CyberSecure Solutions Security Bulletin (August 21, 2019)

Overview

  • Phish Tale of the Week
  • 23 Towns Across Texas Hit by Ransomware Attack
  • European Central Bank Suffers Data Breach
  • How Can Netizen/CyberSecure Solutions help? 

Phish Tale of the Week

Phishing attempts are often carried out with the purpose of tricking the target into downloading or accidentally running a malicious script on their devices. This example of a phishing attempt that was received in our office poses as a voice-message with a high importance tag. The urgent message, coupled with obscure details, can appeal to the victim’s curiosity and cause them to click on the infected link. 

Take a look below:

Some tell-tale signs that raise suspicions:

  1. The phishing email comes from a suspicious address that was not recognized by the recipient.
  2. The recipient’s name was not addressed by the sender, seeming unprofessional.  
  3. Authentic automated emails do not typically have grammar and spelling issues.
  4. The link seems very suspicious and attempts to download a file onto the target’s device once clicked. The file is almost certainly containing malicious code.


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Towns Across Texas Targeted in ‘Coordinated’ Ransomware Attack, European Central Bank Suffers Data Breach

Texas Municipalities Targeted in ‘Coordinated’ Ransomware Attack

Texas State Capitol building in Austin, Texas. This week, state officials confirmed that 23 municipalities have been infiltrated and ransom demanded.

Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 23 municipalities have been infiltrated by hackers demanding a ransom. The Texas Department of Information Resources (DIR) issued a statewide alert on Aug. 16 warning towns and cities across the state about the attack campaign. “The attack hit Friday morning and appears to be the work of a single threat actor,” the DIR said in a statement on Aug. 17. Later that day, Texas government officials activated a multi-organizational task force, including the Department of Information Resources (DIR), the Texas A&M University System’s Security Operations Center (SOC), the Texas Department of Public Safety, and emergency and military responders. The response to the attack was deliberate and required immediate action due to the nature of the attack, which seems to have been a rare coordinated attack on a government entity. 

The hacker seems to have been able to infiltrate the network environment of these municipalities through a coordinated phishing email attack sent to the employees of these entities. The coordinated attack against Texas’ local governments represents, arguably, the most brazen ransomware operation to date. While ransomware attacks are becoming more targeted, a single coordinated attack against a state is rare. Sometimes, local governments see no other option to restoring their crippled networks than paying the ransom demanded by hackers. In Lake City, Fla., a town of about 12,000 residents, officials paid $460,000 in the form of bitcoin, the preferred payment method among cyber attackers. State authorities have not yet disclosed where exactly the attacks were based or how many computers have been swept up in the breach, meaning it is not yet known what services or data might have been compromised.

To read more about the attack, click here.

European Central Bank Suffers Data Breach

The European Central Bank (ECB) has confirmed that it has suffered a breach that involved attackers injecting malware and led to a potential loss of data. The website for the Banks’ Integrated Reporting Dictionary provides information to those preparing regulatory and statistical reports. BIRD began in 2015 and was a joint project by the Eurosystem of eurozone central banks and the banking industry. In a statement published August 15, the ECB confirmed that “unauthorized parties” had succeeded in breaching the security of its Banks’ Integrated Reporting Dictionary (BIRD) website. The site, hosted by an external provider, appears to have been attacked in December 2018, according to a Reuters report. The breach was discovered months later as routine maintenance work was being undertaken.  Information that could have been stolen in the potential breach includes email addresses, names, and titles. It is important to note, however, that the affected site was isolated from the ECB’s internal systems, which minimizes the threat to only the BIRD site.

In an official statement, the ECB said they are contacting people whose data may have been affected. Central banks from Malaysia to Ecuador have been targeted by hackers in recent years. One of the world’s biggest ever cyber heists took place in 2016 when fraudsters stole $81 million from the central bank of Bangladesh’s account at the New York Fed using fraudulent orders on the SWIFT payments system. For months, the hackers had been lying undetected on the European Central Bank’s BIRD website and could have gone undetected for even longer. Without the proper threat detection measures, the damage done could have been much worse. 

To read more about the attack, click here.

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

How Can CyberSecure Solutions Help?

CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.


CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.