Allentown, PA: Netizen Corporation, an ISO 27001:2013, ISO 9001:2015, and CMMI Level 3 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has once again for the fourth year in a row received a HIRE Vets Platinum Medallion award from the U.S. Department of Labor for the hiring, retention, support, and training of military veterans and their families. This is the highest level of award available under this program and is given to select companies demonstrating superior commitments to veteran employment and the overall military/veteran community. Netizen employs a significant percentage of veterans nationwide to support federal, commercial, and government contracts while also providing free training, college scholarships, and paid internships to help veterans and military families obtain careers in high-demand technical fields such as cybersecurity.
The HIRE Vets Medallion program was established under the Honoring Investments in Recruiting and Employing American Military Veterans Act or HIRE Vets, Act signed into law on May 5, 2017, to recognize employers who hire, retain, and support military veterans. The Platinum Medallion is the highest level of award a company can receive for this program and the citation states that “[Netizen] has demonstrated a model of patriotism worthy of praise as well as a recognition of the value veterans bring to the workplace.”
“At Netizen we take pride in our military service, and are heavily involved in the veteran community providing scholarships, internships, training, education, and support to organizations in the Lehigh Valley region and beyond. As a veteran-owned company, we have always been keenly aware of the benefits and skills that military veterans bring to an organization and offer programs to help them enter and thrive in technical career fields by working with colleges, service organizations, and other groups to continuously expand our award-winning military and veteran support programs,” said Michael Hawkins, Netizen CEO, and a U.S. Army veteran.
About Netizen Corporation:
America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement four years in a row. Learn more at Netizen.net.
POINT OF CONTACT Tristan Boheim Marketing Manager 1-484-294-1331 press@netizen.net
Last week, millions of television viewers were shocked when a nationwide shutdown occurred, targeting local television stations owned by Sinclair Broadcast Group. Sinclair is one of the largest telecommunications conglomerates in the country, owning 294 stations and covering 100 different markets, giving them about 40% coverage of all American households. Sinclair acknowledged the breach last Monday in a statement saying:
“On October 16, 2021, the company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted.”
Shortly after this breach, Sinclair disclosed the full extent of the attack to the SEC. They highlighted that the ransomware disrupted its general and office operations, with nationwide outages and data exfiltration also occurring. Luckily, the company’s response has been swift, implementing their incident-response plan within minutes of being alerted to the breach.
How did we get here?
October has proven to be one of the busiest months for ransomware gangs with major breaches occurring at Twitch and Ferrara Candy just weeks ago. Researchers believe that Sinclair was targeted in this instance due to its reliance on local advertiser revenue. These advertisers promote their products in smaller markets across the country and cannot afford to waste their ad-spend on weeklong outages. By taking away these revenue streams, the threat actors have pushed Sinclair into a corner where they either have to pay the ransom to get operations back online or risk losing more of their advertisers’ investments.
What does this mean?
Following the attack, many of Sinclair’s affiliate stations resumed operations in the middle of the week, with only a handful of minor inconveniences still lingering. Investigators have found that all stations were interconnected by a central Sinclair Active Directory, allowing the attackers to pivot from station to station within the network essentially.
Another issue that may prove troublesome later on is the extent of the data that was taken. Sinclair disclosed that data exfiltration did occur during the breach but has yet to identify what information was stolen. Other security experts’ issues surround the entry point these attackers used to gain access to Sinclair’s systems. This foothold could be used for reentry and other attacks if Sinclair does not properly remediate all known vulnerabilities in their network.
What is the solution?
Ironically, this increase in breaches nationwide falls during Cybersecurity Awareness Month, but organizations have to prioritize security initiatives moving forward. If enterprise-grade companies like Sinclair can be breached, think of the damage that can be caused to smaller organizations with less funding towards security. MFA (multi-factor authentication) and manual password resets are a great place to start but are not the end-all of security problems. More thought needs to be given towards the segmentation and mapping of an organization’s network. Lower-tiered users should not have access that can be exploited to open multiple doors inside of a network. This focus on identity/privilege management needs to be brought to the top of security discussions moving forward.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Google announces new two step verification initiative
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notification saying we have won $750 on Cash App. This email contains Cash App’s branding and a convincing message saying my $750 reward expires soon? Unfortunately, there’s plenty or reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
The second warning sign in this email is the inconsistent messaging. The image in the email shows that I can win $750, however the message says I have already won the money. Look for consistency throughout emails with companies. Most companies will also provide a lengthy terms and conditions section for prizes and competitions.
The final warning sign for this email is the callouts at the bottom. This message says that my reward is expiring soon although this is the first notice we’ve received about this payment. An easy way to spot a scam email is to reference previous emails you’ve received from the company. When compared to other correspondences from Cash App, this email immediately looks different.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
For Cash App specific recommendations and tips check out this link to their fraud detection center here.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
Twitch reports data breach of over 128 GB.
Last week, an unknown actor released the entirety of video streaming company Twitch’s source code in an over 128 GB heap of data. Video Games Chronicle initially broke the story on Wednesday with reports that an anonymous hacker gained access to a large amount of Twitch’s private data containing user payout information and Twitch’s source code among the stolen data. The hacker posted a torrent link to the trove of data on 4chan, citing the intent to “foster more disruption and competition in the online video streaming space” and that “their community is a disgusting toxic cesspool” as reasons for the leak.
“Jeff Besos paid $970 million for this, we’re giving it away FOR FREE. #DoBetterTwitch,” the hacker added.
Representatives from Twitch were quick to confirm the breach giving this response to the press. “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”
Analysts everywhere have begun to sift through the leaked data, finding everything from encrypted passwords to financial payouts to some of Twitch’s top streamers. Twitch account holders are recommended to change their passwords and enable two-factor authentication in the meantime to deter any unauthorized sign-ons. This breach comes after a large portion of Twitch’s community took to social media with the #DoBetterTwitch campaign seeking a more inclusive and tolerant community.
Google announces new two-step verification initiative.
Recently, Google announced plans to automatically sign up almost 150 million users into their new two-factor authentication program by the end of the year. This effort is part of Google’s ongoing initiatives to prevent unauthorized access to user accounts and increase organizational security. Google will also test this program with over 2 million Youtube creators, enabling the two-step verification (2SV) setting to better protect their channels from potential breaches.
One of Google’s product managers AbdelKarim Mardini, and director of account security and safety, Guemmy Kim, had this to add “2SV is strongest when it combines both something you know (like a password) and something you have (like your phone or a security key)”. This rollout follows announcements made by Google in May where the company detailed the desire for a simpler and safer future. You may not realize it, but passwords are the most significant threat to security. They are easily stolen, and many users often use duplicate passwords for multiple sites, allowing one key to unlock limitless doors. Experts believe that as more companies push towards multifactor authentication, security will increase overall, reducing the number of data breaches and unauthorized account sign-ons.
Google also announced plans to add a feature into its Google search app to allow users to access all of their saved passwords from Password Manager right from the opening menu. This focus on passwords and security by Google follows developments from Microsoft earlier this week detailing a new passwordless way to access user accounts.
For more information check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Over the weekend, NEW Cooperative Inc., a Fort Dodge, Iowa-based agricultural services firm was crippled by a ransomware attack. The outside threat group BlackMatter has stated that they are responsible for this attack and have demanded a ransom of $5.9 million to release the data they have locked. BlacMatter released additional information detailing that the ransom will double to $11.8 million if not paid within five days.
Reports from inside NEW Cooperative state that as soon as they noticed the attack, they immediately shut all systems offline to stifle the spread of the ransomware. A spokesperson from NEW had this to add “NEW Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”.
This spokesperson later says that they have notified law enforcement and are working with CISA and data security experts to remediate this issue.
How did we get here?
Ransomware gangs have continued to put pressure on critical infrastructure around the world. They see these companies as very lucrative targets, given the public’s reliance on many of their outputs or products. What’s interesting about this case is BlackMatter has previously stated that they will not target critical infrastructure facilities. Screenshots of the ransomware negotiation between BlackMatter and NEW show the cooperative asking why they were targeted, given they are crucial to the nation’s food supply. BlackMatter replied proclaiming “You do not fall under the rules, everyone will only incur losses, everything is tied to the commerce, the critical ones mean the vital needs of a person, and you earn money.”
BlackMatter then attempts to further persuade NEW Cooperative into paying the ransom, citing that “Since everything is so serious with you, let’s come to an agreement quickly and solve everything quickly.”.
What does this mean?
This attack brings into question the blurry lines some cybercriminal gangs operate along. If a company with direct ties to the United States’ food supply chain is not considered critical infrastructure, what is? NEW Cooperative later stressed to BlackMatter that the impact of this attack would be more significant than Colonial Pipeline. With their systems offline, they will have no way to process orders or direct distribution of feed and grain vital to farmers across the country.
NEW Cooperative has passed on a directive to all of their customers, assuring them that they will still get the feed needed to feed their animals while NEW’s systems are down. Farmers in Iowa reported that although the farming industry has adapted to many technological advances, this attack has forced them to use old school methods like paper tickets to measure the weight of a truck and the moisture in the grain.
What is the solution?
While cybersecurity directives from The White House help bring awareness to ransomware attacks and cyber-crime, more has to be done. It is time for all organizations to talk about their security posture. These ransomware gangs have proven no company is off-limits when it comes to their targets and companies must defend themselves. The private and public sectors must test their disaster recovery plans immediately and review their ability to respond to cyber-attacks.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Hackers target United Nations in latest data breach
U.S SEC changes stance on Cybersecurity. What does this mean for your business?
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a survey request for Costco where the viewer could receive $50 for their participation. This email contains Costco’s branding and a convincing message saying the survey should only take 30 seconds, so why not click on the link and get our $50? Unfortunately, there’s plenty or reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
The second warning sign in this email is the inconsistent messaging. The subject line reads that “$50 could be yours today”, however there is no further mention of this incentive. Look for consistency throughout emails with companies. Most companies will also attach a terms and conditions statement regarding the incentive from the survey.
The final warning sign for this email is the callouts at the bottom. Two addresses are referenced at the bottom of the email, neither of which belong to any Costco locations. An easy way to spot a scam email is to reference buildings or locations mentioned in the correspondence. When searched on maps, each of these locations turns up as empty addresses with no occupants.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
For Costco specific recommendations and tips check out this link to their fraud detection center here.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
Hackers target United Nations in latest data breach
Last week, Cybersecurity research firm Resecurity discovered that an outside hacker group had targeted the United Nation’s internal network. The breach first occurred on April 5th, 2021, with hostile activity finally concluding in their environment on August 7th. The primary purpose of this attack was intelligence gathering with threat actors making out with a trove of data that could be utilized to perform cyberattacks against other government organizations in the future.
Experts in the industry have theorized that stolen login credentials from a U.N. employee were the initial attack vector the hackers used to gain access to the U.N.’s systems. Many believe that the credentials were sourced from a website on the dark web known for selling and distributing stolen credentials.
When asked why the threat actors targeted the U.N, Resecurity CEO Gene Yoo had this to add “Organizations like the U.N are a high-value target for cyber espionage activity. The actor conducted the intrusion with the goal of compromising large numbers of users within the U.N. networking for further long-term intelligence gathering.”
Reports from this incident vary on the scale of the attack. On the one hand, the U.N. claims that the attackers were doing nothing more than just taking screenshots of the compromised network. On the other hand, Resecurity believes that the attackers stole data during this incident, which may become catalysts for more attacks.
U.N. spokesman Farhan Haq reported that “This attack had been detected before we were notified by Resecurity, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented.” Haq also noted that the United Nations had been frequently targeted by cyber-attacks before, which is not a new phenomenon to the organization.
U.S SEC changes stance on Cybersecurity. What does this mean for your business?
The United States Securities and Exchange Commission (SEC) has reevaluated what it deems a threat for companies. Starting this year, the SEC will now consider cyber vulnerabilities an enormous business risk. This news comes as the regulatory commission levied significant fines on two well-known companies for failure to disclose cybersecurity issues. British education company Pearson PLC agreed to pay $1,000,000 in settlement charges following reports it misled investors after a 2018 data breach saw millions of student records stolen from their database. On a more recent note, real estate company First American Financial settled $500,000 in damages after failing to disclose a vulnerability in their environment that compromised up to 800 million files, many of which including social security numbers and other PII.
This shift in how the SEC punishes companies for cybersecurity malpractice could significantly affect how companies view cybersecurity threats and issues moving forward. Currently, businesses are required to disclose “risk factors” so public investors can better understand the company’s stock. These “risk factors” include operations, competitive, economic, and cybersecurity incidents. However, few companies have ever faced any real regulatory repercussions from the SEC after suffering a cyberattack.
What baffles many is that current risk disclosure policies were based on The Securities and Exchange Act of 1934, written during a time when the internet was still over half a century away. While the agency amended the procedures to include significant cybersecurity-related risks and incidents in 2011, and further echoed that cybersecurity incidents pose a substantial threat to our capital markets in 2018, there is still more to be done.
This report comes as defense contractors have begun the painstakingly slow process of adopting the Cybersecurity The fines passed down to Pearson PLC and First American Financial are watershed moments for how companies view cybersecurity. Before, organizations took a more relaxed approach to disclosing vulnerabilities and their overall cyber posture. Hopefully, the enforcement of these penalties will shine a light on the operational woes that cybersecurity incidents can create. Organizations must act with clarity and conciseness to combat the ever-changing cyber landscape. The time for action is now.
For more information check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Telecommunications company T-Mobile reported Monday that they are investigating the specifics of a data breach that hackers claim may have leaked the personally identifiable information (PII) of over 100 million customers. The majority of the data is said to contain social security numbers, addresses, dates of birth, security PINs, and other sensitive information unique to many of their US customers.
Vice.com originally broke the news on Sunday night, alerting millions T-Mobile customers that their information may have been leaked. A T-Mobile spokesperson had this to add on this recent development “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
When asked about what they have been doing internally in response to the breach, T-Mobile had this to add “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.”
How did we get here?
Reports show that this investigation began after a Twitter user @und0xxed started tweeting details about the breach. This user has confirmed that they were not involved in the operation to steal the information but were instead charged with finding buyers for the stolen T-Mobile data. This user disclosed that the hackers had found an opening in T-Mobile’s network that granted access to two T-Mobile customer data centers. From there the assailants worked to exfiltrate the data and made a ransom demand of 6 bitcoins or roughly $275,000 USD in exchange for 30 million social security numbers they had stolen.
What does this mean?
A large amount of the information breached was already widely available. Much of the personally identifiable information harvested can be found on numerous public records sites. This coupled with the reality that most people’s data may have been leaked previously without their knowledge, signals that this breach may not be as damning as first expected. However, this information may have been available before, but now that threat actors have a database that connects these records together, the damage could be much greater
Wireless customers across the U.S will have to be hypervigilant in the coming months to an onslaught of phishing campaigns they should expect to receive. This tying together of data and records will allow hackers to craft highly sophisticated phishing messages that will be much believable than previous attempts. Names and phone numbers are easy to find, but when that information is tied together with addresses and your unique mobile provider, threat actors can create the perfect message to convince you to click on that link.
What is the solution?
Recent data breaches like this have began to numb the public to their data being disclosed online. Admittedly most of your sensitive data is already available to hackers across the world. However, there are still plenty of steps users can take to protect themselves or at least limit the ramifications if your data was stolen.
First, for all T-Mobile customers immediately change your T-Mobile security PIN and password. Usually companies that have been affected by data breaches offer some sort of free credit monitoring to victims of the attacks. Be sure to keep a look out for any communications from your mobile provider regarding these services. Additionally, users can go to https://haveibeenpwned.com/ to see if they are the victim of any previous data breaches.
Other great steps to help mitigate your risk from data breaches online are: installing a password manager to generate strong and unique passwords for all the websites you use, enabling multi-factor authentication whenever possible to reduce the likelihood of one password or code granting immediate access to an account, carefully checking your emails for any signs of phishing or other spam attempts. As always if the link looks to good to be true, do not click on it.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Colonial Pipeline Didn’t have MFA in Place, Neither Do Most Defense Contractors
US Defense Contractors Fail to Meet CMMC Requirements
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notice of payment confirmation for undisclosed services. This email contains an Excel file, likely with our payment information in there awaiting confirmation so why not click on the document and see for ourselves. Unfortunately, there’s plenty or reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
The second warning sign in this email is the lack of a salutation. In most email correspondences it is customary to begin with a small opening such as “hello” or “good morning”. This email likes an attempt at an introduction and immediately jumps right to the document.
The final warning sign for this email is the messaging inside the email. In this instance, this email was translated from another language prior to this screen grab. If an email is coming from an unknown sender, in a different language, then there is always room for concern.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
Colonial Pipeline Didn’t have MFA in Place, Neither Do Most Defense Contractors
Following the massive Colonial Pipeline hack that saw gas prices surge across the country and many residents in the Southeast of the United States without gas altogether, Colonial’s CEO Joseph Blount was called to answer numerous questions from Congress. Rep. John Katko of NY appreciated that Colonial Pipeline had identified places within their environment to strengthen their security policies and further harden systems, but the question remains. “If your pipeline provides fuel to 45% of the East Coast, why are you only hardening systems after an attack?” U.S Rep. Bonnie Watson Coleman from New Jersey had a more direct response to Blount’s testimony. She went on the offensive claiming that by delaying voluntary reviews and assessments of cybersecurity policy, Colonial was declining them, not complying with them.
While companies of all sizes and security complexities can fall victim to cyberattacks such as the one Colonial Pipeline suffered, many basic precautions should be in place to prevent these sorts of disasters. One of the most basic preventative measures organizations can deploy across their networks is multifactor authentication. Multifactor Authentication or MFA for short is an authentication method that requires a user to provide two forms of evidence proving they are who they claim to be and that they are accessing systems or information that are within their security privileges. Unfortunately, Colonial Pipeline did not have MFA implemented in their environment at the time of the attack.
Experts believe MFA wouldn’t have stopped this attack in its entirety, but this disregard of basic security tools is concerning. Companies in the federal defense supply chain have been required to have multifactor authentication in place for a few years now after a 2015 law passed mandating NIST cybersecurity best practices. A CyberSheath report found that 71% of the 600 defense contractors surveyed failed to have the appropriate level of multifactor authentication needed. What’s even more concerning is that isn’t the only issue plaguing members of the defense supply chain. The Supplier Performance Risk System scores companies based off their overall risk profile in accordance with what security measures they have enacted within their environments. A company with a perfect score would be awarded a 110 on this scale while a company with no measures in place would score a -203. The average score of the 600 companies surveyed was an alarmingly low -125.
In conclusion, while federal cybersecurity requirements have been modified and improved over the years, there is still room for improvement. Many contractors have forgone these security upgrades because there hasn’t been any recourse to their actions thus far. The time for verification is now. The federal government must verify that defense contractors are following these basic cybersecurity standards and better securing the defense supply chain.
US Defense Contractors Fail to Meet CMMC Requirements
A recent uptick in cyberattacks has created more than a few headaches for United States defense contractors. President Biden signed an executive order in May which signaled the first major shot in the ongoing war against outside threat actors. However, a report from incident response firm BlueVoyant illustrated that shot may have fallen on deaf ears. The survey polled 300 small to medium sized defense contractors and uncovered that many of them are currently failing to comply with CMMC requirements. The report gets worse from there with 48% of these businesses having “severe vulnerabilities” within their environments like unsecured data storage or ports and almost 10% showing “critical vulnerabilities” and indicators of compromise. In what might be the most alarming statistic from this report, 28% of the companies surveyed would not meet CMMC tier-1 requirements which mostly entail just basic cyber hygiene practices.
The report from BlueVoyant highlights some of the struggles that small and medium sized defense contractors are currently facing. These organizations are some of the first points of attack for outside threat actors looking to gain a greater foothold into the United States’ defense supply chain. Many attackers target businesses of this size since they usually allocate less money for security in their annual budgets, although the industry in which these companies are classified under may tell a different story.
Of the companies polled in this survey, Manufacturing and R&D companies were found to be at a significantly greater risk than many other companies with similar staff sizes. The report disclosed that small manufacturing businesses had the highest levels of critical risk at 14%, with 100% of large R&D companies assessed at “high risk” with countless vulnerabilities within their networks. Increasingly concerning, almost 1/3 of the R&D firms surveyed displayed indicators of compromise throughout their networks.
This report comes as defense contractors have begun the painstakingly slow process of adopting the Cybersecurity Maturity Model Certification (CMMC) requirements. This standard builds upon previous cybersecurity defense measures highlighted in NIST SP 800-171 and looks to better secure the nation’s defense supply chain. For companies looking to begin their CMMC endeavors, there are five tiers of requirements ranging from the lowest Tier 1 up to Tier 5. These tiers are broken down by the level of access companies have to sensitive information. The requirements in Tier 1 are even less intensive than previous standards from NIST SP 800-171 which further indicates the organizational failure to meet basic cybersecurity standards throughout the defense supply chain. The hard-truth is many of these companies struggle to address cybersecurity needs within their organizations. They often have limited IT resources and view the investment into better security practices as a costly one. This is why firms need to partner with organizations to help streamline their security improvements and CMMC readiness. At Netizen, our company will work one on with you to address your company’s unique security requirements and work to establish standards and practices that ensure continued compliance and security.
For more information check out the rest of the article here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
While many Americans began to prepare for the Fourth of July weekend, software development company Kaseya found themselves on the wrong end of a $70 million ransomware nightmare. For those unaware, Kaseya produces software and products used by Managed Service Providers to monitor and manage technology environments at scale. On Friday July 2nd, Fred Voccola, Kaseya’s CEO announced that there was “a potential attack against the VSA [product] that has been limited to a small number of on-premise customers.” As the investigation began, multiple businesses who had Kaseya installed in their environment expressed that they had been locked out of their systems due to ransomware. Cybercriminal group REvil was quick to take responsibility for this attack stating:
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from the attack in less than an hour. If you are interest in such deal – contact us using victims “readme” file instructions.”
These instructions were left on the organization’s public forum, Happy Blog. As of Monday July 6th, REvil has decreased their ransom price from $70 million to $50 million for a universal decryptor, showing a willingness to negotiate with their victims.
How did we get here?
Reports from Kaseya were quick to denounce ideas that this attack occurred from a breach in their supply chain. After further investigation, researchers have determined that the threat actors were able to exploit a zero-day vulnerability on Kaseya’s central VSA product server. This exploit allowed the attackers to bypass authentication controls and gain an authenticated session to then run arbitrary command execution. The threat actors then began to push REvil ransomware to a select group of Kaseya users under the guise of a fake software update titled “Kaseya VSA Agent Hot-fix”. These updates were then unleashed upon unsuspecting systems throughout MSP and client environments alike as a fake management update. This meant that even if an organization was not a customer of Kaseya’s that they still had the chance to have their data encrypted depending on their MSP.
According to the Dutch Institute for Vulnerability Disclosure (DIVD), Kaseya was in the process of patching the zero-day vulnerability uncovered in this breach. Unfortunately, the REvil affiliate that perpetrated this attack had obtained the zero-day’s details and began exploitation before Kaseya was able to begin rolling out a fix to their customers.
What does this mean?
Cyber-attacks of this nature are becoming more and more common as this marks the fifth major breach of a U.S company in the past six months. Cyber criminals are beginning to utilize RaaS or Ransomware As A Service model to expand their operations by licensing their software out to other malicious actors who may not have had the technical capabilities to create their own ransomware. REvil ransomware has been one of the most advertised and prolific RaaS operations on the dark web since their inception three years ago. The gang netted over $100 million from similar attacks in 2020 and are poised to eclipse that value in 2021.
Netizen CEO, Michael Hawkins had this to add “As more and more companies pay ransoms while failing to put in place adequate preventative and restorative measures to ensure recovery from such events, attackers will only be emboldened to carry out more and larger scale attacks. This will become an endlessly increasing and more dangerous cycle of ransoms and payments until an end is put to it, perhaps through legislation. As Ransomware becomes more pervasive and easier to deploy, it is only a matter of time until our critical infrastructure, medical facilities, supply chain, and private businesses in particular, are severely hindered en masse, which could greatly impact the fledgling economic recovering post-COVID.”
What is the solution?
Organizations needed to move cybersecurity to the front of all discussions moving forward. Attacks like these are becoming far too common as companies everywhere try to balance the cyber risks of today’s world. All security policies need to be thoroughly reviewed and tested for real-world scenarios like this. What happens if your company loses access to their core systems and databases? How long would it take to rebuild from non-impacted backups? These are all questions organizations need to have the answers for to combat this rise in cybercrime.
Software development companies must start addressing application security at the beginning, middle, and end of their development process leveraging DevSecOps techniques and tools. Gone are the times where security was a forethought and often overlooked to rush out an application on time. User-facing applications have repeatedly been targeted in massive ransomware attacks just like this past one. The only way to move forward is to catch security flaws in the code before the product is launched.
For customers directly affected by this attack, Kaseya has released a tool including Indicators of Compromise (IoC) as well as two PowerShell scripts, one for endpoint scanning and the other for a VSA server. Kaseya has recommended these scripts be run in offline mode and to expect further security patches. “All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations” a representative from Kaseya had to offer.
Allentown, PA: Netizen Corporation, an ISO 27001:2013, ISO 9001:2015, and CMMI Level 3 certified Veteran Owned provider of cybersecurity and related solutions, has been awarded a contract for state-wide cybersecurity solutions for the Commonwealth of Massachusetts called ITS78 Data and Cybersecurity. Netizen was one of the only small businesses awarded this contract in all four cybersecurity categories.
Netizen intends to provide solutions under this contract for varying cybersecurity tasks throughout the Commonwealth of Massachusetts including compliance and data audits, risk assessments, and incident response services. Netizen also serves as an expert technical and cybersecurity advisor for numerous other government and commercial clients including the Department of Defense, Department of Veterans Affairs, Department of the Treasury, U.S. Army, U.S. Navy, and others.
“This is yet another demonstration of the capabilities of the Netizen Team, especially notable given that we were one of less than handful of smaller businesses to be awarded all four categories to support the cybersecurity initiatives of the Commonwealth of Massachusetts,” said Michael Hawkins, Netizen’s President and CEO. He added that this effort will also help strengthen the company’s capabilities and access to state and local government markets as they look to expand further following a year of growth.
About Netizen Corporation:
America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.
POINT OF CONTACT Tristan Boheim Marketing Manager 1-484-294-1331 press@netizen.net
Allentown, PA: Netizen Corporation, an award-winning Veteran-Owned provider of cybersecurity solutions, has been appraised at Capability Maturity Model Integration (CMMI) V2.0 Maturity Level 3 for government and commercial cybersecurity solutions. The Process Group led and conducted a comprehensive Benchmark CMMI appraisal (#54557) that included Netizen teams in Allentown, PA, Arlington, VA, and Charleston, SC. CMMI is a process improvement training and appraisal program used to gauge a company’s overall maturity in the delivery of customer projects. It was developed at Carnegie Mellon University (CMU) and is required for many U.S. government contracts.
Netizen’s compliance with CMMI process areas were appraised through the examination of many types of objective evidence, including interviews with senior corporate leadership, program managers, quality assurance personnel, and other organization employees to empirically demonstrate that standard processes are being followed and continually improved across the company. Maturity Level 3 indicates that Netizen is performing at a “defined” level of standardization. This maturity level is only achieved by companies that have well-defined, repeatable, and effective organizational standards and processes for project management, software engineering, services, and quality assurance while maintaining a focus on continuous process improvement.
“This CMMI Level 3 rating demonstrates Netizen’s ability to track, audit, and continuously improve our standards, processes, and quality across the entire organization. Along with our ISO 9001 and ISO 27001 certifications, it is also the clearest evidence yet that Netizen is a mature company with truly unique capabilities for delivering best-of-breed cybersecurity products and services to all of our customers in government, defense, and commercial markets around the world,” said Michael Hawkins, Netizen’s President and CEO.
About Netizen Corporation: America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.
POINT OF CONTACT Akhil Handa Chief Operating Officer (COO) 1-800-450-1773 press@netizen.net
Netizen Blog and News 
You must be logged in to post a comment.