Netizen is an award-winning ISO 27001:2013 and ISO 9001:2015 certified Service Disabled Veteran Owned (SDVOSB) company specializing in cybersecurity with offices and locations around the country. Our work is truly global as we support customers all across the U.S., Europe, Middle East, and Asia. We are America’s fastest growing cybersecurity company in 2019 and a national “Best Workplace” according to Inc. Magazine. We also received the Department of Labor HireVETS Platinum Medallion for our veteran-focused hiring, training, and retention programs in addition to numerous other accolades.
Allentown, PA: Netizen Corporation’s Founder and CEO, Michael Hawkins, has been named to the “Power 100” list of the Lehigh Valley region’s most influential people by Lehigh Valley Business. According to the publication, the inaugural Power 100 list is “a showcase of power players who are leading the Greater Lehigh Valley community into the future. They are business owners, CEOs, lawyers, public servants and elected officials…who make decisions that impact lives, inspire success and spark innovation.” The Lehigh Valley is one of the fastest growing areas in Pennsylvania and the northeastern United States. With a population nearing one million people, the area has been routinely cited as a national success story for its robust growth and development.
The recipients of this prestigious award were hand selected by a special Lehigh Valley Business editorial panel who took into consideration those individuals who make our laws, build our homes and highways, protect our health and safety, educate our children, support the vulnerable, and provide the spark that inspires innovation and economic growth. An individual profile for each recipient was published in the March 29th edition of the publication both online and in print.
“I am beyond humbled to have been recognized for such a prestigious accolade and counted amongst such an incredible cohort of leaders and professionals from across this amazing region,” said Michael Hawkins. He added that Lehigh Valley Business also published a custom print and online profile for each recipient, and his can be found at https://www.lvb.com/michael-wayne-hawkins/.
About Netizen Corporation:
America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.
On March 2nd 2021, tech giant Microsoft announced that they had uncovered major vulnerabilities in their popular mail server Microsoft Exchange. In a later statement, Microsoft announced that a Chinese-backed group known as Hafnium had begun exploiting these vulnerabilities which lead to an immediate response from Microsoft to warn all Exchange users. Shortly after this announcement, Microsoft released a patch for Exchange versions 2010, 2013, 2016, and 2019 effectively remedying these vulnerabilities in the update. With Microsoft Exchange being used across the world, it is believed that over 250,000 different organizations were affected by this hack. In the past, Hafnium has targeted U.S based institutions such as defense contractors, think tanks, and NGO’s. Currently, the motives of Hafnium are still unknown, but experts believe that this is only the beginning of a massive security breach across numerous companies.
How Did we Get Here?
Microsoft was made aware of four zero-day vulnerabilities in their widely used mail service, Exchange, in early January 2021 by an incident response company known as Volexity. Volexity detailed that numerous threat actors had begun exploiting these vulnerabilities across Exchange to gain access to information and data from a litany of companies. This information comes after Microsoft was warned by The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) that hackers were targeting a critical vulnerability found in Exchange in April of last year.
The four zero-day vulnerabilities known together as ProxyLogon, target on-premise Exchange Servers through version years 2013, 2016, and 2019. However, Microsoft stated Exchange Online and Office 365 are not affected by these vulnerabilities. The first of these vulnerabilities is a server-side request forgery or SSRF for short. This vulnerability could allow an unauthenticated remote actor to send a specially crafted HTTP request to a vulnerable Exchange server to harvest the contents of users’ mailboxes. Another vulnerability that is being exploited is an insecure deserialization vulnerability. If paired with another vulnerability or an employee’s credential, an outside threat-actor could gain access to code within Exchange that can provide system level access. The final two vulnerabilities are both post-authentication arbitrary file write vulnerabilities. If an attacker was able to first gain authentication into the Exchange server, they could then write to any files on the vulnerable server. If left unpatched, these vulnerabilities can lead to a hacker being able to create a web shell to hijack the system and execute commands remotely.
What does this mean?
This hack has exposed numerous vulnerabilities across Microsoft’s Exchange email server. While the initial breach was conducted by a Chinese state-sponsored group known as Hafnium, other groups have begun to join in the frenzy. Experts believe that up to ten other hacker groups have started to exploit these vulnerabilities to on-premise Exchange servers across the globe. While Microsoft has yet to release what they believe was the goal of this hack, it is clear these attackers were looking to gain system wide access and harvest key user account information. This information includes emails, address books, and other account specific data housed on the Exchange servers.
What is the solution?
No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.
For any organization directly affected by this attack or that uses an on-premise version of Exchange, immediately apply the security fixes that Microsoft has released. Microsoft has also released the Microsoft Exchange On-Premises Mitigation Tool that was designed to assist consumers that may not have the proper IT infrastructure or staffing to help with damage control from this breach. Following the initial patch, contact your managed serviced provider or IT department to determine what information may have compromise across your systems.
While there was no warning of this attack for most companies, businesses can look to better secure their networks through round-the-clock network monitoring, network segmentation, routine assessments, and proper evaluations of third-party software. Effective network segmentation would make sure that even if a threat actor was able to gain access to your systems, there would be security measures in place to make sure they weren’t able to get past their initial entry point.
As always, a culture centered around basic cyber hygiene can go a long way towards containing future attacks and mitigating the damage caused by them. Make sure to use strong, unique passwords for every account and never duplicate passwords. This way, if employee credentials are stolen, they don’t unlock more access to multiple sites. Also be mindful of what you click on when scrolling through emails or the internet. In many cases, the first point of attack is through an email or attachment. If you think something looks suspicious, immediately report it to your network administrator or IT staff. Cybersecurity starts at the ground level. Organizations need to prioritize cybersecurity training for all employees to teach better cyber habits and secure their networks.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity and related solutions, is part of a team led by VetsEZ Inc. that has been awarded the Department of Veterans Affairs (VA) Community Care Product Line (CCPL) support task valued at $75,000,000 over three years. The scope of the contract includes Software Development Security Operations (DevSecOps) support and Essential Scaled Agile Framework (SAFe) engineering solutions to aid the VA in restructuring and combining it’s various CCPL technical support programs. This will ultimately enhance the security and efficiency of relevant VA software and systems to best serve the nation’s veteran population in community care settings.
Netizen provides solutions under this contract, which began March 1st, including software security operations support for one of the VA’s most in-demand, complex, and critical nationwide programs. As such, they anticipate hiring for multiple new positions in coming weeks. Previously, Netizen also served as an expert technical and cybersecurity advisor for the Lehigh Valley Health Network’s Veteran Health Program (VHP), which was one of the first efforts of its kind anywhere in the nation to pilot the secure sharing of veteran treatment data with private sector care providers through the VA’s Community Care Network, known previously as the “Veterans Choice Program.”
“This is the type of effort that we, as a veteran-owned company, hold near and dear to our hearts. The solutions we provide here will directly aid in the provisioning of more accessible, efficient, and secure care and benefits for our nation’s veterans,” said Michael Hawkins, Netizen’s CEO and a U.S. Army veteran. He added that this effort will also strengthen the company’s capabilities in DevSecOps, which is a practice designed to improve the security, quality, and reliability of mission-critical software systems.
About Netizen Corporation: America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.
POINT OF CONTACT Doug Ross Chief Strategy Officer (CSO) 1-800-450-1773 doug.ross@netizen.net#####
U.S issues warning after Microsoft says China hacked its mail server program
Ransomware as a service is the new big problem for business
How can Netizen help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Apple customers. This email appears to be a notification about a status update for your Apple account. This email contains Apple’s logo as well a link to fix this issue right in the email, so why not click “verify your account”. Unfortunately, there’s plenty or reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender address. Big corporations like Apple will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous ones you’ve received and make sure the sender address is the same.
The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that some of our account information appears to be missing or incorrect. We are then given 24 hours to remedy this issue. Phishing campaigns like this will almost always attempt to create urgency by requiring a response in a short time period. Additionally, they are asking for our information which should already be on file. Remember, never give out any of your personal information to random links on the internet.
For Apple specific recommendations find more here.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
U.S issues warning after Microsoft says China hacked its mail server program.
The U.S government released an emergency warning shortly after Microsoft announced they had caught a group hacking into Microsoft Exchange, a mail and calendar server program. In Microsoft’s initial investigation they believe to have uncovered the origins of the hacker group and “with high confidence” believe them to be working for the Chinese Government. This ploy, seen as another escalation of cyber espionage between China and The United States promoted the U.S Cybersecurity and Infrastructure Security Agency, or CISA for short, to issue an emergency directive requiring all government entities to update their Exchange servers immediately. In the past, CISA has rarely taken such direct action in exercising its authority as the country’s premier agency on cybersecurity. In a statement to the public, CISA reported “The move way necessary, because the Exchange hackers were able to gain persistent system access”. From time of the emergency directive going out, government agencies will have until noon Friday, March 12 to download the latest software update.
In a separate statement, Microsoft’s Vice President Tom Burt warned the public that these hackers were spying on a wide range of American targets. Businesses from defense contractors to law firms and diseases research centers were included in the brief from Microsoft. At this time Microsoft believes that no individual consumers were targeted in the reported hack on Exchange, but would like to caution everyone to add an added level of scrutiny to any correspondences over their mail servers.
While no significant exploitation or damage to government computer networks was detected in this hack, experts believe these events will grow more frequent in the coming months. This event marks the second time in the past few months that the U.S has had to react to a widespread hacking campaign from foreign actors. The Department of Homeland Security and CISA are still reeling from late last year’s SolarWinds breach that saw hundreds of companies and government agencies affected by a similar hack.
To read more about the latest Microsoft breach, click here.
Ransomware as a service is the new big problem for business.
Imagine a service where instead of having to plan a heist and go in-person to rob a bank, criminals could rob the bank without ever stepping foot into it. For many businesses, this scenario is beginning to sound more and more familiar with ransomware as a service rising in sectors like education, public health, and manufacturing. Ransomware as a service or (RaaS) for short is the use of predeveloped malware that is then leased or sold from one threat actor to another and then distributed in malicious ransomware campaigns to either individuals or companies alike. What makes RaaS so dangerous is that it empowers relatively low-skill hackers and gives them the opportunity to pay for malware that they would not have been able to create on their own.
Researchers at cybersecurity company Group-IB have determined that almost 66% of ransomware attacks that were conducted in 2020 came from criminals using RaaS. What is even more alarming is that ransomware affiliate schemes are on the rise as well with 15 new affiliate schemes appearing in 2020. These affiliate programs allow developers of malware to spend their time developing their viruses instead of worrying about where to deploy them, while also lowering the initial risk these developers face. In turn, affiliate programs allow want-to-be hackers the tools and techniques of successful ransomware campaigns without needing to have prior knowledge of malware development or how best to distribute it.
With companies making the switch to largely remote work environments in 2020, we saw an increase in the number of publicly accessible RDP servers. Many of these servers became the initial points of access for ransomware operators. Thankfully, there are a few precautions companies can take to help mitigate their risk of attacks like this happening in the future. One of the first precautions is for companies to implement more stringent password requirements to access their RDP servers. Having strong and unique passwords for different accounts means that one password will not be the key that opens up every door. Another security measure we would recommend is to restriction the IP addresses that can access your RDP connections and setting limits on the number of login attempts over a certain period of time. Finally, adding multi-factor authentication security protocols would help limit access to high-value data and create a second step to gain access to any information. All these security measures coupled with a culture centered around cybersecurity are great steps towards keeping your business secured in 2021.
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Earlier this month, a Florida wastewater treatment plant’s computer system was compromised by an unknown threat actor. This hacker was able to remotely gain access via an employee’s login credentials and attempted to alter the chemical composition of the public water supply to dangerous levels. Thankfully, a plant operator was watching this all unfold and quickly reversed any changes made to the water supply before they went into effect.
How did we get here?
Experts believe the hacker gained remote access to the water treatment plant’s system by stealing employee login credentials. These credentials were then used to access software on the system known as TeamViewer. TeamViewer is a relatively common application for many industries making the switch to remote work. This app allows the user to access a computer system remotely and operate as if they were there operating the system manually. Normally, TeamViewer is used for a variety of tasks from troubleshooting common IT problems to making remote network changes. In this instance, the hacker gained access to Oldsmar, Florida’s water treatment center through TeamViewer and attempted to modify the levels of Sodium Hydroxide, or lye in the city’s water supply. The change in the water levels took the lye levels from 100 parts per million to 11,100 parts per million which would have contaminated the water to a drinking level that would have been poisonous. An operator at the water treatment facility noticed someone attempting to gain access remotely to the system earlier in the day and thought it suspicious. When the same activity occurred later that afternoon and the lye levels were raised, he quickly reverted the changes and notified his supervisors that a breach had occurred.
What does this mean?
While attacks like this are growing more and more common, businesses and government entities need to prioritize cybersecurity. The growing shift in remote work has created a litany of potentials threats for IT Teams to worry about. This shift has also led to the reliance in some third-party applications and tools that when paired with compromised employee credentials can be detrimental to an organization. Another issue that has arisen is that the digitalization of the utility industry and their push to make remote work more accessible has made them more susceptible to outside attacks. While larger facilities, such as those outside of major metropolitan areas already have more complex security measures, many of these smaller centers do not have the same level of security.
What is the Solution?
No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021. Additionally, local governments need to reassess how secure many of their utility facilities are and what is the likelihood of an outside breach. This reassessment coupled with round-the-clock monitoring, network segmentation, and routine assessments are a great step forward to help prevent these attacks in the future and mitigate the damage if they are successful.
Looking past this, a culture centered around basic cyber hygiene will go a long way towards preventing these attacks. Starting at the ground level, companies and government organizations should look to implement cybersecurity training when employees first get onboarded. Additionally, Netizen protects critical IT infrastructure for companies large and small. Companies are able to leverage our proven cyber expertise, advanced tools, and 24/7/365 Security Operations Center (SOC) monitoring at an affordable cost. We also offer a suite of tools, named Overwatch, that continuously scans networks, systems and applications to uncover and track risks and compliance issues.
New cybersecurity hirings in the new administration.
Looking for cybersecurity experts? Consider hiring veterans.
How Can Netizen Help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting business/work emails offering an “invoice” as their way in. At first glance, this email masquerades as an everyday dealing in the business world, with either a client or business sending an invoice to your inbox. Unfortunately, this invoice is not as it may seem to be and should not be clicked on.
Take a look below for our reasons why:
The first red flag on this email is the sender address. Always be hyper-vigilant when receiving emails from an unknown sender. A way to run this email through a quick authenticity check is by googling the sender address after the @.
The second warning sign in this email is the email title. The title is meant to disguise a malicious link, as an invoice that you may have been expecting from a different company. Always be sure to preview any documents before opening them on your computer.
The final warning sign for this email is the email thread itself. Most of the time, businesses will attach invoices or documents to previous email chains. The fact that this email isn’t attached to any, and really only just serves as a vessel to deliver an invoice is concerning. Remember, if something looks suspicious, report it to your IT admin or managed service provider for help.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
A focus on Cybersecurity in the new administration.
In the wake of one of the furthest reaching hacks in U.S history, President Biden has moved cybersecurity to the top of his agenda. Last week the president announced that he plans to create a new cybersecurity task force headed by Jen Easterly. Easterly was a former special assistant to the Obama administration and was senior director for counterterrorism on The National Security Council. Easterly will be taking a step-back from her current role as head of resilience at Morgan Stanley to lead this newly-created team. Her hiring comes days after multiple news outlets reported that the worst of the Solar-Winds hack has still yet to be uncovered.
What does this mean?
This new agency will focus on improving the United States’ cybersecurity response and readiness. Experts believe that attacks like Solar-Winds may occur more frequent now that the world has seen our response to the most recent attack. “The United States remains woefully unprepared for 21st century security threats – the establishment and prioritization of a DNSA for Cyber and Emerging Tech on the NSC indicates the seriousness the Biden Administration will afford to addressing these challenges,” said Phil Reiner, chief executive of the Institute for Security and Technology. This quote by Reiner reaffirms just how necessary more cybersecurity spending is to focus on new and existing threats The United States currently faces.
In addition, Biden plans to nominate Rob Silvers to replace out-going Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency head Chris Krebs. Silvers previously served as Assistant Secretary for Cyber Policy at the U.S. Department of Homeland Security where he focused on the development and implementation of new Cybersecurity strategies.
Rounding out the new hires is Anne Neuberger as Deputy National Security Adviser for cyber and emerging technology. This position was created to reaffirm the new administrations commitment to protecting our country and it’s businesses online. Neuberger comes from the National Security Agency where she has been lauded the past few years with exposing new hacking-methods from foreign nations to better understand how to prevent and combat them.
Looking for cybersecurity experts? Consider hiring veterans
Recently, jobs in cybersecurity have been in very high demand. In The United States alone there are over 1,000,000 openings across a vast array of companies. According to the latest Cybersecurity Workforce Study, The United States needs to increase the number of cybersecurity professionals by 145% to fill the openings currently in the workforce. The U.S Government Accountability office has proposed that companies should increase their internal efforts towards hiring veterans for these positions.
Why Veterans?
With over 200,000 members of the U.S military transitioning from active-duty to civilian life every year, U.S military members are one of the leading sources for new talent in the workforce. These men and women are well-versed in defensive tactics and are accustomed to continuous training that make them excellent candidates for most companies. Veterans are also trusted with advanced computer systems and technology while actively serving regularly. They understand that security is a priority in every company and can apply much of their military training and work ethic to help better secure businesses. While some employees may not see suspicious emails or external storage devices as potential threats, members of the military are constantly on the lookout for ways foreign actors can compromise systems.
How best to help?
Veterans possess many soft-skills such as problem-solving, critical thinking, and analytical skills that help make them ideal candidates. These soft-skills help tremendously in the onboarding and training process that many companies have new employees undergo. Many of these veterans have utilized computer systems when they were in the military and have plenty of skills employers are looking for. All employers need to do is look past their years of experience that can sometimes get lost in translation easily and look towards what kind of an employee they will be for their company. Will they show up on time, be accountable, and be trainable? If the answer is yes, then employers should start looking towards veterans to help fill the need in the cybersecurity workforce.
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Calling all top-tier performers looking to drive innovation forward. We favor a “can do” attitude, dedication to continuous learning, commitment to teamwork, and keen attention-to-detail.
Netizen, a national Inc. Magazine Best Workplace and HIRE Vets Platinum Medallion awardee, offers competitive pay and benefits plus ample flexibility, performance incentives, training, and career growth. Equal Opportunity Employer. Military Veterans/Family/Spouses welcome. We are constantly looking for the top industry talent to join our growing team.
On December 13, 2020 cybersecurity company FireEye announced they had discovered a state-of-the-art exploit that created a backdoor in SolarWind’s Orion application. This hack was then distributed to thousands of systems running this application as a routine update from the manufacturer. With no reason to suspect any issues, IT administrators all over the country unknowingly downloaded this malware onto their systems and the damage began. Over 18,000 of SolarWind’s customers were left compromised by this hack leaving many to wonder what the real damage was. In short, this is only the beginning.
How did we get here?
Although this vulnerability was discovered on December 13, 2020, experts believe these systems had been compromised since at least early March, with some even believing it had been over a year since these backdoors were installed. This vulnerability was first loaded onto the Orion application after installing what appears to be a routine update from SolarWinds. The malware then utilizes multiple blocklists to sweep the system and identify any third-party security tools or anti-virus software. Once the threat actors established that there was no imminent threat of discovery, the malware begins executing commands called “jobs” which can be anything from transferring and executing files, to disabling system services. The malware then begins remotely encrypting small amounts of data and combined this with regular analytical data to masquerade as legitimate traffic that would normally be shown in the Orion software. At the same time, the malware also attempts to spread across the network by pivoting from one compromised system to another, gaining a beachhead and then expanding across networks from there.
What does this mean?
While threat actors from foreign nations are not uncommon, the complexity and severity of this case is remarkable. For almost a year, foreign actors had remote access to systems in a litany of organizations, from members of the federal government such as the Department of Justice and State Department, to 400 of the Fortune 500 companies in The U.S. The sophistication of this attack also alludes to the idea that these hackers must have been sponsored by a foreign state agent. These attackers had ample time and resources to make sure they were not discovered for extended periods. Although an investigation into what exactly was stolen is still underway, many experts have ruled out monetary incentive as the primary goal of this attack.
This attack was seemingly executed to gauge the security readiness and response of our nation’s government and some of its most critical businesses. With an ever-changing geopolitical landscape, our nation-state adversaries may no longer appear as combatants on a battlefield. The next war will likely not be fought as much with so called “boots on the ground” but rather “bots on the network” as cyberspace quickly becomes a primary theater of warfare moving forward. In this theater of operations, however, geographic distance does not protect businesses and governments as it once did. Everyone is now a potential target.
What is the solution?
No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.
A lot of this type of attack may have been difficult to prevent in its totality given the level of sophistication, but effective round-the-clock monitoring, routine assessments, network segmentation, and proper evaluation of vendor software may help alleviate damage caused by such attacks. Proper segmentation of networks, data, and systems and having an effective data management plan is so crucial and may have even prevented expansion of this attack in many instances. Data management is the practice of classifying, protecting, controlling, and segmenting data and systems to prevent leakage or unauthorized disclosure of sensitive information. If implemented properly, it could thwart attempts by attackers to “pivot” across a network, even once they are inside the perimeter, thus containing any damage.
Beyond this, basic cyber hygiene can prevent so much carnage for routine attacks that are far more common. For example, stop using the same passwords on multiple sites or systems. If hackers get access to one set of account credentials, they will look to try these again and again to gain access to subsequent systems. Use a password manager to store strong and unique passwords to ensure that one password will not grant access to multiple sites. Also be mindful of what you are clicking that comes through email on as well. If you think an email or attachment looks suspicious, take no action, and report it to your information security representative. Many times, emails and attachments are used as the primary method to breach an organization’s systems. Cybersecurity starts at the ground level, too. Organizations should put much more focus on training their employees cyber-safe habits to foster a culture of security throughout the entire organization.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity solutions, has added Akhil Handa to the executive team and named him Chief Operating Officer (COO) of the company. Akhil is an experienced and highly respected senior executive in federal and defense markets. He has served in senior leadership roles with some of the most successful companies in the Washington, D.C. area before joining Netizen and has also worked in cybersecurity engineering and management. Akhil oversees company operations, strategic relationships, and solutions engineering at Netizen and is based at the company’s Washington, D.C. metro area (Northern Virginia) location.
Doug Ross, previously Netizen’s Director of Business Development and, prior to that, President and Founder of SPARC, LLC and Morgan6, LLC where he earned over $1 Billion in federal contracts for those companies, has been promoted to Chief Strategy Officer (CSO) at Netizen. In this role, he oversees all of Netizen’s strategic business development for key markets and also serves as advisor to the CEO. Doug is based at Netizen’s Charleston, South Carolina location.
Emily Dietrich Witmer, previously Netizen’s Administrative Officer, has been promoted to Director of Human Resources and Legal Affairs. Emily has been a licensed attorney since 2001 and is a graduate of Villanova’s Charles Widger School of Law with specializations in contracts, business law, and legal documentation. At Netizen she oversees and coordinates human resources, contract management, and legal affairs. Emily is based at Netizen’s Allentown, Pennsylvania headquarters location.
Additional details, photographs, and biographical information can be found for these team members on the Netizen website at https://www.Netizen.net/about/leadership.
About Netizen Corporation:
America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.
POINT OF CONTACT: Doug Ross Chief Strategy Officer (CSO) Phone: 1-800-450-1773 Email: doug.ross@netizen.net
Universities Across The Globe Attacked by Phishing Scam
How Can Netizen Help?
Phish Tale of the Week
Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Amazon customers. This email appears to be a security notification about “illegal transactions” that were made on your Amazon account and require immediate attention. This email contains Amazon’s logo as well a link to fix this issue right in the email, so why not click “verify now”. Unfortunately, there’s plenty or reasons not to click that email right away.
Take a look below:
The first red flag on this email is the sender address. Big corporations like Amazon will never email you outside of their company emails. Seeing that this email was from info@clersondemand.com and not a .amazon.com domain, its safe to say this might be a scam.
The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake invoice number to try to create legitimacy.
The final warning sign for this email is what is being asked in the email. This sender is requesting us to send back our name, address, and phone number registered on our credit card. Amazon would normally have all of this information already on file, so this raises suspicions immediately. Remember, never give out any of your personal information to random links on the internet.
For Amazon specific recommendations find more here.
General Recommendations:
A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
Verify that the sender is actually from the company sending the message.
Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
Do not give out personal or company information over the internet.
Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this week’s Cybersecurity Brief:
Senate Passes Internet of Things Cybersecurity Improvement Act of 2020.
The U.S. senate unanimously passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 without any amendments recently. Experts in cybersecurity are lauding the work of Will Hurd (R-Texas) and Robin Kelly (D-Ill) on this bill, calling it some of the most groundbreaking security law in decades. This bipartisan effort would require the federal procurement for and use of IoT devices to adhere to basic security requirements that NIST will be developing. This bill faced no opposition in either the house of representatives or the senate and is now headed to the President’s desk to be signed into law.
What does this mean?
This new act will create a basic set of security standards and practices for all IoT devices used or purchased by the federal government and its industrial base (vendors). One of the first caveats in the bill is that NIST will develop and issue a set of standards-based guidelines for the minimum security that IoT devices owned or used by the federal government and contractors must adhere to. Additionally, The Office of Management and Budget (OMB) must also construct requirements for commercial vendors that perform contract work involving IoT devices to meet information-security policies that are in line with these NIST guidelines. These contractors, IoT vendors, and federal agencies are also going to be required to create and implement a vulnerability-disclosure policy for IoT devices to assist in the reporting of bugs, vulnerabilities, or defects that may be uncovered.
This new act could have significant impacts on IoT resellers and manufacturers, but also has the added benefit of ensuring the security of internet-connected “smart” devices operating on federal government networks which are becoming more and more pervasive. These devices collect and parse data that could be considered highly sensitive, such as video, audio, and other. Developing a standard for IoT security will ensure that a common baseline can be leveraged by both industry and the federal government to ensure vulnerabilities and other threats (like intentional backdoors) are identified and dealt with promptly. . Netizen specializes in the validation, engineering, assessment, and authorization of classified and unclassified systems and devices in accordance with the NIST Risk Management Framework (RMF). We also offer an experienced team of cybersecurity professionals ready to help with any cyber or compliance issue that may arise.
Recently, a string of large-scale phishing attacks were carried out by an organization known as the “Shadow Academy” against some of the world’s most prominent universities. Victims of this attack include the University of Louisiana, University of Washington, University of Arizona, and Oxford University to name a few. Experts believe these attacks were planned to align with the back-to-school chaos that comes from students returning to campus at the start of this most recent fall semester.
How did this happen?
The beginning of the semester is always a busy time for most college students and employees. Work begins to pile up, schedules become full, and the last thing on everyone’s mind is checking which emails are from legitimate sources or not. This, coupled with a large amount of coursework being shifted online instead of in-person, has created a perfect storm for phishing campaigns. The “Shadow Academy” leveraged a technique called domain shadowing to construct harmful landing pages to harvest login credentials across numerous platforms. Some of these malicious domains near perfectly resembled your everyday email you see from popular services such as Facebook, Amazon, and Netflix. In addition to these traps, the “Shadow Academy” also created fake “phishing” emails that appeared to be from a target school’s financial aid department or library in an attempt to trick students and faculty into giving up their information.
What can be done to prevent this?
Netizen specializes in cybersecurity solutions including penetration testing, vulnerability assessments, advisory, and 24×7 monitoring. In addition to these services, we also offer social engineering and phishing campaigns in attempt to better prepare individuals with what to watch out for when they are using the internet. Netizen’s experienced team of cybersecurity professionals stands ready to help with any cyber or compliance issue that may arise, leveraging advanced tools, such as the award-winning Overwatch suite, and intelligent automation. A cost-effective cybersecurity monitoring program coupled with social engineering testing and employee training would help prevent such attacks by educating your staff on how to identify, handle, and report suspicious behavior.
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has once again been named one of the nation’s fastest-growing veteran-owned businesses by Inc. Magazine in partnership with the Institute for Veterans and Military Families (IVMF) at Syracuse University on their annual Vet100 list of the most successful veteran-owned companies in the United States. Netizen ranked #16 this year out of the top 100 veteran owned businesses nationwide and was ranked #2 in the country last year on the list.
Netizen was also ranked as the 184th fastest-growing private company and the second-fastest-growing cybersecurity company in the United States on the 2020 Inc. 5000 list of the nation’s most successful businesses. Last year, in 2019, Netizen was the 47th fastest-growing private company and fastest-growing cybersecurity company in the nation on this list. These are the highest rankings that a company based in the Lehigh Valley region of Pennsylvania have ever achieved on the Vet100 and Inc. 5000 lists, according to published records on the official program website.
Syracuse University’s IVMF is higher education’s first interdisciplinary academic institute, focused on advancing the lives of the nation’s military veterans and their families. As a result of this special recognition, Netizen leadership will be attending, as an invited guest of the IVMF, the national veteran-owned business growth conference, Veteran EDGE, sometime in October 2021 in Dallas, TX.
“We are very proud to receive such recognition within the close-knit veteran-owned business community. It speaks volumes to the incredible team we’ve assembled here at Netizen, with every military branch represented across a diverse group of team members located around the country and serving customers globally,” said Michael Hawkins, Netizen’s founder and CEO as well as a U.S. Army veteran himself.
About Netizen Corporation: America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.
The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.
Netizen Blog and News 
You must be logged in to post a comment.