Netizen Cybersecurity Bulletin (April 15th, 2022)

Overview

  • Phish Tale of the Week
  • Bipartisan Group of Senators Proposes New Cyber Information Sharing Bill
  • Ukraine Thwarts Russian Attack on Power Grid
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Sam’s Club customers. This email appears to be a notification alerting us that there is a surprise waiting for us. We are then prompted to “click here” to see what the surprise is. This email contains a catching congratulations message and a photo of Sam’s Club, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
  2. The second warning sign in this email is the lack of consistency. When comparing this email to others previously sent by Sam’s Club we can notice that this email does not contain their official logo, web-url, or disclaimer present at the bottom of the email. Using previous emails to compare them to suspected phishing attempts is a great way to spot immediate signs of inauthenticity immediately.
  3. The final warning sign for this email is the large blue”Click here” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further extortion. This attempt even tries to catch unsuspecting users twice with a malicious red “here” at the bottom of the email which is masquerading as an unsubscribe button.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Bipartisan Group of Senators Proposes New Cyber Information Sharing Bill

Earlier this month, a bipartisan group of senators consisting of Gary Peters (D-Mich), Amy Klobuchar (D-Minn), Rob Portman (R-Ohio), and Roy Blunt (R-Mo) brought new legislation to the floor in an effort to increase the communication between branches on cybersecurity issues. This legislation, titled The Intragovernmental Cybersecurity Information Sharing Act, would expedite the information sharing process from the executive branch to members of the Senate and House of Representatives. This bill aims to increase collaboration efforts between all branches as cybersecurity incidents become more frequent and detrimental to our society.

Many key sponsors of the bill cited the turtle-like pace at which information has been previously shared, with many claiming that they are left out of the loop during significant cyber-attacks. Senator Amy Klobuchar added, “Cybersecurity threats against our government require a timely, coordinated response. Yet too often, a lack of communication between the Department of Homeland Security and Congress leaves us vulnerable to damaging cyberattacks.” She later summarized that this bill would help better protect our country from cyber-attacks by requiring the Department of Homeland Security to increase information sharing with Congress.

In a show of bipartisan support, Senator Robert Portman from Ohio exclaimed, “As we have recently seen, cyberattacks are increasing against our critical infrastructure as well as the federal government. Unfortunately, some of the cybersecurity professionals in Congress have faced lengthy delays in getting information on cybersecurity threats from the Executive Branch. That should not be the case.” Portman later released a statement to the press where he stressed that our enemies would not distinguish between our branches of government, and any actions we take in response must be swift and precise.

This legislation was introduced following the recently adopted Cyber Incident Reporting Act, strengthening the reporting requirements for critical infrastructure affected by cyber-attacks. Both Klobuchar and Portman were staunch supporters of that bill, signaling a strengthening of priorities between two tenured senators. Reporters around Capitol Hill anticipate this bill to make it through numerous rounds of committees before voting on the floor, with action hopefully planned by mid-summer.

To read more about this article, click here.

Ukraine Thwarts Russian Attack on Power Grid

Officials in the Ukrainian Government released a statement on Tuesday, 4/12 detailing an alleged Russian cyber-attack they thwarted. The cyber-attack supposedly targeted Ukraine’s power grid and, if successful, could have knocked out power for over two million people. While this defense of their national power grid is impressive, the aggression by Russia marks another step toward all-out digital war, leaving many experts fearful of how Russia will respond.

Reporters inside of Ukraine named the hacking group Sandworm as the perpetrators behind this most recent attack. They are formally known as Unit 74455 of the alleged cyber military unit GRU. The attack targeted high voltage computers, networking equipment, and electrical substations tied to Ukraine’s primary power grid. The attack occurred in two waves on the evening of April 8th and targeted an unnamed Ukrainian energy supplier. Sandworm attempted to deploy malicious “wiper” software to erase data saved on computers, making them unusable and crippling the ensuing remediation response. The hacking group also utilized Industroyer, a malicious software that targets industrial controls, allowing near-total access to the affected systems.

Ukraine’s Deputy Chief of Information Protection, Victor Zhora, released a statement following the attack, claiming that Russian hackers had targeted an obelngegro (energy distribution center). This was a sophisticated and precise attack with the mission to cause mass electrical outages across Ukraine. The attackers were able to gain a brief period of access to numerous systems inside the distribution center but were quickly stopped before they could enact any more severe damage.

The CIA and U.S Department of Homeland Security have previously warned that Russia could look to utilize cyber-attacks to achieve more significant damage in their campaign against Ukraine. Experts inside the intelligence community see this attack as a signal that more cyber-attacks against critical Ukrainian infrastructure will materialize in the coming weeks. In the meantime, companies worldwide should be warned that these cyber-attacks could target businesses outside of Ukraine as havoc spreads from outside of the region.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.