CyberSecure Solutions Security Bulletin (September 4, 2019)

Overview

  • Phish Tale of the Week
  • Google Discovers Mass iPhone Hacking
  • Hacking Group Targets WordPress Vulnerabilities
  • How Can Netizen/CyberSecure Solutions help? 

Phish Tale of the Week

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate source such as a company or a doctor’s office and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information or an attachment that downloads malware onto your system. The website is usually an elaborate duplicate of a trusted website designed to collect any information you provide and send it to the malicious actors behind the scam. Phishing attempts usually carry a sense of urgency and the message attempts to persuade the victim to act quickly without rational decisions. The following is an example of a phishing email that was received in our office.

Take a look below:

The phishing email claims to be an outstanding invoice that is due to be paid by the company. However, there are some suspicious factors that show the email to be fake and possibly a phishing attempt.

Some tell-tale signs that raise suspicions:

  1. The phishing email comes from a suspicious address that was not recognized by the recipient.
  2. Authentic automated emails do not typically have grammar and spelling issues.
  3. The recipient’s name was not addressed by the sender, seeming unprofessional. 
  4. The link seems very suspicious and attempts to download a file onto the target’s device once clicked. The file is almost certainly containing malicious code.


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Google Discovers Mass iPhone Hacking Attacks, Hacking Group Targets Vulnerable WordPress Plugins

Google Discovers Mass iPhone Hacking

Google recently discovered hackers have been compromising websites with exploits aimed at iPhone users for approximately three years. The exploits place a monitoring implant on iPhones that don’t require user interaction upon visiting a compromised site. “There was no target discrimination;” Ian Beer, a researcher with Google’s Project Zero said “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.” Researchers identified 14 vulnerabilities that impact iOS 10 through iOS 12.

The implant steals files and uploads real-time location information and can access photos, contacts, GPS data, credentials, certificates, access tokens, and unencrypted messages. Once a compromised phone is rebooted, however, the implant won’t run again until the device is re-exploited through visiting a compromised site. That said, things could still get a bit tricky once a phone is implanted as Beer notes, “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.” Once your data has been compromised, it about mitigating any potential damages.

General Recommendations: To avoid future incidents, update your devices frequently, be careful of opening messages from people you don’t know, and be sure to closely monitor your accounts after any data breach.

To read more about the hack, click here.

Hacker Group Exploits WordPress Plugins

A hacker group is exploiting vulnerabilities in more than 10 WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The hacking group exploited the vulnerabilities in older plugins used in WordPress to create a backdoor on the vulnerable sites. The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. The purpose of the code was to show popup ads or to redirect incoming traffic to other websites. However, the hacking group began shifting its focus onto WordPress Users and Site Admins. The malicious code was altered to begin testing new website visitors for administrative privileges. Basically, the malicious code waited for site owners to access their websites and used their access to create a new user account with the admin account named wpservices, using the email address of wpservices@yandex.com, and password of w0rdpr3ss.

These attacks are targeting older vulnerabilities in the following plugins:

  • Bold Page Builder
  • Blog Designer
  • Live Chat with Facebook Messenger
  • Yuzo Related Posts
  • Visual CSS Style Editor
  • WP Live Chat Support
  • Form Lightbox
  • Hybrid Composer
  • All former NicDark plugins (nd-booking, nd-travel, nd-learning, et. al.)

General Recommendations: Site administrators are advised to update their website plugins and patch all security updates if they are using one of the previously mentioned plugins. Additionally, check the Admin usernames registered on their sites and removing any usernames that are not authorized by your organization.

To read more about the attack, click here.

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

How Can CyberSecure Solutions Help?

CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “Virtual CISO service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.


CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.