Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Netizen Cybersecurity Bulletin (June 2nd, 2021)

    Overview

    • Phish Tale of the Week
    • Self-Promoting Cybersecurity Firms Doing More Harm Than Good
    • Almost 500,000 job openings in cybersecurity nationwide
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a warning notice that the client’s package was unable to be deliver. This email contains FedEx’s official logo as well a shortcut to fix this issue right in the email, so why not click “update address”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like FedEx will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
    3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that our that a package was unable to be delivered. We are then given a shortcut to update our address Phishing campaigns like this will almost always try to convince you to click on a link or shortcut to navigate you out of your email browser. Remember, if a link or shortcut looks suspicious, do not click on it.

    For more phishing examples from FedEx, check out this link.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Self-Promoting Cybersecurity Firms Doing More Harm Than Good

    Ransomware attacks are some of the most costly and destructive cyberattacks circulating the world today. They work through a malicious software being downloaded or applied to a target’s systems which then blocks access to information, encrypting the data, and demanding a ransom be paid to free up the systems. This type of attack recently gained national attention when the Colonial Pipeline was forced to pay a $5,000,000 ransom to a cybercriminal group known as DarkSide. In the race to combat these attacks many companies have begun staffing teams of trained cyber professionals to crack the cyphers attached to these attacks. After figuring out a way to bypass the ransom and thwart the hackers, many groups launch massive press releases or blog posts illustrating their victories. What if I told you the companies working around the clock to fight these cybercriminal groups may be doing more harm than good?

    Four months before DarkSide gained national attention over their ransomware exploits, antivirus company Bitedefender declared that it was “happy to announce” a major breakthrough. Bitedefender had been working on a solution to DarkSide’s ransomware and after finally making a breakthrough, they announced to the world that they would offer this tool for free to anyone affected by DarkSide’s activities. Unbeknownst to them, another pair had already uncovered this flaw in DarkSide’s ransomware.

    Fabian Wosar and Michael Gillespie are two names you probably have not heard of. They are not featured in the news or on television and that is they want it. Both Wosar and Gillespie belong to a group known as the Ransomware Hunting Team, a non-profit, invitation only group focused on combating cybercriminals and helping victims affected by ransomware. In December of 2020, Gillespie looked to team up with Wosar to isolate an encryption key to help speed up the recovery process that comes after paying Darkside’s ransomware bounty. The two gentlemen quickly discovered that their work isolating this one key could be utilized on other files that had been infected by DarkSide. Gillespie later posted a ground-breaking discovery to the rest of the Hunting Team that DarkSide was re-using RSA keys from previous ransomware attacks.

    For those unfamiliar, RSA is a public-key cryptosystem that is widely used for secure data transmission. RSA first generates a public key to encode data, then a private key is created to decipher it. RSA is used in many legitimate aspects of ecommerce and communications such as encrypting credit card transactional data and securing VPN connections between clients and servers. Unfortunately, its legitimate uses have been overshadowed by its repurposement as a tool for cybercriminals to help extort more money out of business owners.

    In review, was Bitedefender right to publish their findings? On one hand, disclosing this information immediately alerted DarkSide that people had found a loophole to avoid paying the ransom. On the contrary, Bitedefender has a national following and recognition and was probably able to reach a greater number of users than the Ransomware Hunting Team was able to.

    To read more about this article, click here.

    Almost 500,000 job openings in cybersecurity nationwide

    With life returning to some resemblance of normalcy job openings have begun to flood the marketplace. One of the most in-demand industries? Cybersecurity. Cyber Seek, a tech job tracking database from the U.S Commerce department reported that there are over 465,000 open positions in cybersecurity nationwide. For anyone looking to start or pivot to a different career in cybersecurity, the time is now.

    Recent increases in cyberattacks have helped spur an increase in demand for cybersecurity professionals. Companies are now more than ever looking to secure their information technology systems from outside threats. Both private businesses and government agencies alike are looking to fill these vacancies in desirable locations such as Florida, Virginia, California, and Texas. Vice President of research at CompTIA, Tim Herbert, had this to add “You don’t have to be a graduate of MIT to work in cybersecurity”. While going to a four-year university and pursing a degree in cybersecurity is one avenue towards a career in cyber, it is not the only one. Cybersecurity hopefuls could look to grab a Security+ or Network+ certification to help increase their marketability as a job candidate. Additionally, many companies offer 6, 8, or 10 week “boot camps” meant to prepare individuals with many of the skills they will need for a career in cyber.

    The largest catalyst for this tremendous amount of job openings is a lack of skilled workers. Many individuals see the responsibilities that come with working in cybersecurity and worry that they will not be able to fulfill them. “Cybersecurity is not rocket science, but it’s not like you can just walk in the door and take a job and pick it up like that”, Michelle Moore added, a cybersecurity professor at The University of San Diego. People looking to start a career in cybersecurity have to be willing to put the time and effort into honing this new craft. If they make that commitment, they will be rewarded with jobs helping secure our nations critical infrastructure and combating cybercriminals with many opportunities to take on more responsibilities.

    Calling all top-tier performers looking to drive innovation forward. We favor a “can do” attitude, dedication to continuous learning, commitment to teamwork, and keen attention-to-detail. Netizen, a national Inc. Magazine Best Workplace and HIRE Vets Platinum Medallion awardee, offers competitive pay and benefits plus ample flexibility, performance incentives, training, and career growth. Equal Opportunity Employer. Military Veterans/Family/Spouses welcome.

    Check out some of our open positions here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NETIZEN HIRES BRIAN KEATING AS DIRECTOR OF FINANCE

    NETIZEN HIRES BRIAN KEATING AS DIRECTOR OF FINANCE

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity products and solutions, has added Brian Keating to the executive team and named him Director of Finance for the company. Brian is an accomplished financial and operations executive with a diverse skillset and extensive experience in the founding, funding, growing, acquisition, and management of companies of all types and sizes.

    At Netizen, he is responsible for all corporate accounting and finance operations. He has a degree in Management from Bryant University and holds Certified Financial Planner (CFP) and Project Management Professional (PMP) certifications. Brian previously served in senior leadership roles with some of the most successful companies in the Washington, D.C. area and as an independent executive consultant before joining Netizen. He is based at the company’s Washington, D.C. metro area (Northern Virginia) location.

    Additional details, photographs, and biographical information can be found for Brian on the Netizen website at https://www.Netizen.net/about/leadership.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT:

    Akhil Handa // Chief Operating Officer

    Email: press@netizen.net

  • Colonial Pipeline Ransomware Attack: What happened and how we move forward.

    Colonial Pipeline Ransomware Attack: What happened and how we move forward.

    Americans on the East Coast have found themselves on the wrong end of one of the most impactful ransomware attacks this country has ever seen. The FBI reported earlier this week that a group known as DarkSide has claimed responsibility for an attack that caused the shutdown of the Colonial Pipeline. On Friday, May 7th, Colonial announced that they had halted all operations and frozen their IT network to begin remediation and repair of their affected infrastructure. Colonial transports over 100 million gallons of fuel daily over 5,000 miles from Texas to New York, supplying 45% of the East Coast’s diesel and gasoline for consumers ranging from every-day citizens to airports and military bases.

    How did this happen?

    On May 7th, Colonial Pipeline announced that they were ceasing operations immediately and that their network had been compromised by a ransomware attack. The initial attack vector in the Colonial Pipeline attack has yet to be uncovered, but experts have disclosed that the attack was focused on the business side of the Pipeline, not the operational. This reinforces previous ideas that this attack was for a monetary incentive, rather than disrupting the infrastructure of the United States. While this attack is unique in scale, ransomware is nothing new to the U.S.

    Ransomware is a type of malware that once infected into a user’s systems, locks the user out and encrypts their data. A “ransom” is then required to be paid to regain access to their data. The targets of these attacks vary, but in recent years there has been a major uptick in the amount of private businesses and government organizations, including critical infrastructure providers, that have been specifically targeted. In 2018 the cities of Atlanta and Allentown were both hit with a ransomware attack that crippled their entire IT infrastructure and affected everything from tax payments to traffic lights. Many victims have repeatedly turned a blind eye to warnings that were made about their environment, specifically a January 2018 audit in Atlanta, for example which uncovered 1,500 – 2,000 known vulnerabilities in their systems. This audit showed that the city was drastically neglecting their cybersecurity processes, and then they were hit with an attack.

    What does this mean?

    How could a company that is so crucial to our nation’s infrastructure lack the necessary cybersecurity measures to defend itself from an attack like this? Our nation’s energy grid is one of the most critical pieces of infrastructure in the country, yet private companies who do not view cybersecurity as a key issue own nearly 85% of the market. This leaves most of our nation’s energy grid unregulated to a large degree when it comes to cyber protections. Many of these utility providers rely on systems that are running decades old tech in what is essentially a modern-day cyber battlefield and they just aren’t equipped well enough to defend themselves. Netizen’s COO, Akhil Handa, had this to add “Even though government regulatory agencies exist, there is no standardized process for which these companies look to measure their cybersecurity readiness against..”

    What is the solution?

    No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.

    We need to have an open conversation with key businesses that make up our nation’s infrastructure and determine what measures they are taking to protect their cyberspace. Additionally, we need to start moving towards architecture like Zero Trust Security to help ensure issues like this do not arise again. The time for action is now. We must work together to hold businesses accountable for their actions and move towards creating a more secure cyberspace.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Zero Trust Security: A new blueprint to fight cybercrime.

    Zero Trust Security: A new blueprint to fight cybercrime.

    This past year was one like no other. Masks became the new fashion norm, workers traded office life for remote work, and video meetings became our main vessel for communicating with one another. While the world was busy fighting one issue, another swiftly arose. Cyber crime is on the rise across the globe. According to the F.B.I. in 2020 internet and cybercrime complaints rose to 791,790 up 69% from just 467,361 complains the year before. Coincidently the revenue lost due to cybercrime also soared going from $3.5 billion lost in 2019, to $4.2 billion in 2020. This rise in cybercrime and cyber attacks has led information technology professionals to discuss how best to combat this issue, their answer? Zero Trust Security. 

    What is Zero Trust? 

    Trust nothing, verify everything, and assume a breach has already occurred. These are the main principles of Zero Trust Security that outline how an organization should view their security posture. First, there should be no default trust permissions within the secured environment. Pretend that every device is facing the internet and can be used as a potential attack vector. The next step is to always require verification for every device/user across the network. When someone remotely access the network from their mobile device, treat them as though this is their first time ever signing on. Make sure that this process is repeated when they try to pivot to a separate part of the network. Just because someone has access to files for one department, does not mean they should have access to other sections. Finally, always assume the worst. Organizations should operate as though they have already been breached, further securing credentials and access to sensitive information to only users who have the express permissions to access them.  

    While the Zero Trust Security model is relatively new, it has already begun to impact the way companies look to defend their networks. Netizen COO, Akhil Handa, recently had this to say on the matter “ Zero Trust is changing the way companies are looking at Cybersecurity and has really come to the forefront during this time where the work force is shifting to remote. Zero Trust revolves around the methodology that requires organizations to implement strict verification processes for people and devices connections prior to giving them access to the network and data. Organizations are now turning to Zero Trust security rather than just spending money defending the perimeter.”

    The Pillars of Zero Trust Security:

    The Zero Trust Security Model consists of six main pillars of security. The first of these pillars is users or workforce security. This pillar revolves around the overarching need to ensure that users have the correct permissions and are authenticated each time they access the network. With Zero Trust, we make sure that users only have access to the information that they need and their accounts cannot be used to access further systems. The next pillar focuses on device security. Every device should be treated as a potential threat vector under Zero Trust security. These devices have their access granted on a per-session basis and have no shared credentials or trust permissions. Following device security, the next pillar is network security. This pillar revolves around the need for micro-segmentation of the network to reduce the risk of an outside attacker being able to pivot across the network to multiple resources. Companies can look to create multiple inspection points across their network to help reduce any suspicious lateral movement.

    The next pillar is workload security which refers to the applications, digital processes, and public and private IT resources used by an organization for operational purposes. Security is wrapped around each workload to prevent data collection, unauthorized access, or tampering with sensitive apps and services. The next pillar is data security which entails properly categorizing data. Once categorized, the data can be isolated where only the individuals that need the data can access it. This section also includes where the data should be stored and any encryption processes. The final pillar of Zero Trust Security is analytics. This last pillar deals with the continuous monitoring of the micro-perimeters we have set up throughout the environment and the tracking of log data to find any indicators of a breach.

    How to get started:

    Netizen CEO, Michael Hawkins, had this to say for companies looking to get started on Zero Trust. “The first step is identifying what adoption means for your organization, does Zero Trust fit into your current risk profile and operational capabilities (ability to support). For example, Zero Trust relies heavily on things like identify management, asset management, network segmentation, and threat intelligence, which are skillsets that many businesses would not have in-house. Also, as a relatively new concept, there are still many emerging ideas and products out in the market and standards are still being formalized. So, to surmise, the first step would be assessing whether Zero Trust is right for your organization given the capabilities of your organization and other factors. After this, identification of processes and tools necessary for successful implementation would be next, along with documenting current and to-be network topologies and creating a plan that is incremental enough so as not to overwhelm existing staff.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (April 13th, 2021)

    Netizen Cybersecurity Bulletin (April 13th, 2021)

    Overview

    • Phish Tale of the Week
    • 533 Million Facebook Users’ Personal Identifiable Information Leaked Online
    • Fleecware Apps Accumulate $400M in Revenue
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting JPMorgan Chase account holders. This email appears to be a warning notice that the client’s account has been put on hold. This email contains Chase’s official logo as well a shortcut to fix this issue right in the email, so why not click “verify account”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like JPMorgan Chase will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
    3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that our account has been put on hold. We are then given a shortcut to verify account an unfreeze our account. Phishing campaigns like this will almost always try to convince you to click on a link or shortcut to navigate you out of your email browser. Remember, if a link or shortcut looks suspicious, do not click on it.

    For Chase specific recommendations find more here.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    533 Million Facebook Users’ Personal Identifiable Information Leaked Online

    Facebook has come under heavy fire after it was reported that over 533 million Facebook users worldwide had personal identifiable information (PII) leaked earlier this month on a popular hacking forum. troves of information are believed to have stemmed from the 2019 data breach that saw Facebook housing hundreds of millions of users’ records on a public server. The personal information that was leaked included full names, Facebook ID’s, locations, gender, email addresses, and other profile details for the over half a billion users affected. In a shocking discovery, it was also revealed that the personal phone numbers of Facebook CEO Mark Zuckerberg, and co-founders Dustin Moskovitz and Chris Hughes were also leaked in this breach. In total, over 533 million Facebook users in 106 different countries were impacted by this leak.

    Researchers have rushed to uncover how this data was leaked and it appears the culprit was an old Facebook tool put in place to connect users’ phone records to potential friends on Facebook. Prior to 2019, Facebook had a contact importer tool to help users link up existing contacts on their phones to simplify the whole process of adding contacts manually. The tool would reference contact list phone numbers to any Facebook accounts associated with them and then suggest these users to be added as friends on Facebook. The whole process was created to help make it easier to get started when you first sign up for a Facebook account. However, in 2019 Facebook became aware that malicious actors had exploited this tool to mass scrap millions of user records from their site.

    Since the news of this most recent leak, Facebook announced that they have no plans to notify users who had their data exposed. They noted that this data was already scraped from public profiles using their “contact importer” feature in 2019, but have since adjusted this feature to prevent this from happening in the future. Additionally, Facebook claimed that since this data was scraped from public profiles that they would have no way to be certain about which users were affected and would need to be notified. Luckily, we’ve found a website on link that will tell you if your email or phone number has been used in a data breach. Visit https://haveibeenpwned.com/ to check if you’ve been affected.

    To read more about the latest Facebook breach, click here.

    Fleeceware Apps Accumulate $400M in Revenue

    What happens when you forget to cancel that 1-month free trial you agreed to for a new app on your phone? Sometimes you will be charged a small fee or an instant renewal cost, but in some cases those charges may be a lot higher than people expect. Researchers from Avast have uncovered approximately 204 fleeceware apps in Apple’s App Store and the Google Play Store. “Fleeceware” is type of mobile malware application that comes with hidden, excessive subscription fees. These apps prey upon people who do not know how to cancel a subscription or are less likely to, leading to exorbitant account charges over a period. Fleeceware usually lures targets in with a free trial, before the automatic payments begin to kick in. Avast reported that some of these subscriptions can reach up to as much as $3,400 a year.

    To break these apps down by operating system, a total of 134 apps were found on Apple’s iOS platform with projected revenues of $365 million, while 70 fleeceware apps were uncovered in the Google Play Store with projected revenues of $38.5 million. What makes these apps so profitable is the niche that they fulfill. Most of these apps are easily marketable, viral applications like photo editing software, horoscope readers, music lessons, or astrology boards. These applications are ones that people would normally scoff at paying money for, with so many free options in the marketplace. However, when an advertisement to “test trial” the paid version of these applications with promises of “exclusive features” gets to most users, people want to try these applications themselves.

    The crazy part about this scam is that these apps appear to be real, legitimate applications when viewed in their respective app store. They have product descriptions, impressive user reviews, and visually pleasing API’s, all to make these apps look as real as possible. One of the first ways to spot scams like these is to scan through a few pages of user reviews. Scammers will often try to bury bad reviews under a mountain of fake reviews, but most app stores will prioritize “active” community member reviews on most applications. To get to these reviews select the “most helpful” or “most relevant” drop down and see what actual people have to say about these applications. Another way to combat these scams is to always read the fine print. Make sure to comb through the “in app purchases” section and familiarize yourself with the terms and conditions you are agreeing to. Many times these scams will rely on people not noticing the exorbitant costs that are right in front of them, and instead skipping over all the terms and services with their purchase. Finally, keep a critical eye on all purchases over the internet. Today’s digital age has seen a massive increase in the number of malicious actors looking to dupe unsuspecting individuals into giving over payment or personal information. If an advertisement looks too good to be true, chances are it is.

    Find more about this article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NETIZEN CEO NAMED TO THE “POWER 100” LIST OF THE MOST INFLUENTIAL PEOPLE IN THE LEHIGH VALLEY

    NETIZEN CEO NAMED TO THE “POWER 100” LIST OF THE MOST INFLUENTIAL PEOPLE IN THE LEHIGH VALLEY

    Allentown, PA: Netizen Corporation’s Founder and CEO, Michael Hawkins, has been named to the “Power 100” list of the Lehigh Valley region’s most influential people by Lehigh Valley Business. According to the publication, the inaugural Power 100 list is “a showcase of power players who are leading the Greater Lehigh Valley community into the future. They are business owners, CEOs, lawyers, public servants and elected officials…who make decisions that impact lives, inspire success and spark innovation.” The Lehigh Valley is one of the fastest growing areas in Pennsylvania and the northeastern United States. With a population nearing one million people, the area has been routinely cited as a national success story for its robust growth and development.

    The recipients of this prestigious award were hand selected by a special Lehigh Valley Business editorial panel who took into consideration those individuals who make our laws, build our homes and highways, protect our health and safety, educate our children, support the vulnerable, and provide the spark that inspires innovation and economic growth. An individual profile for each recipient was published in the March 29th edition of the publication both online and in print.

    “I am beyond humbled to have been recognized for such a prestigious accolade and counted amongst such an incredible cohort of leaders and professionals from across this amazing region,” said Michael Hawkins. He added that Lehigh Valley Business also published a custom print and online profile for each recipient, and his can be found at https://www.lvb.com/michael-wayne-hawkins/.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.

    POINT OF CONTACT:

    Doug Ross // Chief Strategy Officer

    Email: press@netizen.net 

  • Microsoft Exchange Hack: What happened and what we learned.

    Microsoft Exchange Hack: What happened and what we learned.

    On March 2nd 2021, tech giant Microsoft announced that they had uncovered major vulnerabilities in their popular mail server Microsoft Exchange. In a later statement, Microsoft announced that a Chinese-backed group known as Hafnium had begun exploiting these vulnerabilities which lead to an immediate response from Microsoft to warn all Exchange users. Shortly after this announcement, Microsoft released a patch for Exchange versions 2010, 2013, 2016, and 2019 effectively remedying these vulnerabilities in the update. With Microsoft Exchange being used across the world, it is believed that over 250,000 different organizations were affected by this hack. In the past, Hafnium has targeted U.S based institutions such as defense contractors, think tanks, and NGO’s. Currently, the motives of Hafnium are still unknown, but experts believe that this is only the beginning of a massive security breach across numerous companies.

    How Did we Get Here?

    Microsoft was made aware of four zero-day vulnerabilities in their widely used mail service, Exchange, in early January 2021 by an incident response company known as Volexity. Volexity detailed that numerous threat actors had begun exploiting these vulnerabilities across Exchange to gain access to information and data from a litany of companies. This information comes after Microsoft was warned by The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) that hackers were targeting a critical vulnerability found in Exchange in April of last year.

    The four zero-day vulnerabilities known together as ProxyLogon, target on-premise Exchange Servers through version years 2013, 2016, and 2019. However, Microsoft stated Exchange Online and Office 365 are not affected by these vulnerabilities. The first of these vulnerabilities is a server-side request forgery or SSRF for short. This vulnerability could allow an unauthenticated remote actor to send a specially crafted HTTP request to a vulnerable Exchange server to harvest the contents of users’ mailboxes. Another vulnerability that is being exploited is an insecure deserialization vulnerability. If paired with another vulnerability or an employee’s credential, an outside threat-actor could gain access to code within Exchange that can provide system level access. The final two vulnerabilities are both post-authentication arbitrary file write vulnerabilities. If an attacker was able to first gain authentication into the Exchange server, they could then write to any files on the vulnerable server. If left unpatched, these vulnerabilities can lead to a hacker being able to create a web shell to hijack the system and execute commands remotely.

    What does this mean?

    This hack has exposed numerous vulnerabilities across Microsoft’s Exchange email server. While the initial breach was conducted by a Chinese state-sponsored group known as Hafnium, other groups have begun to join in the frenzy. Experts believe that up to ten other hacker groups have started to exploit these vulnerabilities to on-premise Exchange servers across the globe. While Microsoft has yet to release what they believe was the goal of this hack, it is clear these attackers were looking to gain system wide access and harvest key user account information. This information includes emails, address books, and other account specific data housed on the Exchange servers.

    What is the solution?

    No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.

    For any organization directly affected by this attack or that uses an on-premise version of Exchange, immediately apply the security fixes that Microsoft has released. Microsoft has also released the Microsoft Exchange On-Premises Mitigation Tool that was designed to assist consumers that may not have the proper IT infrastructure or staffing to help with damage control from this breach. Following the initial patch, contact your managed serviced provider or IT department to determine what information may have compromise across your systems.

    While there was no warning of this attack for most companies, businesses can look to better secure their networks through round-the-clock network monitoring, network segmentation, routine assessments, and proper evaluations of third-party software. Effective network segmentation would make sure that even if a threat actor was able to gain access to your systems, there would be security measures in place to make sure they weren’t able to get past their initial entry point.

    As always, a culture centered around basic cyber hygiene can go a long way towards containing future attacks and mitigating the damage caused by them. Make sure to use strong, unique passwords for every account and never duplicate passwords. This way, if employee credentials are stolen, they don’t unlock more access to multiple sites. Also be mindful of what you click on when scrolling through emails or the internet. In many cases, the first point of attack is through an email or attachment. If you think something looks suspicious, immediately report it to your network administrator or IT staff. Cybersecurity starts at the ground level. Organizations need to prioritize cybersecurity training for all employees to teach better cyber habits and secure their networks.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • NETIZEN PART OF TEAM AWARDED $75M DEPARTMENT OF VETERANS AFFAIRS COMMUNITY CARE SUPPORT CONTRACT

    NETIZEN PART OF TEAM AWARDED $75M DEPARTMENT OF VETERANS AFFAIRS COMMUNITY CARE SUPPORT CONTRACT

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity and related solutions, is part of a team led by VetsEZ Inc. that has been awarded the Department of Veterans Affairs (VA) Community Care Product Line (CCPL) support task valued at $75,000,000 over three years. The scope of the contract includes Software Development Security Operations (DevSecOps) support and Essential Scaled Agile Framework (SAFe) engineering solutions to aid the VA in restructuring and combining it’s various CCPL technical support programs. This will ultimately enhance the security and efficiency of relevant VA software and systems to best serve the nation’s veteran population in community care settings.
     
    Netizen provides solutions under this contract, which began March 1st, including software security operations support for one of the VA’s most in-demand, complex, and critical nationwide programs. As such, they anticipate hiring for multiple new positions in coming weeks. Previously, Netizen also served as an expert technical and cybersecurity advisor for the Lehigh Valley Health Network’s Veteran Health Program (VHP), which was one of the first efforts of its kind anywhere in the nation to pilot the secure sharing of veteran treatment data with private sector care providers through the VA’s Community Care Network, known previously as the “Veterans Choice Program.”
     
    “This is the type of effort that we, as a veteran-owned company, hold near and dear to our hearts. The solutions we provide here will directly aid in the provisioning of more accessible, efficient, and secure care and benefits for our nation’s veterans,” said Michael Hawkins, Netizen’s CEO and a U.S. Army veteran. He added that this effort will also strengthen the company’s capabilities in DevSecOps, which is a practice designed to improve the security, quality, and reliability of mission-critical software systems.
     
    About Netizen Corporation:
    America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.

    POINT OF CONTACT
    Doug Ross
    Chief Strategy Officer (CSO)
    1-800-450-1773
    doug.ross@netizen.net#####

  • Netizen Cybersecurity Bulletin (March 12th, 2021)

    Netizen Cybersecurity Bulletin (March 12th, 2021)

    Overview

    • Phish Tale of the Week
    • U.S issues warning after Microsoft says China hacked its mail server program
    • Ransomware as a service is the new big problem for business
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Apple customers. This email appears to be a notification about a status update for your Apple account. This email contains Apple’s logo as well a link to fix this issue right in the email, so why not click “verify your account”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like Apple will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous ones you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
    3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that some of our account information appears to be missing or incorrect. We are then given 24 hours to remedy this issue. Phishing campaigns like this will almost always attempt to create urgency by requiring a response in a short time period. Additionally, they are asking for our information which should already be on file. Remember, never give out any of your personal information to random links on the internet.

    For Apple specific recommendations find more here.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    U.S issues warning after Microsoft says China hacked its mail server program.

    The U.S government released an emergency warning shortly after Microsoft announced they had caught a group hacking into Microsoft Exchange, a mail and calendar server program. In Microsoft’s initial investigation they believe to have uncovered the origins of the hacker group and “with high confidence” believe them to be working for the Chinese Government. This ploy, seen as another escalation of cyber espionage between China and The United States promoted the U.S Cybersecurity and Infrastructure Security Agency, or CISA for short, to issue an emergency directive requiring all government entities to update their Exchange servers immediately. In the past, CISA has rarely taken such direct action in exercising its authority as the country’s premier agency on cybersecurity. In a statement to the public, CISA reported “The move way necessary, because the Exchange hackers were able to gain persistent system access”. From time of the emergency directive going out, government agencies will have until noon Friday, March 12 to download the latest software update.

    In a separate statement, Microsoft’s Vice President Tom Burt warned the public that these hackers were spying on a wide range of American targets. Businesses from defense contractors to law firms and diseases research centers were included in the brief from Microsoft. At this time Microsoft believes that no individual consumers were targeted in the reported hack on Exchange, but would like to caution everyone to add an added level of scrutiny to any correspondences over their mail servers.

    While no significant exploitation or damage to government computer networks was detected in this hack, experts believe these events will grow more frequent in the coming months. This event marks the second time in the past few months that the U.S has had to react to a widespread hacking campaign from foreign actors. The Department of Homeland Security and CISA are still reeling from late last year’s SolarWinds breach that saw hundreds of companies and government agencies affected by a similar hack.

    To read more about the latest Microsoft breach, click here.

    Ransomware as a service is the new big problem for business.

    Imagine a service where instead of having to plan a heist and go in-person to rob a bank, criminals could rob the bank without ever stepping foot into it. For many businesses, this scenario is beginning to sound more and more familiar with ransomware as a service rising in sectors like education, public health, and manufacturing. Ransomware as a service or (RaaS) for short is the use of predeveloped malware that is then leased or sold from one threat actor to another and then distributed in malicious ransomware campaigns to either individuals or companies alike. What makes RaaS so dangerous is that it empowers relatively low-skill hackers and gives them the opportunity to pay for malware that they would not have been able to create on their own.

    Researchers at cybersecurity company Group-IB have determined that almost 66% of ransomware attacks that were conducted in 2020 came from criminals using RaaS. What is even more alarming is that ransomware affiliate schemes are on the rise as well with 15 new affiliate schemes appearing in 2020. These affiliate programs allow developers of malware to spend their time developing their viruses instead of worrying about where to deploy them, while also lowering the initial risk these developers face. In turn, affiliate programs allow want-to-be hackers the tools and techniques of successful ransomware campaigns without needing to have prior knowledge of malware development or how best to distribute it.

    With companies making the switch to largely remote work environments in 2020, we saw an increase in the number of publicly accessible RDP servers. Many of these servers became the initial points of access for ransomware operators. Thankfully, there are a few precautions companies can take to help mitigate their risk of attacks like this happening in the future. One of the first precautions is for companies to implement more stringent password requirements to access their RDP servers. Having strong and unique passwords for different accounts means that one password will not be the key that opens up every door. Another security measure we would recommend is to restriction the IP addresses that can access your RDP connections and setting limits on the number of login attempts over a certain period of time. Finally, adding multi-factor authentication security protocols would help limit access to high-value data and create a second step to gain access to any information.  All these security measures coupled with a culture centered around cybersecurity are great steps towards keeping your business secured in 2021.

    Find more about this article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Oldsmar Water Treatment Facility Breach: What happened and what we learned.

    Oldsmar Water Treatment Facility Breach: What happened and what we learned.

    Earlier this month, a Florida wastewater treatment plant’s computer system was compromised by an unknown threat actor. This hacker was able to remotely gain access via an employee’s login credentials and attempted to alter the chemical composition of the public water supply to dangerous levels. Thankfully, a plant operator was watching this all unfold and quickly reversed any changes made to the water supply before they went into effect.

    How did we get here?

    Experts believe the hacker gained remote access to the water treatment plant’s system by stealing employee login credentials. These credentials were then used to access software on the system known as TeamViewer. TeamViewer is a relatively common application for many industries making the switch to remote work. This app allows the user to access a computer system remotely and operate as if they were there operating the system manually. Normally, TeamViewer is used for a variety of tasks from troubleshooting common IT problems to making remote network changes. In this instance, the hacker gained access to Oldsmar, Florida’s water treatment center through TeamViewer and attempted to modify the levels of Sodium Hydroxide, or lye in the city’s water supply. The change in the water levels took the lye levels from 100 parts per million to 11,100 parts per million which would have contaminated the water to a drinking level that would have been poisonous. An operator at the water treatment facility noticed someone attempting to gain access remotely to the system earlier in the day and thought it suspicious. When the same activity occurred later that afternoon and the lye levels were raised, he quickly reverted the changes and notified his supervisors that a breach had occurred.

    What does this mean?

    While attacks like this are growing more and more common, businesses and government entities need to prioritize cybersecurity. The growing shift in remote work has created a litany of potentials threats for IT Teams to worry about. This shift has also led to the reliance in some third-party applications and tools that when paired with compromised employee credentials can be detrimental to an organization. Another issue that has arisen is that the digitalization of the utility industry and their push to make remote work more accessible has made them more susceptible to outside attacks. While larger facilities, such as those outside of major metropolitan areas already have more complex security measures, many of these smaller centers do not have the same level of security.

    What is the Solution?

    No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021. Additionally, local governments need to reassess how secure many of their utility facilities are and what is the likelihood of an outside breach. This reassessment coupled with round-the-clock monitoring, network segmentation, and routine assessments are a great step forward to help prevent these attacks in the future and mitigate the damage if they are successful.

    Looking past this, a culture centered around basic cyber hygiene will go a long way towards preventing these attacks. Starting at the ground level, companies and government organizations should look to implement cybersecurity training when employees first get onboarded. Additionally, Netizen protects critical IT infrastructure for companies large and small. Companies are able to leverage our proven cyber expertise, advanced tools, and 24/7/365 Security Operations  Center (SOC) monitoring at an affordable cost. We also offer a suite of tools, named Overwatch, that continuously scans networks, systems and applications to uncover and track risks and compliance issues.

    Questions or Concerns? As always, feel free to reach out to us anytime at https://www.netizen.net/contact