Netizen Corporation Cyber Threat Brief (March 20, 2019)


  • Phish Tale of the Week
  • U.S. Government Contractor Hacked
  • New Malware Targets Point-Of-Sale Systems
  • How Can Netizen Help?

Phish Tale of the Week

It’s early morning, and you open your e-mail in-box and see a message from your boss.  Your boss is asking you for your personal cell phone number, telling you there is an urgent task that needs to be done by you. What do you do?

An example email follows below:

This is an example of phish that was received by several people in our organization last week.  At a quick glance, many would be willing to provide the CEO of the company; who wants the boss to be kept waiting, especially when there’s an urgent task to be completed??

That reaction is what the hackers are hoping to capitalize. Having an employee’s personal cell phone number is an attack vector which can be leveraged to encourage the employee to, perhaps, make purchases or transfer funds on behalf of the CEO

Once again, there is a trail of clues that you can use to identify this phishing email as a scam.

  • Unusual email addresses in the heading: in this case, the address is an external address, not the corporate address, and is generic in naming. 
  • An unusual request for a cell phone number; would the CEO ask you for your number? The odds are pretty good that the CEO has your phone number already if there was a need to reach out to you for such a request.

This kind of phishing email relies on our desire to help, and it effective, since the examples are so commonly found.  Companies should ensure positive confirmation when any such request is made, to prevent this kind of attack of being effective.

General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s cybersecurity brief: US Data Contractor Suffers Massive Data Breach, New Malware Targets POS Systems to Steal Credit Card Information

Citrix Suffers Massive Data Breach

Citrix has been hacked by IRIDIUM, a group of Iranian-backed hackers, who had extracted over 6 terabytes of data during Christmas time and was notified by the FBI of the incident on Mar 6. The group seems to have gained access using a technique called ‘password spraying’, which takes a small number of very common passwords and attempts them on many user accounts, thereby avoiding many account lockout mechanisms. This technique is harder to detect than brute-force password techniques. Password spraying is initially targeted towards a small group of users in hopes of a compromise. If access is gained, the attackers download the Global Address List for that organization in order to continue the password spraying on a larger target group. The group has been focusing on U.S. Government contractors & agencies, being linked to over 200 attacks. While there is no evidence the attacks directly penetrated U.S. Government networks, the breach carries a potential risk that the hackers could eventually find their way into sensitive government networks.
To read more about the Citrix breach, click here.

GlitchPOS Is a New Malware Targeting Point-Of-Sales Systems

A new malware called GlitchPOS has been recently gained   popularity amongst cyber criminals as an easy-to-use credit  card capturing malware. The malware infects a point-of-sale  (PoS) system through a phishing email that is downloaded  onto a computer in the same network. Once the malware  infects the PoS, it begins sending credit card information  back to the owner of the malware. The alarming  characteristic about this malware is that it was developed for non-technical criminals to target PoS systems. The malware package even has a dashboard that allows the criminal to access the “clients list” of infected systems and a panel listing all of the stolen credit card information. 

The pre-built software sells for $250, and can be a very enticing deal for cyber criminals looking to target the restaurant and hospitality industries, as recent trends show. 

What does this mean for you?

Business Owners: If your business commonly uses a PoS system and credit card transactions, it is important to ensure that you remain PCI compliant. Getting on-going network monitoring from cybersecurity experts is also highly recommended. 

Consumers: Ensure that you trust the vendor using your credit information and often monitor your credit card activity. 

To read the original article by ThreatPost, click here

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.