Netizen Blog and News

Overview:

• Phish Tale of the Week
• T-Mobile Agrees to $500 million in 2021 Data Breach Settlement
• Idaho Universities helping fill Cyber Workforce Gap
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Louis Vuitton is offering a 90% off Limited-Time Offer. We are then prompted to “shop now” and follow the link below to the store. This email contains a note about with an enticing offer for discounted luxury merchandise, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the “Limited-Time Offer” notice below the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for this email is the large red “Shop Now” call to action. Threat actors use call-to-action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the target’s system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

T-Mobile Agrees to $500 million in 2021 Data Breach Settlement

Almost a year ago, telecommunications giant T-Mobile suffered another data breach. The company, which is no stranger to sub-par data security parameters and cybersecurity incidents, admitted to a data breach in August last year that saw PPI of over 76 million U.S residents scattered across the Dark Web. In this breach, hackers were able to retrieve the names, social security numbers, drives licenses numbers, physical addresses, and more from each of the affected individuals. Unfortunately for T-Mobile, this breach will end up costing them a lot more than just the reputation damage.

On Monday, reports began circulating that T-Mobile had reached a settlement agreement for the 2021 data breach. In fillings submitted to a federal district court in Missouri, T-Mobile has agreed to pay out $350 million to class action lawsuit claims stemming from the breach last year. T-Mobile has also agreed to invest over $150 million in the next two years to increase its data security practices and upgrade related technology.

If approved by the court, this settlement will resolve virtually all the claims brought against the mobile carrier by former, current, and prospective customers after the August 2021 data breach. This settlement will also safeguard T-Mobile from admitting any guilt or wrongdoing in this matter, with this civil agreement expected to be the last formal mention of last year’s cybersecurity incident.

Overall, information security experts worldwide are eager to see if any of the proposed $150 million investment in data security will materialize into actual defense upgrades. T-Mobile has a history of making grandiose claims following incidents similar to this, with four separate significant cybersecurity intrusions occurring at the organization in the four years.

To read more about this article, click here.

Idaho Universities helping fill Cyber Workforce Gap

Ransomware attacks and cybersecurity incidents have surged all across the country. Businesses of all shapes and sizes are being targeted at unprecedented rates. Before, larger, enterprise-grade companies were the main focus of threat actors, but the rise of ransomware attacks has brought smaller organizations into the mayhem. This increase in attacks has shown that every organization needs a plan to secure its information and bolster its cyber defenses. However, investing in outside information security firms or creating an in-house cybersecurity position can be costly for many businesses.

The problem mentioned above is where the Boise State University’s Institute for Pervasive Cybersecurity comes to the rescue. Students inside this program are paired with rural businesses and municipalities in Idaho and gain real-world experience on the frontlines of cybersecurity. Marlin Roberts, who manages the program, believes, “The days of being safe simply because you were small and unimportant are gone. The cybercriminals are interested in just about anything. The advent of ransomware has made it lucrative to go ahead and steal data to basically extort money from these entities.”

Luckily for businesses in Idaho, students at the Institute for Pervasive Cybersecurity have come to the rescue at the perfect moment. A CyberSeek report showcased that there are over 5,000 cybersecurity job openings in the state of Idaho, with over 3,500 of them in the Boise metro area. Companies that haven’t been able to fill these roles or that don’t have the funding for these positions can seek outside help through Boise State University’s program. This opportunity has been further expanded through additional funding via the Idaho Workforce Development Council. Earlier this month, Boise State University was awarded an $806,000 grant to double the number of students training in their CyberDome defense program.

Executive Director of the Council, Wendi Secrist, added, “One of the things the council is really interested in and focused on is, ‘How do we better integrate work-based learning into all forms of education?” This additional funding will further expand the program to assist more small businesses throughout Idaho and grant valuable experience to the students tasked with protecting these companies. Employers have repeatedly echoed that cybersecurity job seekers need real-world expertise when applying for positions. Certificates and grades are outstanding on a resume, but few IT managers and CISOs feel comfortable handing over the keys to their IT infrastructure to someone without practical experience.

Marlin Roberts believes that the additional funding to Boise State University’s program will expand the roles and responsibilities students in the CyberDome are able to learn. “It’s a winning combination,” said Roberts.

For more information, check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• Lithuania Suffers a Series of DDOS Attacks Following The Ban of Kaliningrad Imports
• Carnival Cruise Lines Hit With $5,000,000 Fine for Cybersecurity Incidents
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us to answer and win a new Makita Power Drill. We are then prompted to “get started now” to complete the survey for the free reward. This email contains a note about receiving a free drill for only a few minutes of our time, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the “expiring soon” notice above the main message. Phishing scams commonly use words like this to elicit a quick response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
3. The final warning sign for this email is the large red “Get Started Now” call to action. Threat actors use call-to-action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the target’s system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Lithuania Suffers a Series of DDOS Attacks Following The Ban of Kaliningrad Imports

Earlier today, Russian hacking group Killnet claimed responsibility for a denial-of-service (DDOS) cyberattack against Lithuania. This news breaks following reports earlier this month where Lithuania banned the transit of goods through their country to the Russian enclave of Kaliningrad, situated between Poland and Lithuania with no border touching Russian soil. State and private institutions in Lithuania were taken offline early Monday, June 27, 2022, after the National Cyber Security Centre released a statement detailing an ongoing cyberattack.

The spokesperson for Killnet announced that this series of DDOS attacks are in direct retaliation to the blocking of transit of goods sanctioned by the EU destined for Kaliningrad. Earlier this month, Moscow released a statement promising a “practical” response to the parties responsible for banning the movement of goods into Russia. Russia’s foreign ministry has since demanded a cease of the goods embargo of coal, construction materials, technology, and metals into their country. The ministry reaffirmed this sentiment in this statement:

“If in the near future cargo transit between the Kaliningrad region and the rest of the territory of the Russian Federation through Lithuania is not restored in full, then Russia reserves the right to take actions to protect its national interests.”

Information Security experts expect more DDOS attacks like this to increase in frequency in the new few weeks if Russia’s demands are not met promptly. Denial-of-service attacks work by flooding a website or server with a massive amount of fake traffic. These attacks overload the system, eventually shutting them offline, and can persist with continued efforts by the hacking group.

To read more about this article, click here.

Carnival Cruise Lines Hit With $5,000,000 Fine for Cybersecurity Incidents

The New York State Department of Financial Services levied a $5 million penalty on Carnival Corp, owners of the globally recognized Carnival Cruises brand, earlier this month. These sanctions follow previous reports that Carnival Corp. has misreported and not adequately responded to numerous cyber-attacks they have suffered over the last few years. In recent months, government and state regulators have urged corporations to treat matters of cybersecurity with urgency and have indicated fines and penalties will be imposed on companies that do not sure up their reporting and defenses.

In May 2019, Carnival suffered a series of phishing attacks where multiple email accounts were compromised and used to send out mass waves of spam to other employees. In total, threat actors gained access to 124 email accounts hosted on a Microsoft Office 365 email server and were able to extend their reach to other employee accounts. The attack saw a trove of PII exposed with drivers licenses, passport numbers, names, addresses, and social security numbers of multiple employees leaked. Following this incident, Carnival delayed its public response to the breach and failed to notify regulators till April 2020, almost eleven months after the initial cybersecurity incident. However, in 2017 New York imposed a new set of cybersecurity guidelines requiring all businesses to adhere to more stringent security and reporting requirements strictly.

Unfortunately for Carnival, cyber-attacks against their organization persisted with ransomware attacks hitting them in August 2020 and January 2021, a Christmas Day malware attack in 2020, and a second phishing attack in March 2021. Since Carnival recorded four incidents within a three-year period, The New York State Department of Financial Services found that Carnival did not adequately train its employees on cybersecurity basics. Additionally, the regulatory agency found that Carnival’s CISO made false certifications of their readiness from 2018-2020.

Following the announcement of these penalties, Carnival declined to issue any statement of wrongdoing, claiming:

“Carnival routinely reviews security and privacy policies and procedures and implements changes when necessary to enhance information security and privacy controls.”

Carnival has since agreed to a mutual settlement with the DFS and multistate Attorney Generals to create a breach response/notification plan, introduce multifactor authentication for remote email access, and increase their security training for all employees.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• U.S. Department of Justice reverses course on “White Hat Hacking”
• How Cybersecurity Could Impact the Global Food Supply Chain
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting debt holders. This email appears to be a notification alerting us that Freedom Financial can help us with large amounts of debt relief. We are then prompted to “get started now” to get our debt relief today. This email contains a note about getting personalized debt help and that we can get the relief we need today, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the lack of structure to the overall message. When comparing this message to other financial institutions there is a lack of security notices below the message and no email/phone number to reach out to, just a large “Get Stated Now” call to action.
3. The final warning sign for this email is the large red “Get Started Now” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further extortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S. Department of Justice reverses course on “White Hat Hacking”

The United States Department of Justice released new guidance last week that would change the organization’s stance on “White Hat Hacking.” The government agency previously used the Computer Fraud and Abuse Act (CFAA), which outlaws the unauthorized access of computers and network equipment to target malicious threat actors and good-faith security researchers alike. This act was widely criticized in the Information Security community, with many feeling that this sends the wrong message to the good guys.

For those unaware, black hat hackers are known as unethical hackers, resulting in most malicious cyberactivity against corporations. White hat hackers are considered ethical hackers, many of whom are forming IT professionals with a love for security which manifests in looking for flaws and exploits in websites, applications, and email servers.

Before changes in the CFAA, prosecutors would often lump both groups of hackers together at the behest of large corporations. They would view these individuals as malicious actors looking to tamper with and damage digital property without authorization from the target firm. In a change to this stance, the U.S DOJ announced that it is advising prosecutors not to use the CFAA to bring criminal charges against security researchers and enthusiasts. This change in tone received an outpour of support from members of the information security community.

Harley Geiger, senior director of public policy at Rapid7, had this to add “This is demonstration from DOJ that the conversation around good-faith security researchers, white hat hackers, has really changed in the past ten years,” The law will now be interpreted in a way to ensure that good-faith security research is not criminalized or viewed the same way as hackers poking around in systems without authorization.

This change in policy marks a monumental moment for information security in The United States. Legitimate digital intrusion from penetration testers, security researchers, and vulnerability assessors will no longer come under fire from the authorities. Deputy Attorney General Lisa O. Monaco had this to add “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The backbone of information security has always been the enthusiastic researchers and greater community who have worked together to make products and applications more secure from outside interference. This policy change will help usher in more collaboration between the private sector, public sector, and security researchers everywhere.

To read more about this article, click here.

How Cybersecurity Could Impact the Global Food Supply Chain

The past few years have shown just how interconnected, and reliant every country in the world is on one another. Supply chain issues from shipping constraints or bad harvests have drastically impacted the price of everything from corn to gasoline. With this in mind and the ever-growing presence of technology in multiple facets of life, could malicious hackers further disrupt the global food supply chain?

Just last year, JBS Meats, one of the largest meat fulfillment and processing centers in the United States, suffered a cyberattack, shutting down operations for a brief period. During this time, the price of bacon, chicken, and ground beef soared, with prices rising 25-30% on these items in some areas. For many families, a 25-30% increase in their grocery bill would be detrimental to their savings in addition to causing more budgetary constraints at home. Ultimately, JBS Meats ended up paying an $11 million ransomware payment to restore service to their facilities and continue operations. However, many in the security field think this may have proven concept for any threat actors looking for which industries to target next.

A recent report from the University of Cambridge tackled the cybersecurity flaws in AI technology used in the agricultural industry. The study found that many of the companies proposing revolutionary and life-changing solutions to modern farming problems are doing so without any real thought to the security of their products. Imagine a commercial farm in Iowa using an AI combine to harvest fields of corn. The product would be configured with the layout of the plot of lane and soil makeup in mind to ensure the most efficient harvest possible. What if a malicious threat actor found an exploitable vulnerability in the software the combine uses? The impact could be as small as an interruption in the harvesting process, maybe a plot of corn is destroyed in the process, but what are the implications if that vulnerability is exploitable in all machines using that same software?

This nightmare scenario has pressured many in the agricultural industry to invest heavily into researching security vulnerabilities in their products. One such company is John Deere, one of the leading manufacturers of commercial and industrial grade farming equipment globally. An ethical hacker going by the pseudonym Sick Codes alerted John Deere to a security vulnerability in their software allowing unauthorized access to machine data and company information. He quickly warned the company of this issue and urged them to emphasize the security parameters in their application development process. James Johnson, John Deere’s global chief of information security, was quick to retort to this vulnerability saying, “No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain.”

Efforts from organizations in the agricultural industry to better secure their products are a significant step forward in the fight against malicious cyber interference. Firms would be well-served to enlist the outside support of ethical hackers searching for security vulnerabilities in their software/products. The global food chain is volatile enough due to arising climate and geopolitical issues, security issues should be addressed not to add further burden to this colossal issue.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• Bipartisan Group of Senators Proposes New Cyber Information Sharing Bill
• Ukraine Thwarts Russian Attack on Power Grid
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Sam’s Club customers. This email appears to be a notification alerting us that there is a surprise waiting for us. We are then prompted to “click here” to see what the surprise is. This email contains a catching congratulations message and a photo of Sam’s Club, so why not click here? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender’s address. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the lack of consistency. When comparing this email to others previously sent by Sam’s Club we can notice that this email does not contain their official logo, web-url, or disclaimer present at the bottom of the email. Using previous emails to compare them to suspected phishing attempts is a great way to spot immediate signs of inauthenticity immediately.
3. The final warning sign for this email is the large blue”Click here” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further extortion. This attempt even tries to catch unsuspecting users twice with a malicious red “here” at the bottom of the email which is masquerading as an unsubscribe button.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Bipartisan Group of Senators Proposes New Cyber Information Sharing Bill

Earlier this month, a bipartisan group of senators consisting of Gary Peters (D-Mich), Amy Klobuchar (D-Minn), Rob Portman (R-Ohio), and Roy Blunt (R-Mo) brought new legislation to the floor in an effort to increase the communication between branches on cybersecurity issues. This legislation, titled The Intragovernmental Cybersecurity Information Sharing Act, would expedite the information sharing process from the executive branch to members of the Senate and House of Representatives. This bill aims to increase collaboration efforts between all branches as cybersecurity incidents become more frequent and detrimental to our society.

Many key sponsors of the bill cited the turtle-like pace at which information has been previously shared, with many claiming that they are left out of the loop during significant cyber-attacks. Senator Amy Klobuchar added, “Cybersecurity threats against our government require a timely, coordinated response. Yet too often, a lack of communication between the Department of Homeland Security and Congress leaves us vulnerable to damaging cyberattacks.” She later summarized that this bill would help better protect our country from cyber-attacks by requiring the Department of Homeland Security to increase information sharing with Congress.

In a show of bipartisan support, Senator Robert Portman from Ohio exclaimed, “As we have recently seen, cyberattacks are increasing against our critical infrastructure as well as the federal government. Unfortunately, some of the cybersecurity professionals in Congress have faced lengthy delays in getting information on cybersecurity threats from the Executive Branch. That should not be the case.” Portman later released a statement to the press where he stressed that our enemies would not distinguish between our branches of government, and any actions we take in response must be swift and precise.

This legislation was introduced following the recently adopted Cyber Incident Reporting Act, strengthening the reporting requirements for critical infrastructure affected by cyber-attacks. Both Klobuchar and Portman were staunch supporters of that bill, signaling a strengthening of priorities between two tenured senators. Reporters around Capitol Hill anticipate this bill to make it through numerous rounds of committees before voting on the floor, with action hopefully planned by mid-summer.

To read more about this article, click here.

Ukraine Thwarts Russian Attack on Power Grid

Officials in the Ukrainian Government released a statement on Tuesday, 4/12 detailing an alleged Russian cyber-attack they thwarted. The cyber-attack supposedly targeted Ukraine’s power grid and, if successful, could have knocked out power for over two million people. While this defense of their national power grid is impressive, the aggression by Russia marks another step toward all-out digital war, leaving many experts fearful of how Russia will respond.

Reporters inside of Ukraine named the hacking group Sandworm as the perpetrators behind this most recent attack. They are formally known as Unit 74455 of the alleged cyber military unit GRU. The attack targeted high voltage computers, networking equipment, and electrical substations tied to Ukraine’s primary power grid. The attack occurred in two waves on the evening of April 8^th and targeted an unnamed Ukrainian energy supplier. Sandworm attempted to deploy malicious “wiper” software to erase data saved on computers, making them unusable and crippling the ensuing remediation response. The hacking group also utilized Industroyer, a malicious software that targets industrial controls, allowing near-total access to the affected systems.

Ukraine’s Deputy Chief of Information Protection, Victor Zhora, released a statement following the attack, claiming that Russian hackers had targeted an obelngegro (energy distribution center). This was a sophisticated and precise attack with the mission to cause mass electrical outages across Ukraine. The attackers were able to gain a brief period of access to numerous systems inside the distribution center but were quickly stopped before they could enact any more severe damage.

The CIA and U.S Department of Homeland Security have previously warned that Russia could look to utilize cyber-attacks to achieve more significant damage in their campaign against Ukraine. Experts inside the intelligence community see this attack as a signal that more cyber-attacks against critical Ukrainian infrastructure will materialize in the coming weeks. In the meantime, companies worldwide should be warned that these cyber-attacks could target businesses outside of Ukraine as havoc spreads from outside of the region.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Overview

• Phish Tale of the Week
• Chinese State-Sponsored Hackers Compromise Multiple U.S State Governments
• Altoona Area School District Affected By Cyberattack
• How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting McAfee customers. This email appears to be a notification alerting us that our computer is no longer protected and our subscription has expired. We are then prompted to renew our subscription and activate the code below now. This email contains a convincing message saying to protect my device from hackers, so why not click the link and update details? Unfortunately, there are plenty of reasons not to click that email right away.

Take a look below:

1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, review the sender address thoroughly to see if the email could be coming from a threat actor.
2. The second warning sign in this email is the urgency created in the message. The subject line tells us that “our computer is no longer protected” and further reads “Keep your Devices Safe NOW”. This type of messages is commonly used by threat actors to elicit an urgent and fast reply out of their target.
3. The final warning sign for this email is the large red “Activate NOW” call to action. Threat actors use call to action buttons like this to immediately redirect targets to malicious landing pages. These landing pages then infect the targets system with malware or other software with the intention of stealing information or further exortion.

General Recommendations:

A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

• Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
• Verify that the sender is actually from the company sending the message.
• Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
• Do not give out personal or company information over the internet.
• Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

Chinese State-Sponsored Hackers Compromise Multiple U.S State Governments

Investigators from the cybersecurity firm Madiant have uncovered a Chinese state-sponsored hacking group that compromised at least six U.S state governments. The persistent attacks took place between May 2021 and February 2022. The group, identified as APT41, used web application vulnerabilities to gain their initial foothold into multiple state governments. Additionally, Mandiant has found that APT41 exfiltrated personally identifiable information (PII) from the affected systems in manners similar to recorded previous espionage operations but has yet to confirm whether this was an intelligence-gathering operation the Chinese government.

“APT41′s recent activity against U.S state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques. APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability.” a researcher from Mandiant added.

Microsoft is one of the most prominent tech manufacturers globally, and attacks like this have become the new normal for this U.S.-based company. Reports of a 2.4 terabit per second (tbps) attack in October 2021 and two other large-scale DDoS attacks, each with 2.5 tbps, show just how many times Microsoft’s Azure DDoS protection Team has to put their skills to the test.

This attack marks another instance where nation-state hackers from China were able to infiltrate U.S state systems and remain undetected for months on end. These threat actors utilized numerous tools and techniques to adapt to any defenses that may have begun to uncover their trail. This shows a persistence and long-term focused resolve that many inside the U.S. government were afraid would show in attacks from nation-state hackers.

Following the initial report on this attack, a spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) stated they were aware of the breach and had this to add:

“CISA is actively working with our JCDC [Joint Cyber Defense Collaborative] private sector partners, including Mandiant, and government partners to address this advanced persistent threat to state government agencies and assist impacted entities. We encourage all organizations and critical infrastructure entities impacted by cyber intrusions to report to CISA, and to visit CISA.gov to take action to protect themselves.”

According to Mandiant’s researchers, members of APT41 were able to initially compromise U.S state government networks by exploiting vulnerabilities in applications built with Microsoft’s .NET platform. One of the vulnerabilities exploited was previously unknown and was found in an animal health reporting database system called USAHERDS. Experts believe the extent of this attack is going to be much larger than previously reported, with almost 20 different state governments reporting use of USAHERDS in their facilities.

U.S government officials were pressed on the motive of APT41’s most recent attack earlier this week and believe their focus was an espionage reconnaissance mission to determine the response of U.S state governments. When asked for a response, Zhao Lijin, a spokesperson for China’s foreign ministry stated:

“China firmly opposes and combats any form of cyberattacks and will not encourage, support, or condone any cyberattacks.”

To read more about this article, click here.

Altoona Area School District Affected By Cyberattack

Earlier this week, the Altoona Area School District sent a letter out to faculty and staff alerting them that a cyberattack affecting their internal systems had occurred. School superintendent Charles Prijatelj stated: “Altoona Area School District recently discovered it was the victim of a sophisticated cybersecurity incident, which impacted certain internal systems. Upon discovery of the incident, our IT took several steps to contain the incident and third-party forensic advisors and external legal counsel were engaged to assist”.

News publications around Altoona received numerous anonymous phone calls describing the effects of the cyberattack, with many teachers reporting that their credit card agencies alerted them that their personal information was now found on the dark web. Researchers investigating the incident believe that social security numbers, full names, addresses, insurance id numbers, and staff telephone numbers were all compromised in this breach. Prijatelj later commented on the incident, further exclaiming that Altoona’s IT department was in the process of containing the incident and has engaged third-party forensic investigators to assist with remediation.

Cyberattacks have become more frequent across the country as threat actors have found a new lucrative target to exploit. Schools districts house troves of personally identifiable information for both students and faculty alike. This, coupled with abysmal amounts of funding for security-related projects, creates the perfect storm for threat actors looking for a quick payout. The public nature of these institutions also means that when a breach occurs or ransomware is detected, the schools almost always have to agree to the hackers’ demand and pay the ransom.

Superintendent Charles Prijatelj penned a separate letter to parents and guardians of children in the school district, saying: “We do know that some of our employees have received notification of potential data compromise and we wanted to make you aware of the situation as well. Upon completion of the investigation, those individuals with compromised data will receive official notification. At this time, however, that information is not yet known.” Prijatelj then thanked parents for their patience and assured them that more information will be made available as the district uncovers more about this incident.

For more information check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.