam notifications will essentially be advertisements for unwanted extensions, fake downloads, adult sites, and giveaway scams.

If you are receiving browser notification spam, you can check for and remove subscriptions by going into your browser’s settings. Once the subscriptions are removed, the spam will stop appearing on the desktop,

Chrome Users
To remove them in Chrome, you can go into the Settings and search for Notifications, click on Content Settings, and then click on Notifications. Chrome will now display a list of sites that you are subscribed to or have blocked.  Most users are often surprised at how many sites they have in their subscription list. To remove a notification, simply click on the dotted vertical line next to a site and select Remove.

Firefox Users
Firefox users can go into Options, search for Notifications, and then click on Settings next to Notifications to access the list of subscribed sites and remove them.

Edge Users
You can disable browser notifications on a site-by-site basis by clicking on the menu icon (three horizontal dots) in the upper right-hand corner and going to Settings > View advanced settings.   Under the Notifications subheading, click Manage and a panel will appear where you can edit the various sites that you’ve agreed to receive notifications from.

https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/

Cybersecurity Buzzwords to Know

The cybersecurity industry is filled with words like trojan horse, zombie, and worm. Words that seem like works of science fiction, but are an everyday reality for the internet.

As more of our daily life is moving towards the digital world, these terms begin to take on new meanings and introduce us to the different cybersecurity threats we face.

While the majority of us would rather leave these threats to more IT-focused individuals, it’s important that we all have an understanding of cybersecurity so that we can protect not only ourselves but others, by understanding key terms.
Cybersecurity Terms:

Backup: Ensuring that all important data is stored on a secure, offline location to protect the data from being lost, or if a computer is hacked. It’s good practice to routinely copy files to a USB flash drive or cloud storage.

Blackhat hacker: An individual who maliciously cases damage to a computer system, steals data, or conducts illegal cyber activities.

Botnet: A group of computers, typically anywhere in the world, that have been infected by malicious software. This allows the group to be remotely controlled by a hacker, allowing them to perform malicious attacks such as denial of service.

Brute Force Attack: A hacking technique that is used to break into a computer system. The technique involves attempting to “guess” a password over several thousand attempts.

Phishing or spear phishing:  A technique used by hackers to obtain sensitive information, such as passwords, bank accounts, or credit cards. Often an unexpected email is received disguised as being from a legitimate source. In many cases, the hacker will attempt to trick you into either replying with the information they seek, like bank details or tempt you to click a malicious link or run an attachment. Spear phishing is a variant of this technique, but the hacker targets a business or person specifically, instead of taking a blanket approach.

Trojan horse: A piece of malware that often allows a hacker to gain remote access to a computer. The system will be infected by a virus that sets up an entry point for the perpetrator to download files or watch the user’s keystrokes.

Worm: A piece of malware that can replicate itself to spread the infection to other connected computers. It will actively hunt out weak systems in the network to exploit and spread.

Whitehat hacker: A person who uses their hacking skills for an ethical purpose, as opposed to a blackhat hacker, which typically has malicious intent. Businesses will often hire these individuals to test their cybersecurity capabilities.

Zombie: A computer system that has been infected by malware and is now part of a hacker’s botnet.

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company.

ISO

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.