Netizen Cybersecurity Bulletin (May 27th, 2022)

Overview

  • Phish Tale of the Week
  • U.S. Department of Justice reverses course on “White Hat Hacking”
  • How Cybersecurity Could Impact the Global Food Supply Chain
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Freedom Financial can help us with large amounts of debt relief. We are then prompted to “get started now” to get our debt relief today. This email contains a note about getting personalized debt help and that we can get the relief we need today, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

  1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
  2. The second warning sign in this email is the lack of structure to the overall message. When comparing this message to other financial institutions there is a lack of security notices below the message and no email/phone number to reach out to, just a large “Get Stated Now” call to action.
  3. The final warning sign for this email is the large red “Get Started Now” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further extortion.


General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S. Department of Justice reverses course on “White Hat Hacking”

The United States Department of Justice released new guidance last week that would change the organization’s stance on “White Hat Hacking.” The government agency previously used the Computer Fraud and Abuse Act (CFAA), which outlaws the unauthorized access of computers and network equipment to target malicious threat actors and good-faith security researchers alike. This act was widely criticized in the Information Security community, with many feeling that this sends the wrong message to the good guys.

For those unaware, black hat hackers are known as unethical hackers, resulting in most malicious cyberactivity against corporations. White hat hackers are considered ethical hackers, many of whom are forming IT professionals with a love for security which manifests in looking for flaws and exploits in websites, applications, and email servers.

Before changes in the CFAA, prosecutors would often lump both groups of hackers together at the behest of large corporations. They would view these individuals as malicious actors looking to tamper with and damage digital property without authorization from the target firm. In a change to this stance, the U.S DOJ announced that it is advising prosecutors not to use the CFAA to bring criminal charges against security researchers and enthusiasts. This change in tone received an outpour of support from members of the information security community.

Harley Geiger, senior director of public policy at Rapid7, had this to add “This is demonstration from DOJ that the conversation around good-faith security researchers, white hat hackers, has really changed in the past ten years,” The law will now be interpreted in a way to ensure that good-faith security research is not criminalized or viewed the same way as hackers poking around in systems without authorization.

This change in policy marks a monumental moment for information security in The United States. Legitimate digital intrusion from penetration testers, security researchers, and vulnerability assessors will no longer come under fire from the authorities. Deputy Attorney General Lisa O. Monaco had this to add “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The backbone of information security has always been the enthusiastic researchers and greater community who have worked together to make products and applications more secure from outside interference. This policy change will help usher in more collaboration between the private sector, public sector, and security researchers everywhere.

To read more about this article, click here.

How Cybersecurity Could Impact the Global Food Supply Chain

The past few years have shown just how interconnected, and reliant every country in the world is on one another. Supply chain issues from shipping constraints or bad harvests have drastically impacted the price of everything from corn to gasoline. With this in mind and the ever-growing presence of technology in multiple facets of life, could malicious hackers further disrupt the global food supply chain?

Just last year, JBS Meats, one of the largest meat fulfillment and processing centers in the United States, suffered a cyberattack, shutting down operations for a brief period. During this time, the price of bacon, chicken, and ground beef soared, with prices rising 25-30% on these items in some areas. For many families, a 25-30% increase in their grocery bill would be detrimental to their savings in addition to causing more budgetary constraints at home. Ultimately, JBS Meats ended up paying an $11 million ransomware payment to restore service to their facilities and continue operations. However, many in the security field think this may have proven concept for any threat actors looking for which industries to target next.

A recent report from the University of Cambridge tackled the cybersecurity flaws in AI technology used in the agricultural industry. The study found that many of the companies proposing revolutionary and life-changing solutions to modern farming problems are doing so without any real thought to the security of their products. Imagine a commercial farm in Iowa using an AI combine to harvest fields of corn. The product would be configured with the layout of the plot of lane and soil makeup in mind to ensure the most efficient harvest possible. What if a malicious threat actor found an exploitable vulnerability in the software the combine uses? The impact could be as small as an interruption in the harvesting process, maybe a plot of corn is destroyed in the process, but what are the implications if that vulnerability is exploitable in all machines using that same software?

This nightmare scenario has pressured many in the agricultural industry to invest heavily into researching security vulnerabilities in their products. One such company is John Deere, one of the leading manufacturers of commercial and industrial grade farming equipment globally. An ethical hacker going by the pseudonym Sick Codes alerted John Deere to a security vulnerability in their software allowing unauthorized access to machine data and company information. He quickly warned the company of this issue and urged them to emphasize the security parameters in their application development process. James Johnson, John Deere’s global chief of information security, was quick to retort to this vulnerability saying, “No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain.”

Efforts from organizations in the agricultural industry to better secure their products are a significant step forward in the fight against malicious cyber interference. Firms would be well-served to enlist the outside support of ethical hackers searching for security vulnerabilities in their software/products. The global food chain is volatile enough due to arising climate and geopolitical issues, security issues should be addressed not to add further burden to this colossal issue.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.