- Phish Tale of the Week
- Security Flaws in Enterprise VPN Apps
- WPA3 Security Vulnerabilities Discovered
- How Can Netizen Help?
Phish Tale of the Week
Phishing attacks are attempts by a hacker, masquerading as a trusted person or entity, to steal vital information such as login credentials, credit card information, or personal information by persuading the victim to open an email, instant message or text message.
In this particular attempt sent to an executive faculty member, a malicious actor tries to lure his would-be victim into clicking on links with malware packages. The attacker attempts to persuade the recipient of the email to click on an “important file” shared from a colleague. Again, the attacker is relying on people’s inherent trust in others to gain access to sensitive information.
An example email follows below:
As mentioned in the previous Cybersecurity Bulletin, the subject line is prefaced with the [EXTERNAL] tag, which is a feature of Microsoft Office 365. This is easy to identify as coming from outside the Netizen environment.
The items that draw attention to a likely phish attempt include:
- An unusually long email address in the FROM field, and one with an unfamiliar domain
- An unusual corporate name; Netizen’s own internal server is not called “Netizencorp”
- Broken HTML string in the body of the message
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
- Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
- Verify that the sender is actually from the company sending the message.
- Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
- Do not give out personal or company information.
- Review both signature and salutation.
- Do not click on attachments.
- Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
- Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
In this week’s cybersecurity brief: Four Enterprise Vendor’s VPN Apps Have Security Flaws, WPA3 Revealed to be Susceptible to Security Bugs
Department of Homeland Security Reveals Security Flaws in VPN Apps
An alert issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency states that a vulnerability bug present in several enterprise VPN apps may allow a hacker to remotely access a company’s internal network. The warning was issued following a public disclosure by CERT/CC, the vulnerability disclosure center at Carnegie Mellon University.
These enterprise VPN apps, built by vendors Cisco, Palo Alto Networks, Pulse Secure and F5 Networks contain a security bug that stores the session cookies and authentication tokens on a user’s computer to allow the user to remain logged into the VPN without having to reenter their credentials frequently. However, if these tokens were ever to be stolen, the hacker would be granted access to the internal network without needing the user’s password. These tokens could be stolen through malware and used to infiltrate company apps, systems and data.
As of now, the only vendor to confirm the vulnerability of their app and issue a patch was Palo Alto Networks. F5 networks reportedly knew about the security bug since 2013 but recommended that users simply apply two-factor authentication instead of releasing a patch. Neither Cisco nor Pulse Secure have patched their apps.
To read more about the VPN security flaw, click here.
WPA3 Discovered to be Susceptible to WPA2 Backwards Compatibility Flaws
The newest version of Wi-Fi Protected Access protocol has been released for nearly a year and a half. Before that, Wi-Fi networks had been protected by WPA2, which contained many critical vulnerabilities. Primarily centered around the authentication handshake between devices connecting to a network, these vulnerabilities were exploited by hackers frequently, prompting the creation of the new standard, WPA3. WPA3 was designed to protect against those vulnerabilities by employing a new handshake method called “Dragonfly”, which was hailed as invulnerable to the security vulnerabilities of WPA2. However, security researchers Mathy Vanhoef and Eyal Ronen discovered that the new Dragonfly has vulnerabilities due to its backward compatibility with devices that can’t connect using WPA3. Fortunately, the vulnerabilities were caught early in the life cycle and can be fixed with software patches.
The vulnerabilities included means for an attacker to gather information from the handshake about the passwords being used on the network and even a way to bypass the protocol’s security feature and obtain the handshake by masking the WPA3 as a version of its predecessor.
In a statement released by the Wi-Fi Alliance, the industry group that commissioned WPA3, officials said:
“Recently published research identified vulnerabilities in a limited number of early implementations of WPA3-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Copyright © 2019 Netizen Corporation. All rights reserved.