Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • T-Mobile Data Breach: What Happened and What We Do Next.

    T-Mobile Data Breach: What Happened and What We Do Next.

    Telecommunications company T-Mobile reported Monday that they are investigating the specifics of a data breach that hackers claim may have leaked the personally identifiable information (PII) of over 100 million customers. The majority of the data is said to contain social security numbers, addresses, dates of birth, security PINs, and other sensitive information unique to many of their US customers.

    Vice.com originally broke the news on Sunday night, alerting millions T-Mobile customers that their information may have been leaked. A T-Mobile spokesperson had this to add on this recent development “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

    When asked about what they have been doing internally in response to the breach, T-Mobile had this to add “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment, we cannot confirm the reported number of records affected or the validity of statements made by others.”

    How did we get here?

    Reports show that this investigation began after a Twitter user @und0xxed started tweeting details about the breach. This user has confirmed that they were not involved in the operation to steal the information but were instead charged with finding buyers for the stolen T-Mobile data. This user disclosed that the hackers had found an opening in T-Mobile’s network that granted access to two T-Mobile customer data centers. From there the assailants worked to exfiltrate the data and made a ransom demand of 6 bitcoins or roughly $275,000 USD in exchange for 30 million social security numbers they had stolen.

    What does this mean?

    A large amount of the information breached was already widely available. Much of the personally identifiable information harvested can be found on numerous public records sites. This coupled with the reality that most people’s data may have been leaked previously without their knowledge, signals that this breach may not be as damning as first expected. However, this information may have been available before, but now that threat actors have a database that connects these records together, the damage could be much greater

    Wireless customers across the U.S will have to be hypervigilant in the coming months to an onslaught of phishing campaigns they should expect to receive. This tying together of data and records will allow hackers to craft highly sophisticated phishing messages that will be much believable than previous attempts. Names and phone numbers are easy to find, but when that information is tied together with addresses and your unique mobile provider, threat actors can create the perfect message to convince you to click on that link.

    What is the solution?

    Recent data breaches like this have began to numb the public to their data being disclosed online. Admittedly most of your sensitive data is already available to hackers across the world. However, there are still plenty of steps users can take to protect themselves or at least limit the ramifications if your data was stolen.

    First, for all T-Mobile customers immediately change your T-Mobile security PIN and password. Usually companies that have been affected by data breaches offer some sort of free credit monitoring to victims of the attacks. Be sure to keep a look out for any communications from your mobile provider regarding these services. Additionally, users can go to https://haveibeenpwned.com/ to see if they are the victim of any previous data breaches.

    Other great steps to help mitigate your risk from data breaches online are: installing a password manager to generate strong and unique passwords for all the websites you use, enabling multi-factor authentication whenever possible to reduce the likelihood of one password or code granting immediate access to an account, carefully checking your emails for any signs of phishing or other spam attempts. As always if the link looks to good to be true, do not click on it.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (July 29th, 2021)

    Overview

    • Phish Tale of the Week
    • Colonial Pipeline Didn’t have MFA in Place, Neither Do Most Defense Contractors
    • US Defense Contractors Fail to Meet CMMC Requirements
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting employees that may be expecting an invoice to be paid or just someone who doesn’t check their email rigorously. This email appears to be a notice of payment confirmation for undisclosed services. This email contains an Excel file, likely with our payment information in there awaiting confirmation so why not click on the document and see for ourselves. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Always thoroughly inspect the sender address to ensure its from a trusted sender. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the lack of a salutation. In most email correspondences it is customary to begin with a small opening such as “hello” or “good morning”. This email likes an attempt at an introduction and immediately jumps right to the document.
    3. The final warning sign for this email is the messaging inside the email. In this instance, this email was translated from another language prior to this screen grab. If an email is coming from an unknown sender, in a different language, then there is always room for concern.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Colonial Pipeline Didn’t have MFA in Place, Neither Do Most Defense Contractors

    Following the massive Colonial Pipeline hack that saw gas prices surge across the country and many residents in the Southeast of the United States without gas altogether, Colonial’s CEO Joseph Blount was called to answer numerous questions from Congress. Rep. John Katko of NY appreciated that Colonial Pipeline had identified places within their environment to strengthen their security policies and further harden systems, but the question remains. “If your pipeline provides fuel to 45% of the East Coast, why are you only hardening systems after an attack?” U.S Rep. Bonnie Watson Coleman from New Jersey had a more direct response to Blount’s testimony. She went on the offensive claiming that by delaying voluntary reviews and assessments of cybersecurity policy, Colonial was declining them, not complying with them.

    While companies of all sizes and security complexities can fall victim to cyberattacks such as the one Colonial Pipeline suffered, many basic precautions should be in place to prevent these sorts of disasters. One of the most basic preventative measures organizations can deploy across their networks is multifactor authentication. Multifactor Authentication or MFA for short is an authentication method that requires a user to provide two forms of evidence proving they are who they claim to be and that they are accessing systems or information that are within their security privileges. Unfortunately, Colonial Pipeline did not have MFA implemented in their environment at the time of the attack.

    Experts believe MFA wouldn’t have stopped this attack in its entirety, but this disregard of basic security tools is concerning. Companies in the federal defense supply chain have been required to have multifactor authentication in place for a few years now after a 2015 law passed mandating NIST cybersecurity best practices. A CyberSheath report found that 71% of the 600 defense contractors surveyed failed to have the appropriate level of multifactor authentication needed. What’s even more concerning is that isn’t the only issue plaguing members of the defense supply chain. The Supplier Performance Risk System scores companies based off their overall risk profile in accordance with what security measures they have enacted within their environments. A company with a perfect score would be awarded a 110 on this scale while a company with no measures in place would score a -203. The average score of the 600 companies surveyed was an alarmingly low -125.

    In conclusion, while federal cybersecurity requirements have been modified and improved over the years, there is still room for improvement. Many contractors have forgone these security upgrades because there hasn’t been any recourse to their actions thus far. The time for verification is now. The federal government must verify that defense contractors are following these basic cybersecurity standards and better securing the defense supply chain.

    To read more about this article, click here.

    US Defense Contractors Fail to Meet CMMC Requirements

    A recent uptick in cyberattacks has created more than a few headaches for United States defense contractors. President Biden signed an executive order in May which signaled the first major shot in the ongoing war against outside threat actors. However, a report from incident response firm BlueVoyant illustrated that shot may have fallen on deaf ears. The survey polled 300 small to medium sized defense contractors and uncovered that many of them are currently failing to comply with CMMC requirements. The report gets worse from there with 48% of these businesses having “severe vulnerabilities” within their environments like unsecured data storage or ports and almost 10% showing “critical vulnerabilities” and indicators of compromise. In what might be the most alarming statistic from this report, 28% of the companies surveyed would not meet CMMC tier-1 requirements which mostly entail just basic cyber hygiene practices.

    The report from BlueVoyant highlights some of the struggles that small and medium sized defense contractors are currently facing. These organizations are some of the first points of attack for outside threat actors looking to gain a greater foothold into the United States’ defense supply chain. Many attackers target businesses of this size since they usually allocate less money for security in their annual budgets, although the industry in which these companies are classified under may tell a different story.

    Of the companies polled in this survey, Manufacturing and R&D companies were found to be at a significantly greater risk than many other companies with similar staff sizes. The report disclosed that small manufacturing businesses had the highest levels of critical risk at 14%, with 100% of large R&D companies assessed at “high risk” with countless vulnerabilities within their networks. Increasingly concerning, almost 1/3 of the R&D firms surveyed displayed indicators of compromise throughout their networks.

    This report comes as defense contractors have begun the painstakingly slow process of adopting the Cybersecurity Maturity Model Certification (CMMC) requirements. This standard builds upon previous cybersecurity defense measures highlighted in NIST SP 800-171 and looks to better secure the nation’s defense supply chain. For companies looking to begin their CMMC endeavors, there are five tiers of requirements ranging from the lowest Tier 1 up to Tier 5. These tiers are broken down by the level of access companies have to sensitive information. The requirements in Tier 1 are even less intensive than previous standards from NIST SP 800-171 which further indicates the organizational failure to meet basic cybersecurity standards throughout the defense supply chain. The hard-truth is many of these companies struggle to address cybersecurity needs within their organizations. They often have limited IT resources and view the investment into better security practices as a costly one. This is why firms need to partner with organizations to help streamline their security improvements and CMMC readiness. At Netizen, our company will work one on with you to address your company’s unique security requirements and work to establish standards and practices that ensure continued compliance and security.        

    For more information check out the rest of the article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Kaseya Ransomware Attack: How it happened and the implications.

    Kaseya Ransomware Attack: How it happened and the implications.

    While many Americans began to prepare for the Fourth of July weekend, software development company Kaseya found themselves on the wrong end of a $70 million ransomware nightmare. For those unaware, Kaseya produces software and products used by Managed Service Providers to monitor and manage technology environments at scale. On Friday July 2nd, Fred Voccola, Kaseya’s CEO announced that there was “a potential attack against the VSA [product] that has been limited to a small number of on-premise customers.” As the investigation began, multiple businesses who had Kaseya installed in their environment expressed that they had been locked out of their systems due to ransomware. Cybercriminal group REvil was quick to take responsibility for this attack stating:

    “On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from the attack in less than an hour. If you are interest in such deal – contact us using victims “readme” file instructions.”

    These instructions were left on the organization’s public forum, Happy Blog. As of Monday July 6th, REvil has decreased their ransom price from $70 million to $50 million for a universal decryptor, showing a willingness to negotiate with their victims.

    How did we get here?

    Reports from Kaseya were quick to denounce ideas that this attack occurred from a breach in their supply chain. After further investigation, researchers have determined that the threat actors were able to exploit a zero-day vulnerability on Kaseya’s central VSA product server. This exploit allowed the attackers to bypass authentication controls and gain an authenticated session to then run arbitrary command execution. The threat actors then began to push REvil ransomware to a select group of Kaseya users under the guise of a fake software update titled “Kaseya VSA Agent Hot-fix”. These updates were then unleashed upon unsuspecting systems throughout MSP and client environments alike as a fake management update. This meant that even if an organization was not a customer of Kaseya’s that they still had the chance to have their data encrypted depending on their MSP.

    According to the Dutch Institute for Vulnerability Disclosure (DIVD), Kaseya was in the process of patching the zero-day vulnerability uncovered in this breach. Unfortunately, the REvil affiliate that perpetrated this attack had obtained the zero-day’s details and began exploitation before Kaseya was able to begin rolling out a fix to their customers.

    What does this mean?

    Cyber-attacks of this nature are becoming more and more common as this marks the fifth major breach of a U.S company in the past six months. Cyber criminals are beginning to utilize RaaS or Ransomware As A Service model to expand their operations by licensing their software out to other malicious actors who may not have had the technical capabilities to create their own ransomware. REvil ransomware has been one of the most advertised and prolific RaaS operations on the dark web since their inception three years ago. The gang netted over $100 million from similar attacks in 2020 and are poised to eclipse that value in 2021.

    Netizen CEO, Michael Hawkins had this to add “As more and more companies pay ransoms while failing to put in place adequate preventative and restorative measures to ensure recovery from such events, attackers will only be emboldened to carry out more and larger scale attacks. This will become an endlessly increasing and more dangerous cycle of ransoms and payments until an end is put to it, perhaps through legislation. As Ransomware becomes more pervasive and easier to deploy, it is only a matter of time until our critical infrastructure, medical facilities, supply chain, and private businesses in particular, are severely hindered en masse, which could greatly impact the fledgling economic recovering post-COVID.”

    What is the solution?

    Organizations needed to move cybersecurity to the front of all discussions moving forward. Attacks like these are becoming far too common as companies everywhere try to balance the cyber risks of today’s world. All security policies need to be thoroughly reviewed and tested for real-world scenarios like this. What happens if your company loses access to their core systems and databases? How long would it take to rebuild from non-impacted backups? These are all questions organizations need to have the answers for to combat this rise in cybercrime.

    Software development companies must start addressing application security at the beginning, middle, and end of their development process leveraging DevSecOps techniques and tools. Gone are the times where security was a forethought and often overlooked to rush out an application on time. User-facing applications have repeatedly been targeted in massive ransomware attacks just like this past one. The only way to move forward is to catch security flaws in the code before the product is launched.

    For customers directly affected by this attack, Kaseya has released a tool including Indicators of Compromise (IoC) as well as two PowerShell scripts, one for endpoint scanning and the other for a VSA server. Kaseya has recommended these scripts be run in offline mode and to expect further security patches. “All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations” a representative from Kaseya had to offer.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • NETIZEN AWARDED STATE-WIDE CYBERSECURITY CONTRACT FOR COMMONWEALTH OF MASSACHUSETTS

    NETIZEN AWARDED STATE-WIDE CYBERSECURITY CONTRACT FOR COMMONWEALTH OF MASSACHUSETTS

    Allentown, PA: Netizen Corporation, an ISO 27001:2013, ISO 9001:2015, and CMMI Level 3 certified Veteran Owned provider of cybersecurity and related solutions, has been awarded a contract for state-wide cybersecurity solutions for the Commonwealth of Massachusetts called ITS78 Data and Cybersecurity. Netizen was one of the only small businesses awarded this contract in all four cybersecurity categories.

    Netizen intends to provide solutions under this contract for varying cybersecurity tasks throughout the Commonwealth of Massachusetts including compliance and data audits, risk assessments, and incident response services. Netizen also serves as an expert technical and cybersecurity advisor for numerous other government and commercial clients including the Department of Defense, Department of Veterans Affairs, Department of the Treasury, U.S. Army, U.S. Navy, and others.

    “This is yet another demonstration of the capabilities of the Netizen Team, especially notable given that we were one of less than handful of smaller businesses to be awarded all four categories to support the cybersecurity initiatives of the Commonwealth of Massachusetts,” said Michael Hawkins, Netizen’s President and CEO. He added that this effort will also help strengthen the company’s capabilities and access to state and local government markets as they look to expand further following a year of growth.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity firm, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen provides specialized cybersecurity solutions for government, defense, and commercial markets. They also develop innovative products such as the award-winning Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is based in Allentown, PA with additional locations in Virginia, South Carolina, and Florida. In addition to having been one of the fastest-growing businesses in the US, Netizen has also been named a national “Best Workplaces” by Inc. Magazine and has received the US Department of Labor HIRE Vets Platinum Medallion award for veteran hiring, retention, and community involvement three years in a row. Learn more at Netizen.net.

    POINT OF CONTACT
    Tristan Boheim
    Marketing Manager
    1-484-294-1331
    press@netizen.net

  • NETIZEN APPRAISED AT CMMI® MATURITY LEVEL 3

    NETIZEN APPRAISED AT CMMI® MATURITY LEVEL 3

    Allentown, PA: Netizen Corporation, an award-winning Veteran-Owned provider of cybersecurity solutions, has been appraised at Capability Maturity Model Integration (CMMI) V2.0 Maturity Level 3 for government and commercial cybersecurity solutions. The Process Group led and conducted a comprehensive Benchmark CMMI appraisal (#54557) that included Netizen teams in Allentown, PA, Arlington, VA, and Charleston, SC. CMMI is a process improvement training and appraisal program used to gauge a company’s overall maturity in the delivery of customer projects. It was developed at Carnegie Mellon University (CMU) and is required for many U.S. government contracts.

    Netizen’s compliance with CMMI process areas were appraised through the examination of many types of objective evidence, including interviews with senior corporate leadership, program managers, quality assurance personnel, and other organization employees to empirically demonstrate that standard processes are being followed and continually improved across the company. Maturity Level 3 indicates that Netizen is performing at a “defined” level of standardization. This maturity level is only achieved by companies that have well-defined, repeatable, and effective organizational standards and processes for project management, software engineering, services, and quality assurance while maintaining a focus on continuous process improvement.

    “This CMMI Level 3 rating demonstrates Netizen’s ability to track, audit, and continuously improve our standards, processes, and quality across the entire organization. Along with our ISO 9001 and ISO 27001 certifications, it is also the clearest evidence yet that Netizen is a mature company with truly unique capabilities for delivering best-of-breed cybersecurity products and services to all of our customers in government, defense, and commercial markets around the world,” said Michael Hawkins, Netizen’s President and CEO.

    About Netizen Corporation:
    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT
    Akhil Handa
    Chief Operating Officer (COO)
    1-800-450-1773
    press@netizen.net

    #####

  • Netizen Cybersecurity Bulletin (June 2nd, 2021)

    Overview

    • Phish Tale of the Week
    • Self-Promoting Cybersecurity Firms Doing More Harm Than Good
    • Almost 500,000 job openings in cybersecurity nationwide
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting FedEx customers. This email appears to be a warning notice that the client’s package was unable to be deliver. This email contains FedEx’s official logo as well a shortcut to fix this issue right in the email, so why not click “update address”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like FedEx will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
    3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that our that a package was unable to be delivered. We are then given a shortcut to update our address Phishing campaigns like this will almost always try to convince you to click on a link or shortcut to navigate you out of your email browser. Remember, if a link or shortcut looks suspicious, do not click on it.

    For more phishing examples from FedEx, check out this link.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Self-Promoting Cybersecurity Firms Doing More Harm Than Good

    Ransomware attacks are some of the most costly and destructive cyberattacks circulating the world today. They work through a malicious software being downloaded or applied to a target’s systems which then blocks access to information, encrypting the data, and demanding a ransom be paid to free up the systems. This type of attack recently gained national attention when the Colonial Pipeline was forced to pay a $5,000,000 ransom to a cybercriminal group known as DarkSide. In the race to combat these attacks many companies have begun staffing teams of trained cyber professionals to crack the cyphers attached to these attacks. After figuring out a way to bypass the ransom and thwart the hackers, many groups launch massive press releases or blog posts illustrating their victories. What if I told you the companies working around the clock to fight these cybercriminal groups may be doing more harm than good?

    Four months before DarkSide gained national attention over their ransomware exploits, antivirus company Bitedefender declared that it was “happy to announce” a major breakthrough. Bitedefender had been working on a solution to DarkSide’s ransomware and after finally making a breakthrough, they announced to the world that they would offer this tool for free to anyone affected by DarkSide’s activities. Unbeknownst to them, another pair had already uncovered this flaw in DarkSide’s ransomware.

    Fabian Wosar and Michael Gillespie are two names you probably have not heard of. They are not featured in the news or on television and that is they want it. Both Wosar and Gillespie belong to a group known as the Ransomware Hunting Team, a non-profit, invitation only group focused on combating cybercriminals and helping victims affected by ransomware. In December of 2020, Gillespie looked to team up with Wosar to isolate an encryption key to help speed up the recovery process that comes after paying Darkside’s ransomware bounty. The two gentlemen quickly discovered that their work isolating this one key could be utilized on other files that had been infected by DarkSide. Gillespie later posted a ground-breaking discovery to the rest of the Hunting Team that DarkSide was re-using RSA keys from previous ransomware attacks.

    For those unfamiliar, RSA is a public-key cryptosystem that is widely used for secure data transmission. RSA first generates a public key to encode data, then a private key is created to decipher it. RSA is used in many legitimate aspects of ecommerce and communications such as encrypting credit card transactional data and securing VPN connections between clients and servers. Unfortunately, its legitimate uses have been overshadowed by its repurposement as a tool for cybercriminals to help extort more money out of business owners.

    In review, was Bitedefender right to publish their findings? On one hand, disclosing this information immediately alerted DarkSide that people had found a loophole to avoid paying the ransom. On the contrary, Bitedefender has a national following and recognition and was probably able to reach a greater number of users than the Ransomware Hunting Team was able to.

    To read more about this article, click here.

    Almost 500,000 job openings in cybersecurity nationwide

    With life returning to some resemblance of normalcy job openings have begun to flood the marketplace. One of the most in-demand industries? Cybersecurity. Cyber Seek, a tech job tracking database from the U.S Commerce department reported that there are over 465,000 open positions in cybersecurity nationwide. For anyone looking to start or pivot to a different career in cybersecurity, the time is now.

    Recent increases in cyberattacks have helped spur an increase in demand for cybersecurity professionals. Companies are now more than ever looking to secure their information technology systems from outside threats. Both private businesses and government agencies alike are looking to fill these vacancies in desirable locations such as Florida, Virginia, California, and Texas. Vice President of research at CompTIA, Tim Herbert, had this to add “You don’t have to be a graduate of MIT to work in cybersecurity”. While going to a four-year university and pursing a degree in cybersecurity is one avenue towards a career in cyber, it is not the only one. Cybersecurity hopefuls could look to grab a Security+ or Network+ certification to help increase their marketability as a job candidate. Additionally, many companies offer 6, 8, or 10 week “boot camps” meant to prepare individuals with many of the skills they will need for a career in cyber.

    The largest catalyst for this tremendous amount of job openings is a lack of skilled workers. Many individuals see the responsibilities that come with working in cybersecurity and worry that they will not be able to fulfill them. “Cybersecurity is not rocket science, but it’s not like you can just walk in the door and take a job and pick it up like that”, Michelle Moore added, a cybersecurity professor at The University of San Diego. People looking to start a career in cybersecurity have to be willing to put the time and effort into honing this new craft. If they make that commitment, they will be rewarded with jobs helping secure our nations critical infrastructure and combating cybercriminals with many opportunities to take on more responsibilities.

    Calling all top-tier performers looking to drive innovation forward. We favor a “can do” attitude, dedication to continuous learning, commitment to teamwork, and keen attention-to-detail. Netizen, a national Inc. Magazine Best Workplace and HIRE Vets Platinum Medallion awardee, offers competitive pay and benefits plus ample flexibility, performance incentives, training, and career growth. Equal Opportunity Employer. Military Veterans/Family/Spouses welcome.

    Check out some of our open positions here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NETIZEN HIRES BRIAN KEATING AS DIRECTOR OF FINANCE

    NETIZEN HIRES BRIAN KEATING AS DIRECTOR OF FINANCE

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity products and solutions, has added Brian Keating to the executive team and named him Director of Finance for the company. Brian is an accomplished financial and operations executive with a diverse skillset and extensive experience in the founding, funding, growing, acquisition, and management of companies of all types and sizes.

    At Netizen, he is responsible for all corporate accounting and finance operations. He has a degree in Management from Bryant University and holds Certified Financial Planner (CFP) and Project Management Professional (PMP) certifications. Brian previously served in senior leadership roles with some of the most successful companies in the Washington, D.C. area and as an independent executive consultant before joining Netizen. He is based at the company’s Washington, D.C. metro area (Northern Virginia) location.

    Additional details, photographs, and biographical information can be found for Brian on the Netizen website at https://www.Netizen.net/about/leadership.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT:

    Akhil Handa // Chief Operating Officer

    Email: press@netizen.net

  • Colonial Pipeline Ransomware Attack: What happened and how we move forward.

    Colonial Pipeline Ransomware Attack: What happened and how we move forward.

    Americans on the East Coast have found themselves on the wrong end of one of the most impactful ransomware attacks this country has ever seen. The FBI reported earlier this week that a group known as DarkSide has claimed responsibility for an attack that caused the shutdown of the Colonial Pipeline. On Friday, May 7th, Colonial announced that they had halted all operations and frozen their IT network to begin remediation and repair of their affected infrastructure. Colonial transports over 100 million gallons of fuel daily over 5,000 miles from Texas to New York, supplying 45% of the East Coast’s diesel and gasoline for consumers ranging from every-day citizens to airports and military bases.

    How did this happen?

    On May 7th, Colonial Pipeline announced that they were ceasing operations immediately and that their network had been compromised by a ransomware attack. The initial attack vector in the Colonial Pipeline attack has yet to be uncovered, but experts have disclosed that the attack was focused on the business side of the Pipeline, not the operational. This reinforces previous ideas that this attack was for a monetary incentive, rather than disrupting the infrastructure of the United States. While this attack is unique in scale, ransomware is nothing new to the U.S.

    Ransomware is a type of malware that once infected into a user’s systems, locks the user out and encrypts their data. A “ransom” is then required to be paid to regain access to their data. The targets of these attacks vary, but in recent years there has been a major uptick in the amount of private businesses and government organizations, including critical infrastructure providers, that have been specifically targeted. In 2018 the cities of Atlanta and Allentown were both hit with a ransomware attack that crippled their entire IT infrastructure and affected everything from tax payments to traffic lights. Many victims have repeatedly turned a blind eye to warnings that were made about their environment, specifically a January 2018 audit in Atlanta, for example which uncovered 1,500 – 2,000 known vulnerabilities in their systems. This audit showed that the city was drastically neglecting their cybersecurity processes, and then they were hit with an attack.

    What does this mean?

    How could a company that is so crucial to our nation’s infrastructure lack the necessary cybersecurity measures to defend itself from an attack like this? Our nation’s energy grid is one of the most critical pieces of infrastructure in the country, yet private companies who do not view cybersecurity as a key issue own nearly 85% of the market. This leaves most of our nation’s energy grid unregulated to a large degree when it comes to cyber protections. Many of these utility providers rely on systems that are running decades old tech in what is essentially a modern-day cyber battlefield and they just aren’t equipped well enough to defend themselves. Netizen’s COO, Akhil Handa, had this to add “Even though government regulatory agencies exist, there is no standardized process for which these companies look to measure their cybersecurity readiness against..”

    What is the solution?

    No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.

    We need to have an open conversation with key businesses that make up our nation’s infrastructure and determine what measures they are taking to protect their cyberspace. Additionally, we need to start moving towards architecture like Zero Trust Security to help ensure issues like this do not arise again. The time for action is now. We must work together to hold businesses accountable for their actions and move towards creating a more secure cyberspace.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Zero Trust Security: A new blueprint to fight cybercrime.

    Zero Trust Security: A new blueprint to fight cybercrime.

    This past year was one like no other. Masks became the new fashion norm, workers traded office life for remote work, and video meetings became our main vessel for communicating with one another. While the world was busy fighting one issue, another swiftly arose. Cyber crime is on the rise across the globe. According to the F.B.I. in 2020 internet and cybercrime complaints rose to 791,790 up 69% from just 467,361 complains the year before. Coincidently the revenue lost due to cybercrime also soared going from $3.5 billion lost in 2019, to $4.2 billion in 2020. This rise in cybercrime and cyber attacks has led information technology professionals to discuss how best to combat this issue, their answer? Zero Trust Security. 

    What is Zero Trust? 

    Trust nothing, verify everything, and assume a breach has already occurred. These are the main principles of Zero Trust Security that outline how an organization should view their security posture. First, there should be no default trust permissions within the secured environment. Pretend that every device is facing the internet and can be used as a potential attack vector. The next step is to always require verification for every device/user across the network. When someone remotely access the network from their mobile device, treat them as though this is their first time ever signing on. Make sure that this process is repeated when they try to pivot to a separate part of the network. Just because someone has access to files for one department, does not mean they should have access to other sections. Finally, always assume the worst. Organizations should operate as though they have already been breached, further securing credentials and access to sensitive information to only users who have the express permissions to access them.  

    While the Zero Trust Security model is relatively new, it has already begun to impact the way companies look to defend their networks. Netizen COO, Akhil Handa, recently had this to say on the matter “ Zero Trust is changing the way companies are looking at Cybersecurity and has really come to the forefront during this time where the work force is shifting to remote. Zero Trust revolves around the methodology that requires organizations to implement strict verification processes for people and devices connections prior to giving them access to the network and data. Organizations are now turning to Zero Trust security rather than just spending money defending the perimeter.”

    The Pillars of Zero Trust Security:

    The Zero Trust Security Model consists of six main pillars of security. The first of these pillars is users or workforce security. This pillar revolves around the overarching need to ensure that users have the correct permissions and are authenticated each time they access the network. With Zero Trust, we make sure that users only have access to the information that they need and their accounts cannot be used to access further systems. The next pillar focuses on device security. Every device should be treated as a potential threat vector under Zero Trust security. These devices have their access granted on a per-session basis and have no shared credentials or trust permissions. Following device security, the next pillar is network security. This pillar revolves around the need for micro-segmentation of the network to reduce the risk of an outside attacker being able to pivot across the network to multiple resources. Companies can look to create multiple inspection points across their network to help reduce any suspicious lateral movement.

    The next pillar is workload security which refers to the applications, digital processes, and public and private IT resources used by an organization for operational purposes. Security is wrapped around each workload to prevent data collection, unauthorized access, or tampering with sensitive apps and services. The next pillar is data security which entails properly categorizing data. Once categorized, the data can be isolated where only the individuals that need the data can access it. This section also includes where the data should be stored and any encryption processes. The final pillar of Zero Trust Security is analytics. This last pillar deals with the continuous monitoring of the micro-perimeters we have set up throughout the environment and the tracking of log data to find any indicators of a breach.

    How to get started:

    Netizen CEO, Michael Hawkins, had this to say for companies looking to get started on Zero Trust. “The first step is identifying what adoption means for your organization, does Zero Trust fit into your current risk profile and operational capabilities (ability to support). For example, Zero Trust relies heavily on things like identify management, asset management, network segmentation, and threat intelligence, which are skillsets that many businesses would not have in-house. Also, as a relatively new concept, there are still many emerging ideas and products out in the market and standards are still being formalized. So, to surmise, the first step would be assessing whether Zero Trust is right for your organization given the capabilities of your organization and other factors. After this, identification of processes and tools necessary for successful implementation would be next, along with documenting current and to-be network topologies and creating a plan that is incremental enough so as not to overwhelm existing staff.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • Netizen Cybersecurity Bulletin (April 13th, 2021)

    Netizen Cybersecurity Bulletin (April 13th, 2021)

    Overview

    • Phish Tale of the Week
    • 533 Million Facebook Users’ Personal Identifiable Information Leaked Online
    • Fleecware Apps Accumulate $400M in Revenue
    • How can Netizen help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting JPMorgan Chase account holders. This email appears to be a warning notice that the client’s account has been put on hold. This email contains Chase’s official logo as well a shortcut to fix this issue right in the email, so why not click “verify account”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like JPMorgan Chase will never email you outside of their company emails. In the future, check all suspicious emails from companies against previous correspondences you’ve received and make sure the sender address is the same.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake support number to try to create legitimacy.
    3. The final warning sign for this email is the messaging inside the email. In this instance, we are being notified that our account has been put on hold. We are then given a shortcut to verify account an unfreeze our account. Phishing campaigns like this will almost always try to convince you to click on a link or shortcut to navigate you out of your email browser. Remember, if a link or shortcut looks suspicious, do not click on it.

    For Chase specific recommendations find more here.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    533 Million Facebook Users’ Personal Identifiable Information Leaked Online

    Facebook has come under heavy fire after it was reported that over 533 million Facebook users worldwide had personal identifiable information (PII) leaked earlier this month on a popular hacking forum. troves of information are believed to have stemmed from the 2019 data breach that saw Facebook housing hundreds of millions of users’ records on a public server. The personal information that was leaked included full names, Facebook ID’s, locations, gender, email addresses, and other profile details for the over half a billion users affected. In a shocking discovery, it was also revealed that the personal phone numbers of Facebook CEO Mark Zuckerberg, and co-founders Dustin Moskovitz and Chris Hughes were also leaked in this breach. In total, over 533 million Facebook users in 106 different countries were impacted by this leak.

    Researchers have rushed to uncover how this data was leaked and it appears the culprit was an old Facebook tool put in place to connect users’ phone records to potential friends on Facebook. Prior to 2019, Facebook had a contact importer tool to help users link up existing contacts on their phones to simplify the whole process of adding contacts manually. The tool would reference contact list phone numbers to any Facebook accounts associated with them and then suggest these users to be added as friends on Facebook. The whole process was created to help make it easier to get started when you first sign up for a Facebook account. However, in 2019 Facebook became aware that malicious actors had exploited this tool to mass scrap millions of user records from their site.

    Since the news of this most recent leak, Facebook announced that they have no plans to notify users who had their data exposed. They noted that this data was already scraped from public profiles using their “contact importer” feature in 2019, but have since adjusted this feature to prevent this from happening in the future. Additionally, Facebook claimed that since this data was scraped from public profiles that they would have no way to be certain about which users were affected and would need to be notified. Luckily, we’ve found a website on link that will tell you if your email or phone number has been used in a data breach. Visit https://haveibeenpwned.com/ to check if you’ve been affected.

    To read more about the latest Facebook breach, click here.

    Fleeceware Apps Accumulate $400M in Revenue

    What happens when you forget to cancel that 1-month free trial you agreed to for a new app on your phone? Sometimes you will be charged a small fee or an instant renewal cost, but in some cases those charges may be a lot higher than people expect. Researchers from Avast have uncovered approximately 204 fleeceware apps in Apple’s App Store and the Google Play Store. “Fleeceware” is type of mobile malware application that comes with hidden, excessive subscription fees. These apps prey upon people who do not know how to cancel a subscription or are less likely to, leading to exorbitant account charges over a period. Fleeceware usually lures targets in with a free trial, before the automatic payments begin to kick in. Avast reported that some of these subscriptions can reach up to as much as $3,400 a year.

    To break these apps down by operating system, a total of 134 apps were found on Apple’s iOS platform with projected revenues of $365 million, while 70 fleeceware apps were uncovered in the Google Play Store with projected revenues of $38.5 million. What makes these apps so profitable is the niche that they fulfill. Most of these apps are easily marketable, viral applications like photo editing software, horoscope readers, music lessons, or astrology boards. These applications are ones that people would normally scoff at paying money for, with so many free options in the marketplace. However, when an advertisement to “test trial” the paid version of these applications with promises of “exclusive features” gets to most users, people want to try these applications themselves.

    The crazy part about this scam is that these apps appear to be real, legitimate applications when viewed in their respective app store. They have product descriptions, impressive user reviews, and visually pleasing API’s, all to make these apps look as real as possible. One of the first ways to spot scams like these is to scan through a few pages of user reviews. Scammers will often try to bury bad reviews under a mountain of fake reviews, but most app stores will prioritize “active” community member reviews on most applications. To get to these reviews select the “most helpful” or “most relevant” drop down and see what actual people have to say about these applications. Another way to combat these scams is to always read the fine print. Make sure to comb through the “in app purchases” section and familiarize yourself with the terms and conditions you are agreeing to. Many times these scams will rely on people not noticing the exorbitant costs that are right in front of them, and instead skipping over all the terms and services with their purchase. Finally, keep a critical eye on all purchases over the internet. Today’s digital age has seen a massive increase in the number of malicious actors looking to dupe unsuspecting individuals into giving over payment or personal information. If an advertisement looks too good to be true, chances are it is.

    Find more about this article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.