Netizen Cybersecurity Bulletin (December 27th, 2023)


  • Phish Tale of the Week
  • The Cyberattack on Ukraine’s Largest Mobile Network: Kyivstar
  • Teen Members of LAPSUS$ Gang Sentenced in UK for Hacking Spree
  • How can Netizen help?

Phish Tale of the Week

Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as LinkedIn, the social media platform, and informing you that action needs to be taken regarding your account. The message politely explains that someone else may have accessed our LinkedIn account, and that they’re notifying us so that we can take action. It seems both urgent and genuine, so why shouldn’t we visit the link they sent us? Luckily, there’s plenty of reasons that point to this being a scam.

Here’s how we can tell not to click on this phishing link:

  1. The first red flag in this message is the senders’ addresses. Always thoroughly inspect the sender’s address to ensure it’s from a trusted sender. In this case, the actors neglected to spoof their email address, and a simple look at the sender’s address makes it very apparent that the email is not from LinkedIn. In the future, review the sender’s address thoroughly to see if the email could be coming from a threat actor.
  2. The second warning signs in this email is the messaging. This message tries to create a sense of urgency by using different phrases like “require you to verify” and “To prevent us from blocking.” Phishing scams commonly attempt to create a sense of urgency in their emails in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the messaging of all emails in your inbox before clicking on a link in your email.
  3. The final warning sign for this email is the lack of legitimate LinkedIn information. Fortune 500 companies and similar organizations standardize all email communications with customers. Support links, addresses, acceptable use policies, and other information is always provided at the bottom of each email, along with options to unsubscribe or change messaging preferences. While this specific email includes a small footer at the bottom, a quick investigation proves that it’s just for show. This email lacks all of the parts of a credible LinkedIn email and can be immediately detected as a phishing attempt.

General Recommendations:

phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

  1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  2. Verify that the sender is actually from the company sending the message.
  3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  4. Do not give out personal or company information over the internet.
  5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this month’s Cybersecurity Brief:

The Cyberattack on Ukraine’s Largest Mobile Network: Kyivstar

The December cyberattack on Kyivstar, Ukraine’s largest mobile network, serving over 24 million people, marked a pivotal moment in the digital aspect of the ongoing Russia-Ukraine conflict. This event is more than a disruption of a commercial entity; it signifies the vulnerability of crucial digital infrastructures in areas of geopolitical tension. Kyivstar’s network, a crucial communication lifeline for millions, faced a complete shutdown that impacted both voice and data services nationwide, demonstrating the extensive reach and impact of modern cyber warfare.

This attack wasn’t an isolated event but rather part of a larger strategy of digital warfare tactics used in the conflict. The comprehensive nature of the shutdown underscores the critical role and reliance on mobile communication in contemporary society. The attribution of this cyberattack to Russian groups Killnet and Solntsepek, particularly with ties to the GRU’s Sandworm group, suggests a sophisticated, state-level approach to cyber warfare. These groups are known for their disruptive cyber activities, and their involvement in this incident points to a calculated effort to weaken Ukraine’s communication capabilities. The connection with the Sandworm group, known for its role in significant cyberattacks, raises serious concerns.

The consequences of the Kyivstar cyberattack are wide-ranging. For the Ukrainian military, which heavily depends on mobile networks for coordinating operations and intelligence, the disruption posed a severe threat to their defense capabilities. For civilians, the loss of mobile communication networks meant challenges in emergency response, information sharing, and maintaining general connectivity, adding to the hardships already faced during the conflict.

In response to this cyberattack, Kyivstar, under CEO Oleksandr Komarov, likely took swift action to restore its services and strengthen its cyber defenses. This incident has undoubtedly triggered both national and international conversations on the necessity of securing critical digital infrastructure, especially in regions facing conflict.

The Kyivstar cyberattack is emblematic of a significant shift in modern warfare, where digital attacks complement traditional military strategies. It underscores the imperative for nations and companies to invest in robust cybersecurity measures. As digital infrastructure becomes increasingly central to civilian life and military operations, ensuring its security is crucial for national security. This incident serves as a reminder of the evolving nature of conflict in the digital era and the need for heightened vigilance and preparedness in cybersecurity.

To read more about this article, click here.

Teen Members of LAPSUS$ Gang Sentenced in UK for Hacking Spree

On December 24, 2023, two British teenagers associated with the LAPSUS$ cybercrime and extortion gang were sentenced for their involvement in a series of high-profile attacks against various companies. The first teen, Arion Kurtaj, an 18-year-old from Oxford, received an indefinite hospital order. Kurtaj was still fixated on hacking and likely to reoffend, as noted by the judge during his sentencing.

The second member, a 17-year-old whose identity remains undisclosed due to legal protections for minors, was handed an 18-month Youth Rehabilitation Order. This includes a three-month intensive supervision and surveillance requirement. He was found guilty on multiple counts, including two counts of fraud, two under the Computer Misuse Act, and one of blackmail.

These individuals were initially arrested in January 2022 and subsequently re-arrested in March 2022. Notably, Kurtaj continued to engage in hacking activities even after being granted bail, leading to another arrest in September.

Their criminal activities spanned from August 2020 to September 2022, targeting notable organizations such as BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Revolut, Rockstar Games, Samsung, Ubisoft, Uber, and Vodafone. LAPSUS$, the group they were part of, includes members from the UK and Brazil, with a third member arrested in Brazil in October 2022.

The LAPSUS$ group is known for its use of SIM-swapping attacks and exploiting vulnerabilities in victim networks. They also publicized their operations and extorted their victims through a Telegram channel. The Cyber Safety Review Board of the U.S. Department of Homeland Security highlighted the group’s tactics in a report, noting the ease with which they breached corporate security systems, raising concerns about the effectiveness of existing cybersecurity measures against such threats.

These cases underline the growing concern over cybercrime committed by young individuals and the challenges in dealing with juvenile offenders in this sphere. The City of London Police emphasized the dangers of the online environment for young people and the serious consequences that can result from such criminal activities.

To read more about this article, click here.

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Copyright © Netizen Corporation. All Rights Reserved.