slider

Netizen Cybersecurity Bulletin (September 30th, 2022)

Overview:

  • Phish Tale of the Week
  • U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill
  • American Airlines Breached in Cyber Incident
  • How can Netizen help?

Phish Tale of the Week

Phishing attempts can often target specific groups that can be exploited by malicious actors and come in many different forms. In this instance, we see not a phishing scam, but a SMSishing scam targeting two different groups. One text appears to be a notification that we have new funds available in our account, while the other is asking us to confirm whether or not we sent $569.89 to a person using Zelle. Both of these scams rely on similar principles to get a response out of their target.

Here’s how we know not to click on either of these links:

  1. The first red flags in these texts are the senders’ addresses. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In this case, neither message comes from a number or address we are familiar with and have in our contacts. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
  2. The second warning signs in these texts are the messaging. Each text tries to elicit a response by using urgent financial information as the key. One instance refers to new funds being made available to our account, the other a notification that we may have sent money to a random person. SMSishing scams commonly use words and tactics similar to phishing scams to elicit an immediate response from their targets. Always be sure to thoroughly inspect the messaging of all emails in your inbox.
  3. The final warning sign for these texts are the malicious links and attachments on each message. The first message contains both an attachment and link that we can’t verify are safe to open, while the second text offers us two different numbers to call/text to remedy this issue. Always be on the lookout for suspicious attachments, links, and numbers scammers may look to trick you with.


General Recommendations:

A phishing email and smsishing scam will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  • Do not give out personal or company information over the internet.
  • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this week’s Cybersecurity Brief:

U.S Congressmen Introduce New Changes to Include Cryptocurenecy in 2015 Bill

United States Senators Marsha Blackburn and Cynthia Lummis have introduced changes to the Cybersecurity Information Sharing Act of 2015 bill that would permit  “voluntary information sharing of cyber threat indicators among cryptocurrency companies.” This change would directly tie in one of the most unregulated industries with the federal government allowing never before seen levels of oversight in cryptocurrencies. Crypto firms would now be able to report breaches, cyber incidents, and other suspicious activity to U.S government branches like CISA for immediate assistance in remediating these issues.

Senator Blackburn had this to add regarding her proposed changes “Some bad actors have used cryptocurrency as a way to hide their illegal practices and avoid accountability,” leading many to believe these changes will also shine a light on cryptocurrency being used in cyber-crimes. “The Cryptocurrency Cybersecurity Information Sharing Act will update existing regulations to address this misuse directly. It will provide a voluntary mechanism for crypto companies to report bad actors and protect cryptocurrency from dangerous practices.” Allowing crypto firms to report bad actors to government authorities directly will immediately throw a wrench into the plans of extortionists worldwide.

Many criminals hailed cryptocurrency as the preferred monetary demand in most hacks/breaches. The anonymity that cryptocurrencies provide is perfect for ransomware groups who look to cover their tracks while they remain on the run. This proposed change would remove one of the principles cryptocurrencies were developed for and signal a complete shift in untraceable payments. Law enforcement agencies would work hand in hand with crypto firms to hunt down cyber criminals as they transfer or withdraw ransoms from their accounts.

Lummis and Blackburn both noted the rampant unregulated nature that cryptocurrency firms have operated within for the past few years as a critical reason for these changes. Having a dialogue around information-sharing practices between crypto firms and government agencies may further legitimize crypto as a payment method moving forward. However, cryptocurrencies were founded with security and anonymity in mind. How will this change impact the public perception of crypto if the founders of these payments are so quick to cooperate with law enforcement agencies?

To read more about this article, click here.

American Airlines Breached in Cyber Incident

American Airlines is sounding the alarms for a handful of its customers to a data breach, where an “unauthorized threat actor” accessed names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers, and even medical information by compromising an employee’s email addresses. According to American, the airline uncovered the breach in July and immediately retained the services of a third-party cybersecurity firm to assist with the triage from the incident. However, American Airlines disclosing this breach in September has left many patrons wondering why it took so long to raise the alarm.

American spokesman Curtis Blessing had this to add when questioned about the incident “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.”

Many in the information security community have questioned if American is downplaying this breach. Reports from inside the airline show that the threat actor was able to compromise the O365 accounts of numerous American employees and remained undetected for a period. During this time, they sent out multiple phishing emails posing as a legitimate representative of American Airlines and gained access to countless sensitive files within American’s SharePoint server.

American was quick to downplay the incident with  Andrea Koos, Senior Manager for Corporate Communications at American Airlines, stating that a “very small number” of customers were affected by this breach. However, in a regulatory filing with the Office of the Attorney General of Maine, American claimed the breach impacted 1,708 customers and employees. To remedy this breach, American has offered all affected parties a two-year subscription to Experian’s IdentityWorks identity fraud protection suite. This breach follows a different cyber incident that occurred in March 2021 against SITA, a global air information firm where hackers breached the servers and gained access to Passenger Service System (PSS) used by multiple airlines, including American.

For more information, check out the rest of the article here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Copyright © Netizen Corporation. All Rights Reserved.