Netizen Cybersecurity Bulletin (February 14th, 2022)

Overview

  • Phish Tale of the Week
  • Microsofts Fends off Largest DDoS Attack Ever Recorded
  • Threat Actors Target Tax Software Company Intuit in Latest Phishing Campaign
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a notification alerting us that our package could not be delivered due to incomplete information for our physical address. We are then prompted to update our address below. This email contains FedEx’s logo and a convincing message saying update my address, so why not click the link and update details? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, review the sender address thoroughly to see if the email could be coming from a threat actor.
  2. The second warning sign in this email is the frank message about grant money. Messages like this are usually targeted at people in college or around the age to entice them with an offer that is too good to be true. In this case, we are told we can take the right path in life by accepting these grant finances to go back to school.
  3. The final warning sign for this email is the encrypted pdf file attached to the message. Threat actors use encrypted pdfs to delivery malicious payloads normally laced with ransomware or other malware. Never open attachments from unkown parties.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Microsoft Fends off Largest DDoS Attack Ever Recorded

Cyber-attacks have ballooned to numbers the United States has never seen before in recent months. The FBI estimates that in 2020 U.S. based companies suffered over $5 billion in damages from cyber-attacks. One of the crudest and widely used methods of cyber-attacks is a distributed denial of service or DDoS attack for short. This occurs when an attacker floods a system or server with an insurmountable amount of data, usually from multiple systems, in an effort to overload their target. If done as intended, this attack can knock websites offline for hours, if not days on end, and cause outages for other similar systems.

Last week Microsoft’s Azure DDoS protection team reported that they had successfully defended against what is likely the largest distributed denial of service attack ever recorded in November of 2021. The attack lasted over 15 minutes with a throughput of 3.47 tbps, a packet rate of 340 million packets per second (pps), and came from over 10,000 different attack sources in ten distinct countries across the globe.

Microsoft is one of the most prominent tech manufacturers globally, and attacks like this have become the new normal for this U.S.-based company. Reports of a 2.4 terabit per second (tbps) attack in October 2021 and two other large-scale DDoS attacks, each with 2.5 tbps, show just how many times Microsoft’s Azure DDoS protection Team has to put their skills to the test.

Reports from inside of Microsoft have shown that these DDoS attacks are growing in size and duration. In 2021 57% of DDoS attacks against Microsoft lasted just under 30 minutes. This is a 17% drop from where attacks clocked in 2020. The number of attacks that lasted longer than an hour doubled from 13% in 2020 to 27% in 2021. These more drawn-out attacks often consist of a sequence of numerous short, repeated burst attacks.

This rise in DDoS attacks is a growing concern for many in the global information security community. Attacks similar to this can be used to overload power or utility systems to cause blackouts, disrupt transit in major metropolitan cities, or even go as far as short-circuiting a nuclear power reactor. Policymakers and board of directors alike need to prioritize bolstering their security postures. Attacks are going to start flooding in from every side, and companies will only have a moment’s notice to react to these attacks. Proactive cyber security policies and dynamic firewall parameters are some of the best ways to fight against these DDoS attacks.

To read more about this article, click here.

Threat Actors Target Tax Software Company Intuit in Latest Phishing Campaign

Eager to get your tax refund this year? Unfortunately, so are cyber criminals. Tax company Intuit is warning their customers that an ongoing phishing campaign is targeting their users. The subject line reads “Critical: Action Required (TXPO99497)”, with the email displaying an “account disabled warning” and that users must remedy this issue within 24 hours. Users are then told that “this is the result of a recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season. The message is then concluded with a malicious link at the bottom of the message for users to “restore their accounts”.

A spokesperson for Intuit declared, “the sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

Intuit declined to comment on what happens when users click the malicious link, however most phishing campaigns utilize similar links to ensnare their targets with malware or ransomware. If you have already clicked the link, some necessary steps you can take to protect yourself are as follows. Delete any recent downloads from unknown sources, use up-to-date antivirus software and scan your computer/laptop, change your passwords to any accounts that were signed in when you clicked the initial link.

Consumers need to constantly be on the lookout for phishing attacks as threat actors become more crafty with their attacks. This recent phishing campaign using Intuit as a guise relies on users rushing to get their taxes done during a busy time of the year. Always be sure to check the sender address and contents of every email you receive to make sure it’s not a phishing trap. Attackers often utilize urgent messages such as “fix account within 24 hours” or “click the link immediately to resolve this issue” in an attempt to create panic and illicit a fast response out of their targets. Thoroughly inspect any suspicious-looking emails, and discard them properly when using your email service.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.