Netizen Cybersecurity Bulletin (June 26, 2019)

Overview

  • Phish Tale of the Week
  • Vulnerability in TP-Link’s Wi-Fi Extenders Could Allow Remote Control to Attackers
  • Latest Phishing Scam Impersonates Apple Support
  • How Can Netizen Help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing email targeting Bank of America customers. The email seems to be a security notification about “unusual activity” on the bank account and urgent care is required. The email even contains the logo of the bank and the official website linked in the body, so it must be a real notification, right? Not so fast. The email has a few tell-tale signs of its in-authenticity.

Take a look below:

  1. Notice the way that the “Bank of America” display name does not match the email format in the “From” field.
  2. In the “To” field as well as the greeting, there is a general salutation that is very vague and can be applied to anyone receiving the email.
  3. While hovering your cursor over the link, it is clearly a different link than the one provided in the body of the email.
  4. There are clear grammatical and spelling errors throughout the text, all of which indicate that the author is not very professional. 


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Vulnerability in TP-Link Wi-Fi extenders Could Allow Remote Control to Attackers, Latest Phishing Scam Impersonates Apple Support

TP-Link Wi-Fi Extenders Vulnerability

A WiFi Extender is a device that repeats the wireless signal from your router to expand its coverage. It functions as a bridge, capturing the Wi-Fi from your router and rebroadcasting it to areas where the Wi-Fi is weak or nonexistent, improving the performance of your home Wi-Fi. With many internet users often not having enough coverage around their homes or office space, a simple solution is to use an extender to receive coverage to areas that are lacking it. However, TP-Link, a global leader in networking devices and accessories, disclosed that a vulnerability in the TP-Link RE365 Wi-Fi extender version 1.0.2 could allow an attacker to take complete control over the device.  

The vulnerability, tracked as CVE-2019-7406, could allow a remote attacker to perform arbitrary command execution via specially crafted user agent fields in HTTP headers. The attack works by sending a malicious HTTP request to the Wi-Fi extender. The vulnerability of TP-Link’s Wi-Fi extender allows a potential attacker to execute commands from the request. The attacker would need to know the extender’s IP address to exploit the vulnerability, but you can find thousands of exposed devices on IoT search engines like Shodan. More sophisticated attacks can be carried out due to the level of access that an attacker would assume, including potentially redirecting people to pages with malware, as well as taking over the routers to use as part of a botnet. 
 
The vulnerability affects home and office users alike, which can put private and business data at risk. the affected TP-Link devices are the RE365 model as well as the RE650, RE350 and RE500 devices. However, TP-Link responsibly disclosed the vulnerability and released software updates to patch the flaw.  
 
To read more about the TP-Link vulnerability, click here

Phishing Scam Impersonates Apple Support

The telephone version of phishing is called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to assume your identity and open new accounts. Vishing attacks are designed to generate fear and immediate response and therefore occur within short time frames. For example, a vishing perpetrator (visher) may gain access to a group of private customer phone numbers and call the numbers from the group. When a potential victim answers the phone, he or she hears an automated recording informing him that his bank account or social security information has been compromised. The victim is then instructed to call the “toll-free” number included in the message and also enter personal information like bank account numbers and social security numbers for “verification.” The victim’s entries are collected and then used to access their bank accounts or steal their identity.

 
The latest vishing scam making the rounds involves scammers pretending to be Apple Support Agents alerting Apple users that their account has fallen victim to a data breach. Scammers implement a spoofing technique to imitate the real Apple support telephone number, often showing up on Caller ID as ” 1 (800) MYAPPLE,” even though the fake call is coming from another country. On Apple devices, the fake call even displays the Apple logo and either “Apple Customer Service” or “AppleCare” to trick users into thinking the call is authentic. The goal of the scammers is to gather iCloud or Apple ID account information of victims. Apple announced that iOS 13 will include a feature that forces unknown calls to go straight to voicemail, a feature which will likely debut in the fall. In the meantime, Apple is advising users not to answer questionable phone calls from Apple Support. If you are concerned about the status of your Apple account, contact Apple directly.  

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.