Netizen Cybersecurity Bulletin (March 12th, 2021)

Overview

  • Phish Tale of the Week
  • U.S issues warning after Microsoft says China hacked its mail server program
  • Ransomware as a service is the new big problem for business
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Apple customers. This email appears to be a notification about a status update for your Apple account. This email contains Apple’s logo as well a link to fix this issue right in the email, so why not click “verify your account”. Unfortunately, there’s plenty or reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender address. Big corporations like Apple will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous ones you’ve received and make sure the sender address is the same.
  2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
  3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that some of our account information appears to be missing or incorrect. We are then given 24 hours to remedy this issue. Phishing campaigns like this will almost always attempt to create urgency by requiring a response in a short time period. Additionally, they are asking for our information which should already be on file. Remember, never give out any of your personal information to random links on the internet.

For Apple specific recommendations find more here.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S issues warning after Microsoft says China hacked its mail server program.

The U.S government released an emergency warning shortly after Microsoft announced they had caught a group hacking into Microsoft Exchange, a mail and calendar server program. In Microsoft’s initial investigation they believe to have uncovered the origins of the hacker group and “with high confidence” believe them to be working for the Chinese Government. This ploy, seen as another escalation of cyber espionage between China and The United States promoted the U.S Cybersecurity and Infrastructure Security Agency, or CISA for short, to issue an emergency directive requiring all government entities to update their Exchange servers immediately. In the past, CISA has rarely taken such direct action in exercising its authority as the country’s premier agency on cybersecurity. In a statement to the public, CISA reported “The move way necessary, because the Exchange hackers were able to gain persistent system access”. From time of the emergency directive going out, government agencies will have until noon Friday, March 12 to download the latest software update.

In a separate statement, Microsoft’s Vice President Tom Burt warned the public that these hackers were spying on a wide range of American targets. Businesses from defense contractors to law firms and diseases research centers were included in the brief from Microsoft. At this time Microsoft believes that no individual consumers were targeted in the reported hack on Exchange, but would like to caution everyone to add an added level of scrutiny to any correspondences over their mail servers.

While no significant exploitation or damage to government computer networks was detected in this hack, experts believe these events will grow more frequent in the coming months. This event marks the second time in the past few months that the U.S has had to react to a widespread hacking campaign from foreign actors. The Department of Homeland Security and CISA are still reeling from late last year’s SolarWinds breach that saw hundreds of companies and government agencies affected by a similar hack.

To read more about the latest Microsoft breach, click here.

Ransomware as a service is the new big problem for business.

Imagine a service where instead of having to plan a heist and go in-person to rob a bank, criminals could rob the bank without ever stepping foot into it. For many businesses, this scenario is beginning to sound more and more familiar with ransomware as a service rising in sectors like education, public health, and manufacturing. Ransomware as a service or (RaaS) for short is the use of predeveloped malware that is then leased or sold from one threat actor to another and then distributed in malicious ransomware campaigns to either individuals or companies alike. What makes RaaS so dangerous is that it empowers relatively low-skill hackers and gives them the opportunity to pay for malware that they would not have been able to create on their own.

Researchers at cybersecurity company Group-IB have determined that almost 66% of ransomware attacks that were conducted in 2020 came from criminals using RaaS. What is even more alarming is that ransomware affiliate schemes are on the rise as well with 15 new affiliate schemes appearing in 2020. These affiliate programs allow developers of malware to spend their time developing their viruses instead of worrying about where to deploy them, while also lowering the initial risk these developers face. In turn, affiliate programs allow want-to-be hackers the tools and techniques of successful ransomware campaigns without needing to have prior knowledge of malware development or how best to distribute it.

With companies making the switch to largely remote work environments in 2020, we saw an increase in the number of publicly accessible RDP servers. Many of these servers became the initial points of access for ransomware operators. Thankfully, there are a few precautions companies can take to help mitigate their risk of attacks like this happening in the future. One of the first precautions is for companies to implement more stringent password requirements to access their RDP servers. Having strong and unique passwords for different accounts means that one password will not be the key that opens up every door. Another security measure we would recommend is to restriction the IP addresses that can access your RDP connections and setting limits on the number of login attempts over a certain period of time. Finally, adding multi-factor authentication security protocols would help limit access to high-value data and create a second step to gain access to any information.  All these security measures coupled with a culture centered around cybersecurity are great steps towards keeping your business secured in 2021.

Find more about this article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.