CyberSecure Solutions Security Bulletin (August 7, 2019)

Overview

  • Phish Tale of the Week
  • Cyber Attacks on the Rise
  • US Utilities Have Become Targets
  • How Can Netizen/CyberSecure Solutions help? 

Phish Tale of the Week

For this week’s Phish Tale of the Week, we’re taking a look at the phishing email that was sent to our HQ office that claims to be a promotional advertisement for Costco Wholesale. The message was quickly flagged by our scanners and reported as a phishing attempt. 

Take a look below:

Some tell-tale signs that raise suspicions:

  1. The first sign shows a “From” email address that clearly does not belong to Costco. 
  2. There are numerous examples where there are grammar and spelling errors.  
  3. Another tell-tale sign shows us a lack of branding on the email and nothing referring to a Costco website. 


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Destructive Cyber-attacks are on the Rise, U.S. Utilities are Being Targeted by State-Sponsored Hackers

Destructive Cyber-attacks are on the Rise

In recent years, the amount of cyber attacks that have targeted state and local governments, municipalities, school districts and federal institutions has been steadily increasing. These attacks are usually carried out with the intent to cause severe damage and destruction to critical files and data, rendering the organization completely exposed. These attacks are categorized as Destructive Malware attacks. A new study by IBM’s X-Force Incident Response and Intelligence Services shows that these attacks have not only been on the rise, but are also being conducted by cyber-criminals and not exclusively by state-sponsored hackers (more on state-sponsored hacking later in the bulletin). The popularity of these attacks has been increasing in part due to the high paying ransoms that these affected companies are dishing out to resolve the issues and unlock their files from ransomware. 

By the numbers, these attacks have increased by nearly 200% percent, according to IBM’s study. The analysis paints a bleak picture that highlights just how destructive these attacks are. For one, these destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million). Even more, these attacks can take up to 500 hours to be remediated, given that the organization has an incident response plan (IRP) and an in-house Security Operations Center (SOC). For those victims that lack the resources, it can take much longer to get back up and running, often incurring extra costs to hire a third-party company to aid in the remediation. These attacks do not seem to be slowing down and organizations that fail to be prepared might find themselves the next victim. 

To read more about the IBM X-Force Study, click here.

U.S. Utilities Hit with Malware Attacks

You might have heard of the existence of nation-state hackers and their deployment by various countries looking to expose the secrets of other nations, often attacking business or state government organizations. Their activities are usually hidden and well-covered, often being part of a “hacker army”. Recent events like the suspected Russian hacking into U.S. Political elections have brought these hackers to light. Nation state hackers often operate without any consequences from their home country and usually have close links to the military, intelligence or state controlled apparatus of their country, and a high degree of technical expertise.

Recent attacks targeting U.S. utilities again seem to be the work of nation-state hackers looking to gain valuable data or information. These attacks were carried out via phishing emails and tricked employees of these organizations into clicking on an attached Word document that infected their computers with a remote access Trojan and command-and-control proxy. The RAT and proxy appear to originate with a nation-state actor rather than a financially motivated criminal organization. Researchers at ProofPoint found that the LookBack malware and many of the macros used in the campaign look very similar to tools used in a 2018 campaign against Japanese businesses. LookBack malware is a remote access Trojan written in C++ that relies on a proxy communication tool to relay data from the infected host to a command and control IP. Its capabilities include an enumeration of services; viewing of process, system, and file data; deleting files; executing commands; taking screenshots; moving and clicking the mouse; rebooting the machine and deleting itself from an infected host.

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

For more on nation-state hackers, click here. 
To read more about the attacks, click here.

How Can CyberSecure Solutions Help?

CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.


CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.