Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen Cybersecurity Bulletin (August 29th, 2024)

Posted on 29 Aug 2024 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Overview:

  • Phish Tale of the Week
  • Chinese APT Group Volt Typhoon Exploits Critical Versa Director Vulnerability
  • NPD Breach Exposes Nearly 3 Billion: What You Need to Know
  • How can Netizen help?

Phish Tale of the Week

Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this SMS, the actors are appearing as an undisclosed company, offering remote jobs. The message tells us that a company is looking for multiple partners to join their team, and offers us the opportunity to contact them further for information on a remote job. It seems both urgent and genuine, so why shouldn’t we visit the link they sent us? Luckily, there’s plenty of reasons that point to this being a scam.

Here’s how we can tell not to click on this link:

  1. The first warning sign for this SMS is the context in which it was sent. When I recieved this SMS, I immediately knew not to click on the link due to the fact that I did not recently inquire anywhere about any remote work; Real companies looking to recruit qualified employees would not reach out to numbers in this way. On top of that, it’s very apparent that this message was blasted out to random numbers: the message doesn’t even include my name or attempt to provide any level of familiarity that would convince me to click on their fake WhatsApp link.
  2. The second warning signs in this email is the messaging. This message tries to create a sense of opportunity and urgency in order to get you to take action by using language such as “All you need is a computer to start working” and “If you are interested: please contact.” Phishing and smishing scams commonly attempt to create a sense of urgency/confusion in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link or other attachment sent through SMS.
  3. The final warning sign for this email is the wording. The grammar is strange and unprofessional, a real job offer or recruiter would not begin their email with “I’m Lauren and we’re currently looking for multiple partners to join our team,” without specifying where they work, or what the job entails. Additionally, the formatting of the word “WhatsApp” is incorrect, with dashes strewn throughout the messaging app’s name. All of these factors point to the above being a smishing text, and a very unsophisticated one at that.


General Recommendations:

phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

  1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  2. Verify that the sender is actually from the company sending the message.
  3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  4. Do not give out personal or company information over the internet.
  5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this month’s Cybersecurity Brief:

Chinese APT Group Volt Typhoon Exploits Critical Versa Director Vulnerability

A serious vulnerability in Versa Director, identified as CVE-2024-39717, has been exploited by the Chinese advanced persistent threat (APT) group Volt Typhoon. This zero-day flaw, uncovered recently, has far-reaching consequences for organizations using Versa Director to manage their SD-WAN environments.

Versa Director is a key tool for managing network configurations in SD-WAN setups. The vulnerability affects its user interface customization feature, particularly the option to change the favicon. This feature, which lets users with high-level roles like Provider-Data-Center-Admin or Provider-Data-Center-System-Admin adjust the platform’s appearance, also permits the upload of files with a .png extension. Unfortunately, this extension can be easily exploited to hide malicious payloads as seemingly benign image files.

The core issue is that the platform does not rigorously validate these file uploads. As a result, authenticated users with administrative privileges can upload files that contain malware or backdoors. Once inside, attackers can leverage this access to infiltrate downstream networks, steal credentials, and carry out further malicious operations.

Given its potential impact, this vulnerability has been rated highly severe. CVE-2024-39717 carries a CVSS v2 base score of 8.3 and a CVSS v3 base score of 7.2, reflecting the substantial risk of data breaches and unauthorized access it poses.

Volt Typhoon, a state-sponsored hacking group from China, has taken advantage of this flaw to breach and compromise networks. Their campaign, which began in early June 2024, has primarily targeted Internet Service Providers (ISPs) and Managed Service Providers (MSPs). The group has used this exploit to deploy custom web shells and extract sensitive credentials, affecting several organizations within the ISP, MSP, and IT sectors.

Organizations using Versa Director should act quickly to address this vulnerability by updating to version 22.1.4 or later. It’s also crucial to review and strengthen security configurations and remain vigilant for any signs of compromise. By applying these updates and practices, organizations can reduce the risk of exploitation and safeguard their networks against ongoing threats.

To read more about this article, click here.

NPD Breach Exposes Nearly 3 Billion: What You Need to Know

In what’s shaping up to be one of the most staggering data breaches in history, nearly three billion people have had their personal information exposed. The breach targeted National Public Data (NPD), a background checking service run under the name Jerico Pictures. The breach became widely known after a class-action lawsuit surfaced in early August, raising serious concerns about the sheer scale of the incident.

The lawsuit claims that this massive breach happened during a cyberattack back in April, compromising the personal data of nearly three billion people. NPD and Jerico Pictures initially kept quiet, not confirming any details of the attack. However, by the end of August, NPD finally broke their silence, admitting on their website that a third party had gained unauthorized access to their data systems as early as December 2023. The data then leaked out between April and over the summer.

Before this breach, Yahoo’s 2013 incident held the record as the largest, affecting all 3 billion of its user accounts. That attack exposed things like names, email addresses, phone numbers, and birthdates, though luckily it didn’t include financial information. The NPD breach, however, is a different story. This time, far more sensitive information was leaked—Social Security numbers, mailing addresses, and other personal details.

NPD, which is based in Coral Springs, Florida, and owned by Jerico Pictures, specializes in gathering background information by scraping data from non-public sources. What makes this breach especially troubling is that many of those affected likely didn’t even realize NPD had their personal data in the first place.

The information that was leaked included names, email addresses, phone numbers, Social Security numbers, and physical addresses—basically everything a criminal would need to cause serious damage.

The breach came to the public’s attention after a lawsuit was filed accusing NPD of negligence and violating their duty to protect the data. The lead plaintiff, Christopher Hofmann, says he first found out about the breach on July 24, 2024, when his identity theft protection service alerted him that his personal information had popped up on the Dark Web as part of the “nationalpublicdata.com” breach.

According to the lawsuit, back on April 8, 2024, a criminal organization called “USDoD” posted a database titled “National Public Data” on a hacker forum named “Breached.” This database supposedly contained the personal details of nearly 2.9 billion people and was being sold for a jaw-dropping $3.5 million.

NPD’s breach notification has urged those affected to keep a close eye on their financial accounts. They’ve recommended obtaining free credit reports from Equifax, Experian, and TransUnion. Additionally, cybersecurity company Pentester has set up a tool at npd.pentester.com that allows individuals to check if their data was part of the breach. By entering your name and birth year, you can see a list of breached accounts and even the last four digits of the exposed Social Security numbers.

While it’s impossible to undo the breach, there are steps you can take to reduce your vulnerability to identity theft. Many people are turning to identity theft protection services, which offer account monitoring and restoration support. Though these services can’t prevent breaches from happening, they can be invaluable in helping you respond quickly if your information is misused.

Netizen recommends these key steps to safeguard your information:

  • Sign up for credit monitoring that works around the clock.
  • Turn on two-factor authentication for your online accounts.
  • Be wary of unsolicited requests for personal information.
  • Regularly check your bank statements for suspicious activity.
  • Use a PIN when verifying debit card purchases.
  • Consider placing a fraud alert on your credit file, which alerts creditors to confirm your identity before approving new accounts.

For further details on this breach, Netizen’s Monday Security Brief from August 12th covers it more extensively.

Another option is to freeze your credit. This step can prevent third parties from accessing your credit report, adding another layer of protection. It does require you to use a PIN for any changes to your credit status, but it can be a valuable tool, especially after a breach of this size.

While we can’t always control how third-party companies manage our personal data, we can take proactive steps to protect ourselves from the consequences of their mishandling.

To read more about this article, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.