The Cybersecurity Maturity Model Certification (CMMC) was created by the Department of Defense (DoD) in order to put a cybersecurity assessment model and certification program in place. The CMMC is a unified standard for implementing cybersecurity across the defense industrial base.
Contractors used to be responsible for implementing and monitoring the security of their information systems. While they are still responsible, the CMMC changes these standards and requires third-party assessments of contractors’ compliance with certain mandatory practices, procedures and capabilities that can adapt to new and evolving cyber threats and adversaries.
Who does it apply to?
The initial requirements of the CMMC were released in January of 2020. The first to adopt were a small selection of organizations. Eventually, all DoD contractors will be required to obtain a certification, including all suppliers at all tiers along the supply chain, commercial item contractors, small businesses, and foreign suppliers.
It is noted that it may be as early as June of 2020 that the DoD begins to include minimum certification requirements in requests for information and September of 2020 for requests of proposals. It is important that certification preparation begins immediately.
Levels of compliance (1-5)
The levels of compliance act as building blocks, ensuring with each level advancement, the prior levels are also in practice.
Level 1: Basic Cyber Hygiene – Performed
Requires companies to use antivirus software or ensure employees change passwords regularly to protect any Federal Contract Information, or information generated for the Government under a contract.
Level 2: Intermediate Cyber Hygiene – Documented
Requires that companies document processes including SOPs, policies, and strategic plans in order to protect any Controlled Unclassified Information (CUI).
Level 3: Good Cyber Hygiene – Managed
Requires a company to have an institutionalized management plan to safeguard CUI. This includes all the NIST 800- 171 r2 security requirements as well as additional standards.
Level 4: Proactive – Reviewed
Requires companies to implement processes for reviewing and measuring the effectiveness of practices as well as have addition practices detect and respond to advanced persistent threats.
Level 5: Advanced/Progressive – Optimized
Standardized and optimized processes are required to be in place. APTs are required to be detected and must be responded to at this level. These processes must be implemented company wide.
This is only the beginning of a shift in our industry’s culture revolving surrounding the topic of internal cybersecurity. All DoD contractors are advised to learn the CMMC’s requirements and plan for certifications. To help DoD contractors prepare, we are offering a FREE initial assessment to determine gaps in your CMMC readiness. Contact us to ensure you have what you need to succeed. Our cybersecurity experts will start you on the path to full compliance, today.
ALLENTOWN, PA: Netizen Corporation, an ISO 27001 and ISO 9001 certified provider of cybersecurity solutions for defense, government, and commercial markets, was awarded a multiple-year Blanket Purchase Agreement (BPA) contract by the US Army on April 28th with a total value of up to $9.2M for a variety of cybersecurity solutions in support of the Project Manager Soldier Training (PM ST) in Orlando, Florida.
PM ST’s mission is to provide a full echelon of sustainable live and virtual training solutions enabling Soldiers, Units and Leaders the ability to maintain Readiness at all times. This new single-award BPA contract includes a 12-month base period of performance and four 12-month option periods, totaling up to five years in duration. Netizen will be supporting critical programs across the PM ST portfolio by providing expert cybersecurity engineering, assessment, and NIST Risk Management Framework (RMF) solutions in Orlando and other locations stateside and overseas.
“Netizen is renowned for our unique level of specialization, as our team members are amongst the most highly experienced cyber professionals anywhere, and our products and solutions are trusted by customers worldwide. We look forward to continuing our work with this key customer for years to come by providing PM ST with the best possible value and expertise,” said Michael Hawkins, Netizen’s Founder and CEO.
He added that Netizen anticipates expanding the company’s presence in Orlando to support this and other efforts such as their fully paid education program, Netizen Academy. This program will identify, train, certify, mentor, and staff the next generation of cyber professionals to meet ever-increasing industry demand. Netizen Academy targets recent college graduates, transitioning service members, veterans, and others seeking to be up-skilled for a rapidly-growing career field while getting paid to do it.
ABOUT NETIZEN CORPORATION
America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite tools.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support. Learn more at Netizen.net.
Remote work is here to stay and, as the most recent COVID-19 pandemic declaration is beginning to demonstrate, it can be a highly effective disaster mitigation and recovery strategy when implemented properly. However, too many companies and other organizations have been caught unprepared technologically, and attackers have been waiting for just such an opportunity to pounce. My intent here is not to argue the merits or drawbacks of remote work in its various forms as a daily practice, but rather to highlight some of its inherent risks when implemented on such a vast scale so quickly under the impetus of external factors.
The first of these risk factors is social. Various studies have shown that a majority, at least, of human communication is in the form of body language and other nonverbal forms. Lacking inflection, tone, and posturing, many electronic communication media that so easily facilitate remote work also make it harder to determine legitimate from illegitimate communications without an effectively trained workforce that is adept in identifying attempts at misleading them into taking actions harmful to the organization. Take for instance email. Now, we all get bombarded with attempts to steal passwords, data, and documents on a daily basis, also known as Phishing. Spear Phishing, however, is becoming much more prevalent and are essentially the more highly targeted forms of routine Phishing. Spear Phishing leverages publicly available information on a person to either manipulate or impersonate them. It can often be hard to detect, especially when relying predominantly on email for communication amongst your newly remote workforce.
When you work in an office and you receive an email from someone two cubicles over telling you they need “all the company payroll data,” it is easy to verify the validity of that request with a short walk, a discussion about the rationale, talking to a supervisor to ascertain the person’s authorization to access the information, and responding accordingly. What such processes are in place for your remote workforce? It can be done, but typically involves a more asynchronous form of communication; you send a message, move on to other work whilst awaiting a response, and proceed from there. But what if the message was far more urgent? The recipient would then have to make a snap decision on the validity of the request, and this is a tactic that attackers leverage to coerce their intended target more effectively, especially if the “request” seemingly comes from a someone in a position of authority. That split-second decision, especially when perceived to come from an authoritative resource within the organization, can make-or-break your company. This is why mandatory training on common social engineering attacks (like Phishing) should be implemented routinely (i.e. annual at the very least), especially for anyone participating in remote work. Making so called “cyber hygiene” training a mandatory requirement for remote work participation is also a good idea. Doing so will inform your remote workforce of the processes used for validating and responding to requests while more easily identifying and reporting the malicious ones.
Training is great, but it can’t do everything. The second risk factor is purely technological. The systems and tools you use to facilitate remote work are crucial to success, but also play an outsized role in the security and confidentiality of your data now, too. It is inevitable that some employees will attempt to leverage personal devices for work related tasks. What sort of controls does your organization have in place to manage corporate data, even if processed using a personal device? A solid mobile device management (MDM) suite along with data rights management (DRM) policies will help prevent leakage or loss of sensitive data on portable devices, even personally-owned employee ones. For instance, Office 365 has exceptional MDM and DRM policies and filtering that can be set up rapidly to prevent the transmission of sensitive data, like financial information and social security numbers. MDM can also provide functionality to remote-wipe a device if lost and enforce security protocols such as strong passwords and data encryption. Even better, Microsoft provides their comprehensive Security and Compliance Center to visualize threats, alerts, and other critical information pertaining to the overall security posture of your organization. This is just an example of one provider offering, there are many others – it’s more important that you leverage the tools you have effectively than to choose one particular vendor over another. Companies that specialize in these types of remote security management can provide cost effective expertise to mitigate your biggest cyber threats that a remote workforce creates and help prevent hundreds of thousands or even millions of dollars in breach remediation costs.
The last portion we will discuss here is policy. Training, Policy, and Technology is sort of the “iron triangle” of basic cyber preparedness. Without one side, the rest will fall. Policy need not be bureaucratic to be effective, contrary to many practices. A solid set of policies and documentation will guide employees on what to do and what not to do while standardizing your response to incidents, implementation of security procedures, and provide a reporting structure so everyone is properly informed and knowledgeable, regardless of their workplace location. Essential policies that your organization should already have go beyond simple things like password requirements and deeper into areas such as electronic resource availability (e.g. file sharing), personal device usage (e.g. BYOD), connectivity requirements (e.g. VPN usage, email, etc.), physical workplace restrictions, and contingencies in the event of breach or loss of connectivity. Defining and describing these things ahead of time will go a long way in preparing your workforce for the security challenges of remote work. It will also provide a standard “playbook” so to speak from which everyone within your organization can operate from. Once policies are in place, it is a good idea to have employees review and sign them along with a comprehensive remote work agreement that outlines their responsibilities, duty hours, requirements, and other attributes. Many companies have standardized templates and can help you get started quickly with such policies, but they are of little use if not enforced. Enforcement of policies requires discipline, as it would be easy to make exceptions for every little bump in the road, but that is not safe. While your chosen policies should not hinder the work of remote employees, it still has to ensure the safety and security of your data that is now being transmitted off-site. There is a balance, and each organization has to fine theirs based on risk profile and what level of risk is considered acceptable to your operations.
I’ve gone over some of the basics of remote work security, focusing on the core attributes of training, policy, and technology. This is a framework from which to get started with securing your corporate data as it moves out of the office and across the country. Keep in mind there are other aspects, legal and supervisory for example, that aren’t covered but also important. Many companies will also have far more complex requirements, and should not hesitate to retain experts in implementation for the simple reason that an ounce of prevention is worth a pound of cure. The “cure” in this instance, being the remediation of often disastrous and costly effects of a breach that include loss of customer confidence, legal fees, higher insurance premiums, and lost business. As the size of the world’s remote workforce increases year after year, every organization should be prepared to take advantage, even if only for use in mitigating the impact to business operations of external factors. Leaders must be aware of the ever-shifting landscape of tools, technologies, and threats to such operations, however, in order to stay ahead of the curve, and the best way to do that is to rely on experts.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has been named the nation’s second-fastest-growing veteran-owned business by Inc. Magazine and the Institute for Veterans and Military Families (IVMF) at Syracuse University on their annual Vet100 list of the most successful veteran-owned companies in the United States.
Netizen has also been ranked as the 47th fastest-growing private company and the fastest-growing cybersecurity company in the United States on the Inc. 5000 list of the nation’s most successful businesses. These are the highest rankings that a company based in the Lehigh Valley region of Pennsylvania have ever achieved on the Vet100 and Inc. 5000 lists, according to published records on the official program website.
Syracuse University’s IVMF is higher education’s first interdisciplinary academic institute, focused on advancing the lives of the nation’s military veterans and their families. As a result of this special recognition, Netizen leadership will be attending, as an invited guest of the IVMF, the national veteran-owned business growth conference, Veteran EDGE, beginning March 7th, 2020 in Dallas, TX.
“We are very proud to receive such recognition within the close-knit veteran-owned business community. It speaks volumes to the incredible team we’ve assembled here at Netizen, with every military branch represented across a diverse group of team members located around the country and serving customers globally,” said Michael Hawkins, Netizen’s founder and CEO as well as a U.S. Army veteran himself.
About Netizen Corporation:
Netizen, America’s fastest-growing cybersecurity company and 47th fastest-growing private company in the country according to the Inc. 5000 list of the nation’s most successful businesses, is a highly specialized cybersecurity and compliance solutions provider that works with IT departments, information system owners/developers, defense contractors, and federal government agencies to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems. They also develop innovative cybersecurity software products that include the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), was founded in late 2013 and is headquartered in Allentown, PA with satellite offices in Arlington, VA, and Charleston, SC as well as field locations in areas including Orlando, FL, and Huntsville, AL. They have been named one of the nation’s Best Workplaces by Inc. Magazine and are a recipient of other notable awards including the U.S. Department of Labor HIRE Vets Platinum Medallion, Lehigh Valley Veteran-Owned Business of the Year, and Charleston Defense Summit Innovation Spotlight. Their commercial-focused subsidiary, CyberSecure Solutions, is also trusted to engineer, audit, and maintain cybersecurity solutions for businesses of nearly every size and type worldwide. Learn more at Netizen.net.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has received the HIRE Vets Platinum Medallion award from the U.S. Department of Labor for the hiring, retention and training of military veterans all over the country. Over 50% of Netizen’s employees nationwide are veterans and Netizen provides training, college scholarships, and paid internships to help veterans obtain careers in high-demand technical fields. This is the second year in a row that Netizen has been a recipient of this prestigious award.
The HIRE Vets Medallion program was established under the Honoring Investments in Recruiting and Employing American Military Veterans, or HIRE Vets, Act signed into law on May 5, 2017 to recognize employers who hire, retain and support military veterans. The Platinum Medallion is the highest level of award a company can receive for this program and the citation states that “[Netizen] has demonstrated a model of patriotism worthy of praise as well as a recognition of the value veterans bring to the workplace.”
“Our goal has always been to be known as a company that recognizes the special talents that military veterans in particular bring to the workforce, and this award is clearly demonstrative of that for the second year in a row,” said Michael Hawkins, Netizen’s founder and CEO as well as a U.S. Army veteran himself.
About Netizen Corporation:
Netizen, America’s fastest-growing cybersecurity company and 47th fastest-growing private company in the country according to the Inc. 5000 list of the nation’s most successful businesses, is a highly specialized cybersecurity and compliance solutions provider that works with IT departments, information system owners/developers, defense contractors, and federal government agencies to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems. They also develop innovative cybersecurity software products that include the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), was founded in late 2013 and is headquartered in Allentown, PA with satellite offices in Arlington, VA, and Charleston, SC as well as field locations in areas including Orlando, FL, and Huntsville, AL. They have been named one of the nation’s Best Workplaces by Inc. Magazine and are a recipient of other notable awards including the U.S. Department of Labor HIRE Vets Platinum Medallion, Lehigh Valley Veteran-Owned Business of the Year, and Charleston Defense Summit Innovation Spotlight. Their commercial-focused subsidiary, CyberSecure Solutions, is also trusted to engineer, audit, and maintain cybersecurity solutions for businesses of nearly every size and type worldwide. Learn more at Netizen.net.
Allentown, PA: Netizen Corporation, a specialized provider of cybersecurity and related solutions for defense, government and commercial markets, was recently certified as ISO 9001:2015 compliant on August 23rd by Intertek, a reputable assurance, inspection, product testing, and certification company. The ISO 9001 standard is defined as the international guideline which specifies detailed requirements for a robust formal quality management system. Organizations that can adhere to this standard demonstrate an ability to consistently provide products and services that meet or exceed customer, industry, and regulatory requirements.
Another certification that Netizen currently possesses is ISO 27001:2013 for its advanced Information Security Management programs. The scope of each ISO certification includes the provisioning of cybersecurity products and services for customers worldwide. Netizen originally earned the ISO 27001 certification in 2018 and recently passed its annual audit to validate the company’s adherence to that standard.
“We are already renowned for the high level of quality, skill, and expertise that we offer customers and, now that our quality assurance processes are formally validated as adhering to strict international standards and guidelines, our customers can be certain that the products and services they receive from us will always be top-tier,” said Michael Hawkins, Netizen’s Founder and Chief Executive Officer.
About Netizen Corporation:
Netizen, America’s fastest-growing cybersecurity company and 47th fastest-growing private company in the country according to the Inc. 5000 list of the nation’s most successful businesses, is a highly specialized cybersecurity and compliance solutions provider that works with IT departments, information system owners/developers, defense contractors, and federal government agencies to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems. They also develop innovative cybersecurity software products that include the award-winning Overwatch Governance Suite and open source AutoSTIG tools.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), was founded in late 2013 and is headquartered in Allentown, PA with satellite offices in Arlington, VA, and Charleston, SC as well as field locations in areas including Orlando, FL, and Huntsville, AL. They have been named one of the nation’s Best Workplaces by Inc. Magazine and are a recipient of other notable awards including the U.S. Department of Labor HIRE Vets Platinum Medallion, Lehigh Valley Veteran-Owned Business of the Year, and Charleston Defense Summit Innovation Spotlight. Their commercial-focused subsidiary, CyberSecure Solutions, is also trusted to engineer, audit, and maintain cybersecurity solutions for businesses of nearly every size and type worldwide. Learn more at Netizen.net.
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate source such as a company or a doctor’s office and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information or an attachment that downloads malware onto your system. The website is usually an elaborate duplicate of a trusted website designed to collect any information you provide and send it to the malicious actors behind the scam. Phishing attempts usually carry a sense of urgency and the message attempts to persuade the victim to act quickly without rational decisions. The following is an example of a phishing email that was received in our office.
Take a look below:
The phishing email claims to be an outstanding invoice that is due to be paid by the company. However, there are some suspicious factors that show the email to be fake and possibly a phishing attempt.
Some tell-tale signs that raise suspicions:
The phishing email comes from a suspicious address that was not recognized by the recipient.
Authentic automated emails do not typically have grammar and spelling issues.
The recipient’s name was not addressed by the sender, seeming unprofessional.
The link seems very suspicious and attempts to download a file onto the target’s device once clicked. The file is almost certainly containing malicious code.
General Recommendations:
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
Do not give out personal or company information.
Review both signature and salutation.
Do not click on attachments.
Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
Cybersecurity Brief
In this week’s Cybersecurity Brief: Google Discovers Mass iPhone Hacking Attacks, Hacking Group Targets Vulnerable WordPress Plugins
Google Discovers Mass iPhone Hacking
Google recently discovered hackers have been compromising websites with exploits aimed at iPhone users for approximately three years. The exploits place a monitoring implant on iPhones that don’t require user interaction upon visiting a compromised site. “There was no target discrimination;” Ian Beer, a researcher with Google’s Project Zero said “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.” Researchers identified 14 vulnerabilities that impact iOS 10 through iOS 12.
The implant steals files and uploads real-time location information and can access photos, contacts, GPS data, credentials, certificates, access tokens, and unencrypted messages. Once a compromised phone is rebooted, however, the implant won’t run again until the device is re-exploited through visiting a compromised site. That said, things could still get a bit tricky once a phone is implanted as Beer notes, “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.” Once your data has been compromised, it about mitigating any potential damages.
General Recommendations: To avoid future incidents, update your devices frequently, be careful of opening messages from people you don’t know, and be sure to closely monitor your accounts after any data breach.
A hacker group is exploiting vulnerabilities in more than 10 WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The hacking group exploited the vulnerabilities in older plugins used in WordPress to create a backdoor on the vulnerable sites. The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. The purpose of the code was to show popup ads or to redirect incoming traffic to other websites. However, the hacking group began shifting its focus onto WordPress Users and Site Admins. The malicious code was altered to begin testing new website visitors for administrative privileges. Basically, the malicious code waited for site owners to access their websites and used their access to create a new user account with the admin account named wpservices, using the email address of wpservices@yandex.com, and password of w0rdpr3ss.
These attacks are targeting older vulnerabilities in the following plugins:
Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-booking, nd-travel, nd-learning, et. al.)
General Recommendations: Site administrators are advised to update their website plugins and patch all security updates if they are using one of the previously mentioned plugins. Additionally, check the Admin usernames registered on their sites and removing any usernames that are not authorized by your organization.
No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity.
CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.
CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Phishing attempts are often carried out with the purpose of tricking the target into downloading or accidentally running a malicious script on their devices. This example of a phishing attempt that was received in our office poses as a voice-message with a high importance tag. The urgent message, coupled with obscure details, can appeal to the victim’s curiosity and cause them to click on the infected link.
Take a look below:
Some tell-tale signs that raise suspicions:
The phishing email comes from a suspicious address that was not recognized by the recipient.
The recipient’s name was not addressed by the sender, seeming unprofessional.
Authentic automated emails do not typically have grammar and spelling issues.
The link seems very suspicious and attempts to download a file onto the target’s device once clicked. The file is almost certainly containing malicious code.
General Recommendations:
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
Do not give out personal or company information.
Review both signature and salutation.
Do not click on attachments.
Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
Cybersecurity Brief
In this week’s Cybersecurity Brief: Towns Across Texas Targeted in ‘Coordinated’ Ransomware Attack, European Central Bank Suffers Data Breach
Texas Municipalities Targeted in ‘Coordinated’ Ransomware Attack
Texas State Capitol building in Austin, Texas. This week, state officials confirmed that 23 municipalities have been infiltrated and ransom demanded.
Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 23 municipalities have been infiltrated by hackers demanding a ransom. The Texas Department of Information Resources (DIR) issued a statewide alert on Aug. 16 warning towns and cities across the state about the attack campaign. “The attack hit Friday morning and appears to be the work of a single threat actor,” the DIR said in a statement on Aug. 17. Later that day, Texas government officials activated a multi-organizational task force, including the Department of Information Resources (DIR), the Texas A&M University System’s Security Operations Center (SOC), the Texas Department of Public Safety, and emergency and military responders. The response to the attack was deliberate and required immediate action due to the nature of the attack, which seems to have been a rare coordinated attack on a government entity.
The hacker seems to have been able to infiltrate the network environment of these municipalities through a coordinated phishing email attack sent to the employees of these entities. The coordinated attack against Texas’ local governments represents, arguably, the most brazen ransomware operation to date. While ransomware attacks are becoming more targeted, a single coordinated attack against a state is rare. Sometimes, local governments see no other option to restoring their crippled networks than paying the ransom demanded by hackers. In Lake City, Fla., a town of about 12,000 residents, officials paid $460,000 in the form of bitcoin, the preferred payment method among cyber attackers. State authorities have not yet disclosed where exactly the attacks were based or how many computers have been swept up in the breach, meaning it is not yet known what services or data might have been compromised.
The European Central Bank (ECB) has confirmed that it has suffered a breach that involved attackers injecting malware and led to a potential loss of data. The website for the Banks’ Integrated Reporting Dictionary provides information to those preparing regulatory and statistical reports. BIRD began in 2015 and was a joint project by the Eurosystem of eurozone central banks and the banking industry. In a statement published August 15, the ECB confirmed that “unauthorized parties” had succeeded in breaching the security of its Banks’ Integrated Reporting Dictionary (BIRD) website. The site, hosted by an external provider, appears to have been attacked in December 2018, according to a Reuters report. The breach was discovered months later as routine maintenance work was being undertaken. Information that could have been stolen in the potential breach includes email addresses, names, and titles. It is important to note, however, that the affected site was isolated from the ECB’s internal systems, which minimizes the threat to only the BIRD site.
In an official statement, the ECB said they are contacting people whose data may have been affected. Central banks from Malaysia to Ecuador have been targeted by hackers in recent years. One of the world’s biggest ever cyber heists took place in 2016 when fraudsters stole $81 million from the central bank of Bangladesh’s account at the New York Fed using fraudulent orders on the SWIFT payments system. For months, the hackers had been lying undetected on the European Central Bank’s BIRD website and could have gone undetected for even longer. Without the proper threat detection measures, the damage done could have been much worse.
No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity.
CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.
CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 certified provider of cyber security and related solutions for defense, government, and commercial markets, was ranked by Inc. Magazine as one of the top 50 fastest growing companies in the United States. Netizen placed 47th overall on the Inc. 5000 list of the nation’s fastest-growing businesses. They are the nation’s fastest growing cyber security company, the 2nd fastest growing company in all of Pennsylvania, and one of the fastest growing Veteran-Owned companies in the entire country with three-year revenue growth of over 5,638%. This is also the highest ranking and fastest growth that a company based in the Lehigh Valley region of Pennsylvania has ever achieved on the Inc. 5000 list, according to published records from the official program website.
The list represents a unique look at the most successful companies within the American economy’s most dynamic segment— its independent small and midsized businesses. Companies such as Microsoft, Dell, Pandora, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees of the Inc. 5000.
“Along with a spate of other recent accolades, being ranked in the highest tiers of the Inc. 5000, Inc. 500, and Vet50 lists is perhaps the truest testament to the capabilities of our world-class team,” said Michael Hawkins, Netizen’s President and CEO. He added, “I attribute much of this success, and our being the nation’s fastest growing cyber security company, to our process-focused, employee-centric, and innovation-nurturing corporate culture which provides unmatched career growth opportunities for ambitious professionals and superior products and services for customers.”
Max Harris, Netizen’s Chief Business Development Officer and a company principal, said, “Building long-term relationships has been another key driver in the company’s growth. Nurturing these relationships with current and potential customers as well as partner companies by sharing advice, innovation, and insights without any expectation of an immediate return allows us to set the standard for excellence for the markets we operate in and stand apart from any competitors.” He added that Netizen wishes to thank all its customers and partners, especially those who have been working with the company since its earliest days, for helping contribute to the company’s success.
Company representatives and ownership will be attending the Inc. 5000 Conference & Gala this October 10th through 12th in Phoenix, Arizona. As an Inc. 500 awardee, which is reserved for the top tier of companies on the Inc. 5000 list, Netizen will be profiled at the Gala and featured in the September 2019 issue of Inc. Magazine.
About Netizen Corporation:
Netizen is a highly specialized cyber security and compliance solutions provider that works with IT departments, information system owners/developers, defense contractors, and federal government agencies to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems. They also develop innovative cyber security software products that include the award-winning Overwatch Governance Suite and open source AutoSTIG tools.
Netizen, a certified Service Disabled Veteran Owned Business (SDVOSB), was founded in late 2013 and is headquartered in Allentown, PA with satellite offices in Arlington, VA and Charleston, SC as well as field locations in areas including Orlando, FL and Huntsville, AL. The company has also been named one of the nation’s Best Workplaces by Inc. Magazine and is a recipient of other notable awards including the U.S. Department of Labor HIRE Vets Platinum Medallion, Lehigh Valley Veteran-Owned Business of the Year, and Charleston Defense Summit Innovation Spotlight. Their commercial-focused subsidiary, CyberSecure Solutions, is also trusted to engineer, audit, and maintain cyber security solutions for businesses of nearly every size and type worldwide. Learn more at NetizenCorp.com and goCyberSecure.com.
FOR IMMEDIATE RELEASE: POINT OF CONTACT:
August 14, 2019 Rocco Zegalia, VP of Sales and Marketing
For this week’s Phish Tale of the Week, we’re taking a look at the phishing email that was sent to our HQ office that claims to be a promotional advertisement for Costco Wholesale. The message was quickly flagged by our scanners and reported as a phishing attempt.
Take a look below:
Some tell-tale signs that raise suspicions:
The first sign shows a “From” email address that clearly does not belong to Costco.
There are numerous examples where there are grammar and spelling errors.
Another tell-tale sign shows us a lack of branding on the email and nothing referring to a Costco website.
General Recommendations:
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
Do not give out personal or company information.
Review both signature and salutation.
Do not click on attachments.
Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
Cybersecurity Brief
In this week’s Cybersecurity Brief: Destructive Cyber-attacks are on the Rise, U.S. Utilities are Being Targeted by State-Sponsored Hackers
Destructive Cyber-attacks are on the Rise
In recent years, the amount of cyber attacks that have targeted state and local governments, municipalities, school districts and federal institutions has been steadily increasing. These attacks are usually carried out with the intent to cause severe damage and destruction to critical files and data, rendering the organization completely exposed. These attacks are categorized as Destructive Malware attacks. A new study by IBM’s X-Force Incident Response and Intelligence Services shows that these attacks have not only been on the rise, but are also being conducted by cyber-criminals and not exclusively by state-sponsored hackers (more on state-sponsored hacking later in the bulletin). The popularity of these attacks has been increasing in part due to the high paying ransoms that these affected companies are dishing out to resolve the issues and unlock their files from ransomware.
By the numbers, these attacks have increased by nearly 200% percent, according to IBM’s study. The analysis paints a bleak picture that highlights just how destructive these attacks are. For one, these destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million). Even more, these attacks can take up to 500 hours to be remediated, given that the organization has an incident response plan (IRP) and an in-house Security Operations Center (SOC). For those victims that lack the resources, it can take much longer to get back up and running, often incurring extra costs to hire a third-party company to aid in the remediation. These attacks do not seem to be slowing down and organizations that fail to be prepared might find themselves the next victim.
To read more about the IBM X-Force Study, click here.
U.S. Utilities Hit with Malware Attacks
You might have heard of the existence of nation-state hackers and their deployment by various countries looking to expose the secrets of other nations, often attacking business or state government organizations. Their activities are usually hidden and well-covered, often being part of a “hacker army”. Recent events like the suspected Russian hacking into U.S. Political elections have brought these hackers to light. Nation state hackers often operate without any consequences from their home country and usually have close links to the military, intelligence or state controlled apparatus of their country, and a high degree of technical expertise.
Recent attacks targeting U.S. utilities again seem to be the work of nation-state hackers looking to gain valuable data or information. These attacks were carried out via phishing emails and tricked employees of these organizations into clicking on an attached Word document that infected their computers with a remote access Trojan and command-and-control proxy. The RAT and proxy appear to originate with a nation-state actor rather than a financially motivated criminal organization. Researchers at ProofPoint found that the LookBack malware and many of the macros used in the campaign look very similar to tools used in a 2018 campaign against Japanese businesses. LookBack malware is a remote access Trojan written in C++ that relies on a proxy communication tool to relay data from the infected host to a command and control IP. Its capabilities include an enumeration of services; viewing of process, system, and file data; deleting files; executing commands; taking screenshots; moving and clicking the mouse; rebooting the machine and deleting itself from an infected host.
The Big Picture:
No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity.
For more on nation-state hackers, click here. To read more about the attacks, click here.
CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.
CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
d commercial markets, has received the HIRE Vets Platinum Medallion award from the U.S. Department of Labor for the hiring, retention and training of military veterans all over the country. Over 50% of Netizen’s employees nationwide are veterans and Netizen provides training, college scholarships, and paid internships to help veterans obtain careers in high-demand technical fields. This is the second year in a row that Netizen has been a recipient of this prestigious award.
Netizen Blog and News 
You must be logged in to post a comment.