Netizen Cybersecurity Bulletin (12 June 2019)

Overview

  • Phish Tale of the Week
  • Microsoft Urges Users to Patch BlueKeep Security Flaw
  • U.S. Customs and Border Protection Data Breach
  • How Can Netizen Help?

Phish Tale of the Week

Malicious actors are constantly finding new ways to target a big payday. In the newest trend, these cyber criminals are using secured websites to run their own phishing campaigns. 

The criminals are relying on people’s trust in landing pages that contain “HTTPS” in the URL and TLS secured sites. After a phishing email is sent and the victim clicks forward onto the link, they will see a secured certificate on the site, but it’s all a ruse. In reality, the landing pages are only secured to play on the trust of victims and will capture any login credentials or information that a victim submits. This tactic was used in phishing campaigns such as the one that imitated Netflix’s log-in page to harvest login credentials. 

Take a look below:

  1. While the login page seems very convincing and is almost too good to set apart from the real login page, notice the strange website URL that says “GroupNetflix”.   
  2. Notice the extra space between the “Sign Up Now” button and the period. 


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Microsoft Urges Businesses to Patch “BlueKeep” Flaw, Hackers Steal Border Agency Traveler Photos

Microsoft Urges Businesses to Patch “BlueKeep” Flaw 

Microsoft’s Security Response Team (MSRC) is warning organizations to patch BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability it patched earlier this month. The flaw affects older versions of Windows and is found in Remote Desktop Services (RDS). The flaw requires no user interaction, a feature that can be a cause for concern if future malware is developed to exploit the bug and spread the malware across other vulnerable machines. Initially, when the patch was released on May 14, Microsoft had not seen the BlueKeep bug exploited in the wild. However, Microsoft acknowledged that it is “highly likely” that this bug can be exploited by malicious actors and cybercriminals. Now, Microsoft says they are “confident” that an exploit exists for this vulnerability and more than one million internet-connected machines remain vulnerable to BlueKeep.

In Microsoft’s official blog, the MSRC stated “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. The scenario is even more dangerous for those who neglected to update internal systems, they continue, as future malware could try to exploit vulnerabilities that have already been patched.” The vulnerable systems are the ones still running Windows XP, Windows 7, Server 2008 and Server 2008 R2. Microsoft continues to urge users to update their systems to ensure the latest patches and security features are installed and enabled on their machines out of fear of a repeat of the 2017 ransomware attack known as WannaCry.

Security Researchers at Kenna Security are monitoring for any activity involving the BlueKeep bug and can confirm that there have already been attempts to reverse the patch and build an exploit by cybercriminals. The research group also estimates that there are still a significant amount of organizations that can be vulnerable to this attack, especially ones still using Windows 7 and Server 2008. One possible scenario in which cybercriminals can carry out an attack is exploiting BlueKeep by connecting to a target system via Remote Desktop Protocol RDP and sending specially crafted requests. If successful, criminals could execute code on a target system. Even if Windows 7 and Server 2008 are not exposed to the Internet, they’re susceptible to exploitation via a multi-pronged attack.
Microsoft has released a patch for the vulnerability. If your business or organization operates a system running one of the listed vulnerable operating systems, Microsoft highly recommends that you update your systems to ensure the patch is installed.

To read more about the BlueKeep bug, click here.

 

Hackers Steal Border Agency Database of Traveler Photos

The U.S. Customs and Border Protection (CBP) agency revealed that one of its subcontractors has been breached and a database containing images of travelers and license plates was stolen. The Customs and Border Protection agency declined to reveal the breached subcontractor but there is mounting evidence that Tennessee-based company Perceptics is the victim. The company develops and produces license plate readers that are used by the CBP. The subcontractor was breached because it had stored license plate images and traveler’s images on its own network, without the knowledge of CBP. The agency has declined to reveal how many people have been affected or the size of the data breach, which can mean that it is larger than expected. 

Surprisingly, this is not the first time that Perceptics has been involved in a data leak. An incident in May involved one hacker dumping hundreds of gigabytes of data stolen from Perceptics on the dark web. It is unknown if the two incidents are somehow connected but the Customs and Border Patrol agency insists that it had no knowledge to Perceptics data transfer. What’s more worrying, however, is that the CBP allowed a third party to access sensitive data without its knowledge and did not ensure that its subcontractors had the appropriate security measures in place. 

The agency outlined its security standards in an official statement, saying “CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures. CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same.”

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

To read the original article, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.