Netizen Cybersecurity Bulletin 28 November 2018

In This Issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Enterprise Facing Higher Cryptojacking & Mobile Malware Threats
  • Insecure Printers
  • Hackers Target Music Lovers
  • Malvertising Campaign Hits Over 300 Million
  • Phish Tale of the Week
  • How can Netizen help?

Enterprise Facing Higher Cryptojacking & Mobile Malware Threats

Fortinet released its Q3 “Quarterly Threat Landscape Report”, and in it, they detailed an uptick in malware, exploits, and threats. From July – September unique malware threats increased by 43% and the number of malware families grew by almost 32%.

Cryptojacking, malware that surreptitiously mines cryptocurrency on infected computers, is a serious growing threat. The cryptojacking malware itself doesn’t necessarily harm your computer, but what it often does is bring down your antimalware software and create holes in your firewall, which makes your system vulnerable to more serious threats.

Mobile malware is another rising threat that many people don’t think about as being a risk. But our phones are computers just like the PCs we do our daily work on and can be exploited. Android leads the pack with infections due to being more popular worldwide and more open than iOS, allowing users to install applications from outside of the Google Play Store. Some of these apps coming from 3rd party android app stores are actually trojans that can steal your information and use your phone as a zombie in a botnet.

RECOMMENDATIONS:

Ensure that your systems are up to date on any patches and that your firewall and antivirus are current. Make sure that, if you own an Android phone, you do not install any apps from outside of the Google Play Store.

Insecure Printers

While the issue has become more pronounced over the years, the vulnerabilities of printers are still very underestimated and often not taken into account. The problem with printers is that many IT professionals see them as low risk, if not a trusted and reliable device. Often people do not think of printers as what they are—endpoints. If is connected to the network and can be accessed, it has the potential of being a vulnerability. A lot of the common issues with printers are that they are not adequately and routinely patched.

As time and technology progress, printers are becoming more and more multi-faceted, more internet-aware; creating new opportunities for cloud services and other advanced services like that of remote management by third-party service providers. Printer vulnerabilities are plentiful and include but are not limited to:

  • Device misconfiguration
  • Print job manipulation
  • Unauthorized access to print data
  • Man-in-the-middle attacks in the cloud

RECOMMENDATIONS:

Printers are widely vulnerable due to the fact that patching and updating may not always be such a simple task and it is one that leading printer companies are trying to perfect. Despite some challenges like that of firmware upgrades, we recommend:

  • Data encryption rules
  • Replace outdated printers with newer more secure models
  • Enforce routine and regular patches as you would any server or PC
  • Take advantage of any built-in management to properly secure for remote access

Hackers Target Music Lovers

Spotify user, beware: a phishing campaign is targeting you in the hopes of collecting your user credentials.

Bogus but well-crafted emails have been spotted, aimed at Spotify customers. The emails attempt to dupe users into clicking on a phishing link that would redirect them to a deceptive website. Once at the site, users were prompted to enter their username and password, which will be reported to the adversaries who have crafted the scheme.

This wouldn’t matter too much if users didn’t reuse their passwords on other online accounts.   Readers of this blog have been warned before never to reuse your password, but as we are gaining new readers each month, it makes sense to repeat this tip.

Also, when attackers have the passwords in plaintext, as it was captured in the above example, they are often able to discern key information about the user from their password.   While many people use common word and number combinations like ‘password123’, many people use their pets’ name. Seeing a password like Tigger90 might lead an attacker to guess the victim has a cat, and they were born in 1990.  Social Engineering is a powerful skill and one that can be leveraged to hack other accounts, even if the password wasn’t reused.

RECOMMENDATIONS:

  • Check the suspected email, and ensure the return address headers and other pertinent information are spelled correctly, and accurately point to the correct domain.  In the above example, the correct domain is ‘spotify.com’, and not something like ‘spotify.comz.ga’
  • Check any links in the email aren’t misdirecting you.  Hover over any URL and check the preview (usually shown at the bottom of the browser window) to ensure the target is the correct, as above.

  • If you aren’t certain, open a new window and go to the specific site by typing the URL or using your bookmarks. After you log in, check for new messages.

  • Make an effort to use a password manager. Password Managers store your login credentials securely and allow complex and long passwords to be used, which prevents any hacker from building a profile from you should the passwords become revealed.
  • Whether us you use Spotify or not, this method of attack can be aimed at any online service: social media, banking, or email.   These tips can protect all of your accounts from this kind of attack.

Malvertising Campaign Hits over 300 Million

A recent malvertising campaign that targeted iOS devices and hijacked over 300 million browser sessions in as little as 48 hours.

Researchers found that the campaign started around November 12 and that the malicious actor behind the campaign is still active to this day. The goal of the malvertising campaign is to inject malicious code into legitimate online ads and webpages. This allowed for a redirection to a malicious page when the ads are clicked by unsuspecting users. In the case of this recent campaign, it redirected users to adult content and gift card scams.

The malicious pages that users are redirected to attempt to further phish visitor data.  The attackers are hoping to commit further affiliate marketing fraud or steal personal identification data such as email, physical address, revenue information, purchase history, and more.

RECOMMENDATIONS:

  • Be vigilant when browsing webpages, if it sounds too good to be true it is most likely malicious in nature.
  • Use a browser extension that blocks advertisements on all websites, and whitelist or disable for known or regularly visited websites.

Phish Tale of the Week

Netizen captures many phishes each month, which we feature here. This week we have received several emails from users whose Dropbox and email accounts have been compromised, prompting the recipient to click on a file download titled “Business-plan.pdf”. This email was sent to everyone in the compromised accounts’ contact lists, along with the file linking to the official Dropbox website giving the phish a more valid appearance.

The best way to protect yourself from even relatively sophisticated phishing emails such as this is, especially when you get an email from a contact that you haven’t heard from in a long time, to make sure you contact the person asking for clarification on what this is and why it is being sent to you. If their emails are vague and urge you to just view the file, you should automatically be very suspicious and report this to your IT department.

RECOMMENDATIONS:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.


Netizen is an ISO 27001:2013 (Information Security Management) certified company.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s