Netizen Cybersecurity Bulletin (15 MAY 2019)

Overview

  • Phish Tale of the Week
  • Ransomware Attacks Hit Baltimore City Servers
  • Hospitals Demanding Better Cybersecurity from Device Makers
  • How Can Netizen Help?

Phish Tale of the Week

Malicious actors are often attempting to find an unassuming victim to target with the goals of persuading them to provide log-in credentials or download malware. Some of these targets are college students, busy with studies and maybe unaware to phishing attempts. 

This week, we have an example of a phishing email that was sent to Lehigh University students, a local college renowned for its technologically advanced campus. This one contains a message to students claiming that their school-assigned email inbox has reached its data limit. There is a link that the phishing email claims to be a sign-in page for students to use in order to extend their “data quota”. As is the case with most phishing emails, there are many red flags in the email that should signal a malicious attempt on the recipient of the email.  

Take a look below:

Some tell-tale signs that raise suspicions:

  • Notice the awkward phrasing of the email body text, as well as the obvious error in repetition of the message beginning with the words “Further incoming…”.
  • With the mouse hovering over the link, it is clear to see that the link will not direct the student to a domain used by Lehigh University.


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Ransomware Attacks Hit Baltimore City, Hospitals Are Pushing For Better Device Cybersecurity

Hospitals Taking Initial Steps In Improving Device Cybersecurity

With the amount of connected devices hospitals use in daily operations, there is an initiative by hospitals pushing device makers to ensure the security of their products. This comes as a response to increased reports of cyberattacks and a growing recognition of both financial and patient safety concerns, especially as the threat becomes more real. The attention to cybersecurity follows health-care’s embrace in recent years of digital technologies, from electronic medical records to mobile lab tests. For hospitals, internet-connected devices offer the potential to monitor patients more continuously and closely, and use the data to guide—and improve—care.

In stepping up their efforts, hospitals have gone beyond building firewalls and taking other actions to shield their own networks—they have moved into demanding information like the software running devices that manufacturers have long considered proprietary. Hospitals are running tests to detect device weaknesses, asking manufacturers to reveal proprietary software to assess vulnerabilities, and sometimes even rejecting bids or canceling orders for devices that don’t have adequate safety features. Some of these hospital’s requests have caused tensions with device manufacturers, although there’s also collaborations between the two parties in efforts to improve device cybersecurity. 

In February of 2019, credit-rating agency Moody’s Investors Service ranked hospitals and healthcare facilities as one of the sectors most vulnerable to cyberattacks.

Hospitals and Healthcare Facilities statistics:

  • More than 150 million personal health records have been breached in health-care company hacks since 2009.
  • The healthcare industry was the victim of 88 percent of all ransomware attack in U.S. industries in 2016.
  • In the past two years, 89 percent of healthcare organizations were breached.

To read more about the increased hospital cybersecurity efforts, click here.

Ransomware Attacks Hit Cleveland Airport

For over a week, some Baltimore City government departments have been offline as a result of ransomware attacks on the city’s servers. The attacks, believed to be a ransomware called RobbinHood, have taken the city’s email services and other services offline. Fortunately, police, fire, and emergency response systems have not been affected by the attack, but nearly every other department of the city government has been affected in some way. 

Baltimore Chief Information Officer Frank Johnson explained in a press conference last week that the malware was “the very aggressive RobbinHood ransomware” and that the FBI had identified it as a “fairly new variant” of the malware. The newer version of the ransomware has emerged over the past month. The nature of the ransomware, believed to be spread directly to the individual machines via psexec and/or domain controller compromise, since the ransomware itself does not have any network spreading capabilities and is meant to be deployed for each machine individually, means that the attacker would need to already have gained administrative-level access to a system on the city’s network.

The city is still recovering from the attacks, which have disrupted everything from real estate transactions, on-line bill payments for residents, and services such as telecommunications. Ransomware attacks typically are all about making money: Attackers demand a fee to decrypt victims’ files they have accessed and encrypted. This is the second successful attack on Baltimore, in such a short time frame, which highlights the obstacles many local governments face when it comes to cyber security.

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

To read the original article by arsTECHNICA, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.