Netizen Cybersecurity Bulletin: 10 October 2018 Edition
In this issue:
In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.
- Phish Tale of the Week!
- Facebook Breach Affects 90MM users
- MikroTik / WinBox Vulnerability
- 3 Things to Look for When Choosing a Cybersecurity Company
- How can Netizen Help?
Phish Tale of the Week
This week’s phishing email claims it originates from the Payroll Admin and is asking the user to update their information in order to receive the new payroll increase. This is one of the more obvious examples of a phishing attempt; poor formatting, grammar, spelling, and it does not even display a proper ticket number.
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
- Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
- Verify that the sender is actually from the company sending the message.
- Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
- Do not give out personal or company information.
- Review both signature and salutation.
- Do not click on attachments.
- Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
- Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
Facebook Breach Affects 90MM
90 million Facebook accounts were logged out last week. So what happened?
Anyone who uses Facebook is familiar with the persistence of the login — you can close the browser/app, turn off your device and come back next week and your login is still active.
Another feature lets the Facebook login work on different sites and applications, using a feature known as SInge Sign-On (also known as OAuth). You login to Facebook and then other sites recognize you. This is also a concern of many that Facebook can track your activity online, but that’s a discussion for another day.
Facebook provides users with the ability to have different posts shown to different groups of users – groups like Family, CoWorkers, School-Friends, and Global (the whole world). Additionally, users are able to see their profile and ‘Wall’ page in the view any one of their friends or friends in user-groups see it. This is a useful and powerful feature, especially if users want to segregate their posts to certain users.
In 2017 Facebook updated their product to permit users to upload Birthday Videos to their friends. This feature became instantly popular.
Researchers at Facebook noticed a sharp increase in the use of ‘View As’ and looked into it. They discovered this function was being exploited by a bug in the Birthday Video app, which passed the OAuth sign-on token to the attacker, enabling that user to actually become any user they wanted.
Facebook responded by logging out some 90 million people, basically anyone any user who ‘Viewed As’ by any other user in the last year. That act was drastic, but overall harmless and it ensured anyone’s account that was compromised was logged out. The OAuth has been incredibly useful, but when a service with the 2 billion user base has a bug, it potentially affects a lot of people. Facebook disabled the View As feature and it is still unavailable as of this writing.
- Check where you’re logged in on Facebook: Facebook tracks the devices you are currently logged in. On a desktop, click the down arrow (found in the top right-hand corner) and click Settings or go to this link: https://www.facebook.com/settings?tab=security Check WHERE YOU’RE LOGGED IN and see if you recognize the devices and locations. You can clock the three dots on the right-side of the list and select ‘Log Out’ to simply log out the connection, or ‘Not You’ to report a suspected login to Facebook.
- It is also a good time to select APPS AND WEBSITES (from the left-hand menu or go to https://www.facebook.com/settings?tab=applications ) and review what apps have access to your data. Many users don’t realize how many apps and websites are able to interact with their data.
These recommendations should be done periodically for all social media accounts.
MikroTik / WinBox Vulnerability
A once medium vulnerability discovered in MikroTik routers is now rated as critical. The vulnerability coupled with a new hacking technique used against MikroTik routers will allow an attacker to remotely execute code on affected devices and obtain root access. Furthermore, remote attackers would be able to bypass authentication and read arbitrary files by modifying a request to change one byte related to a session ID.
The vulnerability is capable of impacting WinBox as well. WinBox is a management component for administrators to set up their routers using a web-based interface with a Windows GUI application. The new exploit could allow unauthorized attackers to hack MikroTik’s RouterOS system, deploy malware payloads, or bypass router firewall protections.
Additional Vulnerabilities include:
- CVE-2018-1156—A stack buffer overflow flaw that could allow an authenticated remote code execution, allowing attackers to gain full system access and access to any internal system that uses the router.
- CVE-2018-1157—A file upload memory exhaustion flaw that allows an authenticated remote attacker to crash the HTTP server.
- CVE-2018-1159—A www memory corruption flaw that could crash the HTTP server by rapidly authenticating and disconnecting.
- CVE-2018-1158—A recursive parsing stack exhaustion issue that could crash the HTTP server via recursive parsing of JSON.
The aforementioned vulnerabilities impact MikroTik RouterOS firmware versions 6.42.7 and 6.40.9. Now, these issues have in fact been patched however it is estimated that nearly 70% of these routers are still vulnerable to attack. It is a good rule of thumb with any router to regularly patch and update the firmware. Also, while it may sound obvious if your router contains a default password (admin, password, etc.) change it!
3 Things to Look for When Choosing a Cybersecurity Company
As cyber threats and security mandates continue to grow at a rapid pace, security teams are struggling to keep up. How does a company keep the team’s morale and motivation high? How does one ensure the strategy to protect your company’s assets are sound and continue to move in the right direction?
Teaming with a third-party security company can provide the skills, knowledge, and support that is needed to keep defensive measures strong. This is critical at a time when there are so few Cybersecurity professionals available – estimates of up to 3.5 million unfilled positions in the industry by 2021. Choosing the right security company can make certain your defense strategy stays on track, rather than derail due to a lack of resources.
Three questions to consider when evaluating potential security companies:
1. Are they a proven security company?
When it comes down to Cybersecurity, the best partner is one that often has done their “time in the trenches.” When you work with a company who is a proven practitioner of security – one that has been down the path and understands what companies are up against – you get a different, and arguably better perspective and guidance over someone who has simply has only read a book on security.
2. Do they offer end-to-end solutions?
Cybersecurity is a journey, not a destination; and every single company’s journey is different. What this means is that regardless of where a company is on the path to Cybersecurity, you need different solutions, product offerings, and services. There is no such thing as a one-size-fits-all solution.
All too often, companies rely on Cybersecurity software vendors for broad-stroke support. They may provide security consulting services, but their knowledge and capabilities are limited only to their technology. One needs to look fora security vendor that can meet your companies needs wherever you are on your Cybersecurity journey.
3. Do they offer tailored security options?
With a multitude of factors that drive Cybersecurity decisions, including budget, risk tolerance, compliance requirements, technology stacks, and resource constraints, you need a Cybersecurity company that understands these various aspects and deliver the support that best fits your company.
You may want to adhere to specific standards or certifications when performing business objectives, such as ISO 27001. You will need a Cybersecurity company that can provide the needed security assessments and roadmaps with these standards in mind.
Working with a Cybersecurity vendor that only has a single delivery model, or single technology, greatly limits what they are able to provide. Working with multiple Cybersecurity vendors adds unnecessary complexity and higher costs for your business. That’s why seeking out a single firm that offers a range of services and solutions designed to meet your every challenge is the proven course. This approach offers more cost control, lower overhead, and most of all lower complexity.
When selecting the right Cybersecurity partner for your organization, remember that Cybersecurity is long term challenge, and teaming with a long term partner can help you along your journey.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company.