Netizen Blog and News

Overview:

• Phish Tale of the Week
• U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill
• American Airlines Breached in Cyber Incident
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors and come in many different forms. In this instance, we see not a phishing scam, but a SMSishing scam targeting two different groups. One text appears to be a notification that we have new funds available in our account, while the other is asking us to confirm whether or not we sent $569.89 to a person using Zelle. Both of these scams rely on similar principles to get a response out of their target.

Here’s how we know not to click on either of these links:

1. The first red flags in these texts are the senders’ addresses. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In this case, neither message comes from a number or address we are familiar with and have in our contacts. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning signs in these texts are the messaging. Each text tries to elicit a response by using urgent financial information as the key. One instance refers to new funds being made available to our account, the other a notification that we may have sent money to a random person. SMSishing scams commonly use words and tactics similar to phishing scams to elicit an immediate response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for these texts are the malicious links and attachments on each message. The first message contains both an attachment and link that we can’t verify are safe to open, while the second text offers us two different numbers to call/text to remedy this issue. Always be on the lookout for suspicious attachments, links, and numbers scammers may look to trick you with.

General Recommendations:

A phishing email and smsishing scam will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill

United States Senators Marsha Blackburn and Cynthia Lummis have introduced changes to the Cybersecurity Information Sharing Act of 2015 bill that would permit  “voluntary information sharing of cyber threat indicators among cryptocurrency companies.” This change would directly tie in one of the most unregulated industries with the federal government allowing never before seen levels of oversight in cryptocurrencies. Crypto firms would now be able to report breaches, cyber incidents, and other suspicious activity to U.S government branches like CISA for immediate assistance in remediating these issues.

Senator Blackburn had this to add regarding her proposed changes “Some bad actors have used cryptocurrency as a way to hide their illegal practices and avoid accountability,” leading many to believe these changes will also shine a light on cryptocurrency being used in cyber-crimes. “The Cryptocurrency Cybersecurity Information Sharing Act will update existing regulations to address this misuse directly. It will provide a voluntary mechanism for crypto companies to report bad actors and protect cryptocurrency from dangerous practices.” Allowing crypto firms to report bad actors to government authorities directly will immediately throw a wrench into the plans of extortionists worldwide.

Many criminals hailed cryptocurrency as the preferred monetary demand in most hacks/breaches. The anonymity that cryptocurrencies provide is perfect for ransomware groups who look to cover their tracks while they remain on the run. This proposed change would remove one of the principles cryptocurrencies were developed for and signal a complete shift in untraceable payments. Law enforcement agencies would work hand in hand with crypto firms to hunt down cyber criminals as they transfer or withdraw ransoms from their accounts.

Lummis and Blackburn both noted the rampant unregulated nature that cryptocurrency firms have operated within for the past few years as a critical reason for these changes. Having a dialogue around information-sharing practices between crypto firms and government agencies may further legitimize crypto as a payment method moving forward. However, cryptocurrencies were founded with security and anonymity in mind. How will this change impact the public perception of crypto if the founders of these payments are so quick to cooperate with law enforcement agencies?

To read more about this article, click here.

American Airlines Breached in Cyber Incident

American Airlines is sounding the alarms for a handful of its customers to a data breach, where an “unauthorized threat actor” accessed names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers, and even medical information by compromising an employee’s email addresses. According to American, the airline uncovered the breach in July and immediately retained the services of a third-party cybersecurity firm to assist with the triage from the incident. However, American Airlines disclosing this breach in September has left many patrons wondering why it took so long to raise the alarm.

American spokesman Curtis Blessing had this to add when questioned about the incident “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.”

Many in the information security community have questioned if American is downplaying this breach. Reports from inside the airline show that the threat actor was able to compromise the O365 accounts of numerous American employees and remained undetected for a period. During this time, they sent out multiple phishing emails posing as a legitimate representative of American Airlines and gained access to countless sensitive files within American’s SharePoint server.

American was quick to downplay the incident with  Andrea Koos, Senior Manager for Corporate Communications at American Airlines, stating that a “very small number” of customers were affected by this breach. However, in a regulatory filing with the Office of the Attorney General of Maine, American claimed the breach impacted 1,708 customers and employees. To remedy this breach, American has offered all affected parties a two-year subscription to Experian’s IdentityWorks identity fraud protection suite. This breach follows a different cyber incident that occurred in March 2021 against SITA, a global air information firm where hackers breached the servers and gained access to Passenger Service System (PSS) used by multiple airlines, including American.

For more information, check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview:

• Phish Tale of the Week
• Whistleblower Comes Forward Alleging Major Cybersecurity Issues at Twitter
• U.S FBI and CISA Issue Alert for Zeppelin Ransomware
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that ADT Monitoring wants to give us a $100 Visa Reward Card. We are then prompted to “start the confirmation process below” and follow the link below to receive our bonus. This email contains a note with an enticing offer for a free $100 reward card, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the “FINAL MESSAGE” notice in the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for this email is the $100 bonus ADT Visa Reward Cart. Threat actors use monetary incentives to entice unsuspecting consumers with phishing tricks. Always be on the lookout for offers that look too good to be true.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Whistleblower Comes Forward Alleging Major Cybersecurity Issues at Twitter

Earlier this week, the tech community was shocked as a whistleblower complaint was filed against social media giant Twitter. The complaint filed by Peiter “Mudge” Zatko alleges Twitter has violated multiple SEC and FTC regulations in addition to egregious mishandling of user information and lax security practices.

Zatko, a former DARPA program manager, and freelance hacker, previously served as the head of security for Twitter before departing the company in January 2022. Before joining Twitter in 2020, Zatko was a well-renowned security researcher and prolific hacker credited with pioneering buffer overflow work and contributing heavily to advancements in code injection, exploitation of embedded systems, and many other security facets.

Six months after his departure from Twitter, Zatko filed an 84-page whistleblower complaint with Congress alleging the communications firm he previously worked for was ridden with security and privacy issues, in addition to lying to federal regulators and the federal government. The complaint also alleges that Twitter does not prioritize removing spam/bot accounts from their community like their CEO previously claimed, does not actively monitor for insider threats from employees or external contractors, and suffered 20 security breaches in 2020 alone, which should have called for weekly security reports to a government regulator, and that over half of Twitter’s employees are given overarching access to user data and systems they don’t need access to.

The last claim made by Zatko is the most alarming to many in the information security community. In 2020, Twitter suffered a security incident that saw the accounts of hundreds of celebrities and politicians compromised, with threat actors posting links to their bitcoin wallets offering free payments to unsuspecting Twitter users. Experts believe this breach was initiated via social engineering practices that targeted Twitter employees. Once the threat actors gained access to employee accounts, they could pivot across the internal network with relatively little resistance since the account they acquired was highly privileged and shouldn’t have been.

Cases like this are why many security professionals believe organizations everywhere must adapt toward a least privileged security model. This principle dictates that employees should only have access to materials and systems that are necessary for their daily job functions and nothing more. It may be inconvenient for the employee to go up the ladder to a superior for higher access, but it will stop unnecessary privileges from being granted to too many employees, therefore, reducing the overall attack surface of the organization.

To read more about this article, click here.

U.S FBI and CISA Issue Alert for Zeppelin Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice for all organizations to be on the lookout for a resurgence in Zeppelin ransomware. Zeppelin is a spinoff of the Delphi-based Vega malware family and operates as a ransomware as a service (RaaS). This family emerged in 2019 after growing in popularity on Russian-backed hacker markets. Zeppelin grew in notoriety after targeting multiple U.S tech and healthcare organizations, demanding exorbitant ransoms after encrypting their environments.  

Threat actors deploying this ransomware frequently target remote desktop protocols (RDP) and SonicWall firewall vulnerabilities in conjunction with phishing campaigns to breach their target networks initially. After the initial compromise, the threat actors then stealthily map the organizations to find where their main data troves and backups reside. Following this, culprits then deploy the Zeppelin ransomware through a PowerShell loader and begin encrypting the entire network.

Once the breach and initial encryption occur, threat actors leave a detailed note on the amount of ransom to be paid and where to send the money. Typical ransom amounts for this RaaS range anywhere from a couple of thousand dollars for smaller organizations to millions in bitcoin for enterprise-grade firms. Researchers have also noticed that in recent campaigns, Zeppelin actors have begun encrypting files multiple times to increase the complexity of their attacks and reduce the chances of decrypting the files without numerous sets of keys.

CISA joined with The FBI to release this joint statement on ransomware gangs “The FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities”.

To combat the rise in ransomware, organizations worldwide are being advised to implement multi-factor authentication (MFA) immediately, implement a least-privileged access policy, and increase their password security requirements. Firms must strengthen their information security policies to defend against ransomware gangs and the rise of RaaS.

For more information, check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview:

• Phish Tale of the Week
• T-Mobile Agrees to $500 million in 2021 Data Breach Settlement
• Idaho Universities helping fill Cyber Workforce Gap
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Louis Vuitton is offering a 90% off Limited-Time Offer. We are then prompted to “shop now” and follow the link below to the store. This email contains a note about with an enticing offer for discounted luxury merchandise, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the “Limited-Time Offer” notice below the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for this email is the large red “Shop Now” call to action. Threat actors use call-to-action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the target’s system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

T-Mobile Agrees to $500 million in 2021 Data Breach Settlement

Almost a year ago, telecommunications giant T-Mobile suffered another data breach. The company, which is no stranger to sub-par data security parameters and cybersecurity incidents, admitted to a data breach in August last year that saw PPI of over 76 million U.S residents scattered across the Dark Web. In this breach, hackers were able to retrieve the names, social security numbers, drives licenses numbers, physical addresses, and more from each of the affected individuals. Unfortunately for T-Mobile, this breach will end up costing them a lot more than just the reputation damage.

On Monday, reports began circulating that T-Mobile had reached a settlement agreement for the 2021 data breach. In fillings submitted to a federal district court in Missouri, T-Mobile has agreed to pay out $350 million to class action lawsuit claims stemming from the breach last year. T-Mobile has also agreed to invest over $150 million in the next two years to increase its data security practices and upgrade related technology.

If approved by the court, this settlement will resolve virtually all the claims brought against the mobile carrier by former, current, and prospective customers after the August 2021 data breach. This settlement will also safeguard T-Mobile from admitting any guilt or wrongdoing in this matter, with this civil agreement expected to be the last formal mention of last year’s cybersecurity incident.

Overall, information security experts worldwide are eager to see if any of the proposed $150 million investment in data security will materialize into actual defense upgrades. T-Mobile has a history of making grandiose claims following incidents similar to this, with four separate significant cybersecurity intrusions occurring at the organization in the four years.

To read more about this article, click here.

Idaho Universities helping fill Cyber Workforce Gap

Ransomware attacks and cybersecurity incidents have surged all across the country. Businesses of all shapes and sizes are being targeted at unprecedented rates. Before, larger, enterprise-grade companies were the main focus of threat actors, but the rise of ransomware attacks has brought smaller organizations into the mayhem. This increase in attacks has shown that every organization needs a plan to secure its information and bolster its cyber defenses. However, investing in outside information security firms or creating an in-house cybersecurity position can be costly for many businesses.

The problem mentioned above is where the Boise State University’s Institute for Pervasive Cybersecurity comes to the rescue. Students inside this program are paired with rural businesses and municipalities in Idaho and gain real-world experience on the frontlines of cybersecurity. Marlin Roberts, who manages the program, believes, “The days of being safe simply because you were small and unimportant are gone. The cybercriminals are interested in just about anything. The advent of ransomware has made it lucrative to go ahead and steal data to basically extort money from these entities.”

Luckily for businesses in Idaho, students at the Institute for Pervasive Cybersecurity have come to the rescue at the perfect moment. A CyberSeek report showcased that there are over 5,000 cybersecurity job openings in the state of Idaho, with over 3,500 of them in the Boise metro area. Companies that haven’t been able to fill these roles or that don’t have the funding for these positions can seek outside help through Boise State University’s program. This opportunity has been further expanded through additional funding via the Idaho Workforce Development Council. Earlier this month, Boise State University was awarded an $806,000 grant to double the number of students training in their CyberDome defense program.

Executive Director of the Council, Wendi Secrist, added, “One of the things the council is really interested in and focused on is, ‘How do we better integrate work-based learning into all forms of education?” This additional funding will further expand the program to assist more small businesses throughout Idaho and grant valuable experience to the students tasked with protecting these companies. Employers have repeatedly echoed that cybersecurity job seekers need real-world expertise when applying for positions. Certificates and grades are outstanding on a resume, but few IT managers and CISOs feel comfortable handing over the keys to their IT infrastructure to someone without practical experience.

Marlin Roberts believes that the additional funding to Boise State University’s program will expand the roles and responsibilities students in the CyberDome are able to learn. “It’s a winning combination,” said Roberts.

For more information, check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• Lithuania Suffers a Series of DDOS Attacks Following The Ban of Kaliningrad Imports
• Carnival Cruise Lines Hit With $5,000,000 Fine for Cybersecurity Incidents
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us to answer and win a new Makita Power Drill. We are then prompted to “get started now” to complete the survey for the free reward. This email contains a note about receiving a free drill for only a few minutes of our time, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the “expiring soon” notice above the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for this email is the large red “Get Started Now” call to action. Threat actors use call-to-action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the target’s system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Lithuania Suffers a Series of DDOS Attacks Following The Ban of Kaliningrad Imports

Earlier today, Russian hacking group Killnet claimed responsibility for a denial-of-service (DDOS) cyberattack against Lithuania. This news breaks following reports earlier this month where Lithuania banned the transit of goods through their country to the Russian enclave of Kaliningrad, situated between Poland and Lithuania with no border touching Russian soil. State and private institutions in Lithuania were taken offline early Monday, June 27, 2022, after the National Cyber Security Centre released a statement detailing an ongoing cyberattack.

The spokesperson for Killnet announced that this series of DDOS attacks are in direct retaliation to the blocking of transit of goods sanctioned by the EU destined for Kaliningrad. Earlier this month, Moscow released a statement promising a “practical” response to the parties responsible for banning the movement of goods into Russia. Russia’s foreign ministry has since demanded a cease of the goods embargo of coal, construction materials, technology, and metals into their country. The ministry reaffirmed this sentiment in this statement:

“If in the near future cargo transit between the Kaliningrad region and the rest of the territory of the Russian Federation through Lithuania is not restored in full, then Russia reserves the right to take actions to protect its national interests.”

Information Security experts expect more DDOS attacks like this to increase in frequency in the new few weeks if Russia’s demands are not met promptly. Denial-of-service attacks work by flooding a website or server with a massive amount of fake traffic. These attacks overload the system, eventually shutting them offline, and can persist with continued efforts by the hacking group.

To read more about this article, click here.

Carnival Cruise Lines Hit With $5,000,000 Fine for Cybersecurity Incidents

The New York State Department of Financial Services levied a $5 million penalty on Carnival Corp, owners of the globally recognized Carnival Cruises brand, earlier this month. These sanctions follow previous reports that Carnival Corp. has misreported and not adequately responded to numerous cyber-attacks they have suffered over the last few years. In recent months, government and state regulators have urged corporations to treat matters of cybersecurity with urgency and have indicated fines and penalties will be imposed on companies that do not sure up their reporting and defenses.

In May 2019, Carnival suffered a series of phishing attacks where multiple email accounts were compromised and used to send out mass waves of spam to other employees. In total, threat actors gained access to 124 email accounts hosted on a Microsoft Office 365 email server and were able to extend their reach to other employee accounts. The attack saw a trove of PII exposed with drivers licenses, passport numbers, names, addresses, and social security numbers of multiple employees leaked. Following this incident, Carnival delayed its public response to the breach and failed to notify regulators till April 2020, almost eleven months after the initial cybersecurity incident. However, in 2017 New York imposed a new set of cybersecurity guidelines requiring all businesses to adhere to more stringent security and reporting requirements strictly.

Unfortunately for Carnival, cyber-attacks against their organization persisted with ransomware attacks hitting them in August 2020 and January 2021, a Christmas Day malware attack in 2020, and a second phishing attack in March 2021. Since Carnival recorded four incidents within a three-year period, The New York State Department of Financial Services found that Carnival did not adequately train its employees on cybersecurity basics. Additionally, the regulatory agency found that Carnival’s CISO made false certifications of their readiness from 2018-2020.

Following the announcement of these penalties, Carnival declined to issue any statement of wrongdoing, claiming:

“Carnival routinely reviews security and privacy policies and procedures and implements changes when necessary to enhance information security and privacy controls.”

Carnival has since agreed to a mutual settlement with the DFS and multistate Attorney Generals to create a breach response/notification plan, introduce multifactor authentication for remote email access, and increase their security training for all employees.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• U.S. Department of Justice reverses course on “White Hat Hacking”
• How Cybersecurity Could Impact the Global Food Supply Chain
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Freedom Financial can help us with large amounts of debt relief. We are then prompted to “get started now” to get our debt relief today. This email contains a note about getting personalized debt help and that we can get the relief we need today, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the lack of structure to the overall message. When comparing this message to other financial institutions there is a lack of security notices below the message and no email/phone number to reach out to, just a large “Get Stated Now” call to action.
3. The final warning sign for this email is the large red “Get Started Now” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S. Department of Justice reverses course on “White Hat Hacking”

The United States Department of Justice released new guidance last week that would change the organization’s stance on “White Hat Hacking.” The government agency previously used the Computer Fraud and Abuse Act (CFAA), which outlaws the unauthorized access of computers and network equipment to target malicious threat actors and good-faith security researchers alike. This act was widely criticized in the Information Security community, with many feeling that this sends the wrong message to the good guys.

For those unaware, black hat hackers are known as unethical hackers, resulting in most malicious cyberactivity against corporations. White hat hackers are considered ethical hackers, many of whom are forming IT professionals with a love for security which manifests in looking for flaws and exploits in websites, applications, and email servers.

Before changes in the CFAA, prosecutors would often lump both groups of hackers together at the behest of large corporations. They would view these individuals as malicious actors looking to tamper with and damage digital property without authorization from the target firm. In a change to this stance, the U.S DOJ announced that it is advising prosecutors not to use the CFAA to bring criminal charges against security researchers and enthusiasts. This change in tone received an outpour of support from members of the information security community.

Harley Geiger, senior director of public policy at Rapid7, had this to add “This is demonstration from DOJ that the conversation around good-faith security researchers, white hat hackers, has really changed in the past ten years,” The law will now be interpreted in a way to ensure that good-faith security research is not criminalized or viewed the same way as hackers poking around in systems without authorization.

This change in policy marks a monumental moment for information security in The United States. Legitimate digital intrusion from penetration testers, security researchers, and vulnerability assessors will no longer come under fire from the authorities. Deputy Attorney General Lisa O. Monaco had this to add “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The backbone of information security has always been the enthusiastic researchers and greater community who have worked together to make products and applications more secure from outside interference. This policy change will help usher in more collaboration between the private sector, public sector, and security researchers everywhere.

To read more about this article, click here.

How Cybersecurity Could Impact the Global Food Supply Chain

The past few years have shown just how interconnected, and reliant every country in the world is on one another. Supply chain issues from shipping constraints or bad harvests have drastically impacted the price of everything from corn to gasoline. With this in mind and the ever-growing presence of technology in multiple facets of life, could malicious hackers further disrupt the global food supply chain?

Just last year, JBS Meats, one of the largest meat fulfillment and processing centers in the United States, suffered a cyberattack, shutting down operations for a brief period. During this time, the price of bacon, chicken, and ground beef soared, with prices rising 25-30% on these items in some areas. For many families, a 25-30% increase in their grocery bill would be detrimental to their savings in addition to causing more budgetary constraints at home. Ultimately, JBS Meats ended up paying an $11 million ransomware payment to restore service to their facilities and continue operations. However, many in the security field think this may have proven concept for any threat actors looking for which industries to target next.

A recent report from the University of Cambridge tackled the cybersecurity flaws in AI technology used in the agricultural industry. The study found that many of the companies proposing revolutionary and life-changing solutions to modern farming problems are doing so without any real thought to the security of their products. Imagine a commercial farm in Iowa using an AI combine to harvest fields of corn. The product would be configured with the layout of the plot of lane and soil makeup in mind to ensure the most efficient harvest possible. What if a malicious threat actor found an exploitable vulnerability in the software the combine uses? The impact could be as small as an interruption in the harvesting process, maybe a plot of corn is destroyed in the process, but what are the implications if that vulnerability is exploitable in all machines using that same software?

This nightmare scenario has pressured many in the agricultural industry to invest heavily into researching security vulnerabilities in their products. One such company is John Deere, one of the leading manufacturers of commercial and industrial grade farming equipment globally. An ethical hacker going by the pseudonym Sick Codes alerted John Deere to a security vulnerability in their software allowing unauthorized access to machine data and company information. He quickly warned the company of this issue and urged them to emphasize the security parameters in their application development process. James Johnson, John Deere’s global chief of information security, was quick to retort to this vulnerability saying, “No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain.”

Efforts from organizations in the agricultural industry to better secure their products are a significant step forward in the fight against malicious cyber interference. Firms would be well-served to enlist the outside support of ethical hackers searching for security vulnerabilities in their software/products. The global food chain is volatile enough due to arising climate and geopolitical issues, security issues should be addressed not to add further burden to this colossal issue.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.