Netizen Corporation Cybersecurity Bulletin (May 1st, 2019)

Overview

Phish Tale of the Week
Microsoft Reveals Email Services Hack
Cleveland Hopkins International Airport Attacked by Ransomware
How Can Netizen Help?

Phish Tale of the Week

People always assume they can spot a malicious email because they’ve seen them before. And to a point, that’s true. However, the malcontents who send them are always changing their methods. The more times people fall prey to phishes, the more success (and money) the authors enjoy.

This week, we have an example of an improvement in the level of sophistication of a phishing email. This one contains formatting that is consistent with the Microsoft Outlook environment, which makes it more attractive to employees. Plus, there’s a green box telling the reader ‘the sender of this message is trusted’, meaning it’s legit, right?

Take a look below:

Once again, however, some tell-tale signs raise suspicions:

An unusually long email address in the FROM field, and one with an unfamiliar domain. This one appears to have originated in Japan.
The time stamp says the message was received at 4:29 PM, yet the body of the message claims “a message wasn’t delivered at 7:59 AM”.
Unless there is a digital signature employed, the phrase the sender of this message is trusted is far from a guarantee.

Additionally, as mentioned in our previous bulletins, the subject line is prefaced with the [EXTERNAL] tag, which is a feature of Microsoft Office 365. This is easy to identify as coming from outside the Netizen environment.

General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.

Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
Do not give out personal or company information.
Review both signature and salutation.
Do not click on attachments.
Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s cybersecurity brief: Ransomware Attacks Hit Cleveland Airport, Microsoft Email Services Accounts Compromised by Hackers

Microsoft Email Services Accounts Compromised by Hackers

In an alert notification sent by Microsoft to impacted users, the software giant informed its customers about a breach in its email services that gave hackers access to user’s information for nearly three months. Microsoft says that among the information that was breached were email addresses, subjects of emails, and contact names.

In an official statement released by Microsoft, officials said “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names and email addresses you communicate with), but not the content of any emails or attachments.”

Initially, Microsoft notified users that their login credentials were not directly impacted by the hack, but the software company did advise that users change passwords. Microsoft also said that only a limited subset of customer accounts were affected by the breach and the scheme was already addressed by blocking the attacker’s access. Around 6% of the affected individuals were notified that the attackers could have had unauthorized access to the content of their email accounts.

Recommendations:

Reset your Microsoft account password
Be wary of an increase in phishing or spam emails
Pay attention to questionable domain names in emails
Do not provide personal information or payments
Avoid suspicious email links and attachments

To read more about the Microsoft hack, clickhere.

Ransomware Attacks Hit Cleveland Airport

Cleveland Hopkins International Airport was hit by a ransomware attack that has halted the services for days as an investigation is underway by the FBI.

Cleveland Hopkins International Airport’s information systems were targeted by a cyberattack that crippled information screens that display in-airport flight arrivals, departures and baggage claims. An investigation is under way by the FBI in order to determine the source of the attack and to restore the services back to normal operations. Additionally, the airport-affiliated emails were taken down by the attack as well.

In a statement released by the City of Cleveland, officials said:

“Email is temporarily down as well as in-airport flight and baggage information screens. All other systems are functioning as normal and there are no impacts to flights or safety and security operations…To help clarify some misinformation that is being circulated, core business systems such as accounting, payroll, timekeeping, etc., which are maintained at the City level, were not compromised and remain fully functional.”

The Big Picture:

No business is invulnerable to a cyberattack, as these incidents clearly show. Business operations and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity.

To read the original article by CYWARE, clickhere .

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.