Netizen Cybersecurity Bulletin (November 19th, 2021)

Overview

  • Phish Tale of the Week
  • CMMC Halted CMMC 2.0 On The Horizon
  • Global Supply Chain At War Against Dark Web Cybercriminals
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notification saying $500 has been sent to our Venmo account. This email contains Venmo’s branding and a convincing message saying to complete the necessary steps to finish the process, so why not click the link?. Unfortunately, there’s plenty of reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
  2. The second warning sign in this email is the lack of consistent messaging. The image in the email shows that I $500 has been sent to my account, but there is no other information available. Normally, when you recieve money on Venmo a reciept is sent to your inbox with the party that sent the money and the total amount. In this case, there are no further details on this payment.
  3. The final warning sign for this email is the callouts at the bottom. This message says to “accept money”. Brief messaging is normally used in scams like this to attract people to just read what they say and click as fast as possible. One easy way to spot a scam email is to reference previous emails you’ve received from the company. When compared to other correspondences from Venmo, this email immediately looks different.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

For Venmo-specific recommendations and tips check out this link to their fraud detection center here.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

CMMC Halted CMMC 2.0 On The Horizon

Earlier this month, sources from inside The Pentagon summarized their changes for the Cybersecurity Maturity Model Certification (CMMC) program. These changes come almost a year after the initial idea of CMMC was proposed to members of the DoD supply chain. CMMC is made up of security requirements that all DoD vendors and suppliers must adhere to better protect the flow of data and information and increase their security posture. The Department of Defense has halted all official audits and implementations of this framework, pending the release of new changes later this year.

The goal of this program was to require every defense contract that comes in contact with certain controlled and unclassified information to undergo a third-party audit to determine their compliance with the controls outlined in the original release of the Cybersecurity Maturity Model Certification. The federal government had plans to pilot this certification with multiple internal programs, but now those plans have been stalled. According to The Pentagon, the previous requirements and guidelines from CMMC will be rolled into CMMC 2.0 with hopes of discussion and collaboration within the industry to help streamline this process.

The focal point of CMMC was that Pentagon officials believed the current system of defense contracts being allowed to self-attest their compliance with cybersecurity standards from the National Institute of Standards and Technology (NIST) was not working. This was further confirmed after the U.S saw a nationwide increase in cyberattacks at the beginning of and through most of 2021.

The original CMMC guidelines established five levels of security for vendors to meet with specifics to which level they needed based on the level of data they process/possess. CMMC 2.0 has proposed removing levels two and four from the standard. Additionally, all level one suppliers can self-attest to their cybersecurity readiness. The next level (previously level three) would be split into priority and non-priority acquisitions, allowing priority to opt-out of an independent third-party assessment. The rules for level three (previously level five) have yet to be released.

CMMC 2.0 is also rumored to remove additional controls that were added last year in CMMC’s initial run and will instead rely solely on NIST’s 800-171 controls. In accordance with this, CMMC 2.0 will now accept plans of actions and milestones (PoAMs), which had initially been ruled out last year. The final set of changes and requirements for CMMC 2.0 have yet to be released but are due out by the end of the year.

To read more about this article, click here.

Global Supply Chain At War Against Dark Web Cybercriminals

Many Americans have been suffering supply chain shortages for months now. Whether it is toilet paper, a new PlayStation 5, or a pair of winter boots, goods are not as easy to get your hands on as they once were. Economists have blamed these shortages on many issues surrounding the pandemic and state of the global economy. To make matters worse, supply chain vendors are now faced with an onslaught from cybercriminals on the dark web selling sensitive information that could compromise these companies.

Cyber intelligence firm Intel 471 recently reported that dark web traffic has spiked with user credentials from ground, maritime, and air cargo transport vendors being sold on underground marketplaces. These criminals have leveraged vulnerabilities in virtual private networks (VPNs), remote desktop protocol (RDP), and other products like Citrix and SonicWall to exploit these organizations.

Intel 471 researchers reported, “We’ve witnessed ransomware attacks on the shipping industry throughout the year, which has undoubtedly put a constraint on companies that are already stretched thin due to the pandemic.”

By the beginning of 2021, the four largest global maritime shipping companies had become victims of recent cyber-attacks, leaving many wondering how. A deeper dive into the dark web uncovered that many of these companies were being advertised on underground forums. In October 2021, cybercriminals on one of the forums stated they had access to a U.S based freight company and could provide administrator access for multiple computers on their network. In August, just months before, an unknown threat actor with ties to the Conti ransomware gang had claimed to have similar access to a U.S-based transportation management firm.

These attacks are hindering shipping operations across the globe, and vendors need to take notice immediately. As more focus is put on suppliers to move goods worldwide, companies must increase their cybersecurity posture. These recent attacks have proved they are lucrative targets to cybercriminals, and they won’t stop till there is pushback.  

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.