Netizen Cybersecurity Bulletin (January 11th, 2022)

Overview

  • Phish Tale of the Week
  • How Remote Work has Impacted Cybersecurity
  • Are Medical Devices at Risk of Cyber Attacks?
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a notification alerting us that our package could not be delivered due to incomplete information for our physical address. We are then prompted to update our address below. This email contains FedEx’s logo and a convincing message saying update my address, so why not click the link and update details? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
  2. The second warning sign in this email is the incomplete greeting. The email starts off with Dear [Name] instead of an actual name. This is a telltale sign of a spam email. Most outside threact actors will lack the basic information to create a legitimate looking email. Usually, the greeting would have your specific first and last name in the beginning to show who the company is communicating with.
  3. The final warning sign for this email is the inconsistency in the messaging. First we are told to update our physical address. Then we are told to update our personal address. Finally we are told to “update my address” below. Most companies will use consistent messaging and refer to account changes that need to be made in the same fashion each time. This phyiscal address vs personal address vs update my address is an immediate red flag.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

For FedEx-specific recommendations and tips check out this link to their fraud detection center here.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

How Remote Work Has Impacted Cybersecurity

The pandemic has forced many companies to abruptly accept work from home for the majority of their workforce as the new normal. Once bustling offices have been reduced to skeleton crews of a handful of employees or, in many cases, remain completely empty. This switch has been a blessing for some companies allowing them to reduce fixed costs such as real estate and even broadened their searches for new job candidates now that geographical limitations aren’t a factor.

Unfortunately, some severe problems have begun to plague many organizations relying on remote work policies. Before the start of the pandemic, remote work was seldom used in most companies. This lack of experience and a rapid switch to remote work created a security nightmare for many teams. Many of these businesses lacked the infrastructural and cultural policies to adapt to remote work environments fully. Did you know only 38% of companies had a cybersecurity policy in place before the pandemic, and only a third of these businesses had policies on remote work? This created a perfect storm for cybercriminals, with cyber attacks almost quadrupling during the pandemic targeting small and medium-sized businesses, hospitals, enterprise-grade organizations, and schools alike.

One of the leading causes of headaches for companies suffering onslaughts of cyber attacks was the lack of planning. Organizations quickly adapted to the new normal of remote work but were unable to create cybersecurity policies beforehand to govern how these devices communicate with each other and are used. This lack of forethought also affected the tools or lack thereof that companies could use to help better monitor network traffic, secure firewalls, or detect vulnerabilities within their environment. Even companies who did have state-of-the-art equipment in the office were now rendered helpless and had to rely on the network security of their employees since they were no longer under the office safety net of a well-programmed firewall.

Another major issue that has affected companies everywhere is an overall lack of cybersecurity education. Most cyber attacks start with an unsuspecting employee clicking on a malicious link or downloading a file they shouldn’t have. Organizations need to be quick to adopt a culture of hyper-vigilance when discussing security with their employees. The best way to approach this is through an abundance of caution. Employees are better served asking for help or if an attachment looks suspicious than mistakenly clicking on a malicious link. Companies that prioritize training their employees to ask questions about security and check with their IT admins first will immediately notice a decline in risk.

Overall, remote work has brought many incentives to organizations that implement it correctly. With it, outside threat actors will use this increased attack surface to target more companies and employees to extort. The best way to move forward is to review your cybersecurity policies and update them accordingly for a remote work environment. Make all employees involved in a culture of security at your company.

To read more about this article, click here.

Are Medical Devices at Risk of Cyber Attacks?

In 2017 the first ransomware assault on networked medical equipment occurred when the ransomware strain WannaCry targeted radiological tools in several hospitals. This attack caused multiple hospitals to postpone cancer treatments until they could identify the source of the ransomware affecting their network. This example perfectly illustrates how cyber attacks can disrupt the healthcare industry and impact patients’ care. However, the quality of care is not the only thing disrupted during cyber attacks.

Hospitals house some of the most comprehensive PHI (patient health information) databases globally. These records include medical history, address, age, social security numbers, and insurance specifics that can lead to nightmares for unsuspecting patients when in the wrong hands. Since more hospitals have become interconnected with a litany of medical devices communicating with each other over the network, securing the transfer of this information through the cloud is paramount.

Securing external medical equipment is imperative to providing quality health care and protecting patient information. Everything from insulin pumps to ventilators to security cameras, and RFID readers must be secured to ensure hackers do not have easy entry points. The interconnectivity of devices in a hospital has created a massive attack surface for outside threat actors to exploit. IT staff need to be well trained in identifying, upgrading, and patching vulnerable systems and devices to ensure they are safe from malicious cyber criminals.

The pandemic has caused a significant strain on health care organizations across the country. The increase in patients has caused issues for primary care providers and created a perfect storm for outside threat actors. Hackers are using the unrest created from surges of patients at hospitals to target health care networks and infect them with ransomware. Law enforcement and government agencies have been unable to stop the escalation of cyber attacks against hospitals, leaving on-site IT admins and medical device security as the last line of defense.

In conclusion, medical device manufacturers need to focus on the security of their devices before they are released into the market. Vulnerable devices cause a wide array of problems for health care institutions and can be actively exploited by cyber criminals. At the same time, hospitals need to prioritize enabling IT staff to monitor these devices and consider what devices could become attack vectors in their environment.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.