Overview:
- Phish Tale of the Week
- Microsoft’s Monday Outlook and Teams Outage Almost Fully Resolved
- CMMC 2.0 Program: Key Timeline for Defense Contractors
- How can Netizen help?
Phish Tale of the Week
Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this email, the actors are appearing as a the United States Postal Service. They’re sending us a text message, telling us that due to incomplete address information, our shipment is on hold, and that it’s imperative that we click the link below in order to fill our information out. It seems both urgent and genuine, so why shouldn’t we send it to them? Luckily, there’s plenty of reasons that point to this being a scam.
Here’s how we can tell not to fall for this phish:
- The first warning sign for this SMS is the context in which it was sent. When I recieved this SMS, I immediately knew not to click on the link due to the fact that I did not recently order anything that would be sent through a USPS package. On top of that, it’s very apparent that this message was blasted out to random numbers: the message doesn’t even include my name or attempt to provide any level of familiarity that would convince me to click on their fake link.
- The second warning signs in this email is the messaging. This message tries to create a sense of urgency in order to get you to click on their link. Phishing and smishing scams commonly attempt to create a sense of urgency/confusion in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link or other attachment sent through SMS.
- The final warning sign for this email is the wording. The grammar is strange and unprofessional, if the actual USPS needed to send you a message they would not include the sentence “The USPS team appreciates your attention,” or anything else with poor sounding English. The final message that should clue you in that the message is a phish is the ending of the text, “Have a pleasant life.” This is a very poor way to get someone to click on your link. All of these different signs point directly to this being a smishing text.
General Recommendations:
A phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages.
- Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
- Verify that the sender is actually from the company sending the message.
- Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
- Do not give out personal or company information over the internet.
- Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.
Cybersecurity Brief
In this month’s Cybersecurity Brief:
Microsoft’s Monday Outlook and Teams Outage Almost Fully Resolved
Microsoft has reported significant progress in restoring its Outlook and Teams services after a major outage on Monday, November 25, 2024. By late Monday evening, the company confirmed that the majority of its services had been restored, with full recovery expected by Tuesday. The issue primarily affected Microsoft 365 users, causing disruptions to email communications and team collaborations across various industries.
At the peak of the outage, over 5,000 user-reported issues were logged on Downdetector, indicating widespread impact, although the actual scale of the problem was likely larger. Microsoft clarified in a statement on X (formerly Twitter) that “all impacted services except Outlook on the web have been restored.” While most systems were back online, a small subset of users were still experiencing issues accessing Outlook via the web, and Microsoft was actively monitoring and troubleshooting these remaining problems.
Microsoft’s response included deploying a fix that reached about 98% of affected environments by noon on Monday, although the recovery process was slower than anticipated for some users. By 7:30 p.m. ET, the company had forecasted that service would be fully restored in three hours, but some delays persisted into the evening.
This disruption, though significant, pales in comparison to other high-profile tech outages this year. For example, the summer 2024 CrowdStrike software issue, which affected global operations, is considered one of the largest IT outages in history, resulting in major losses for Fortune 500 companies and disrupting air travel and hospitals worldwide.
Despite the inconvenience, some users in the U.S. took to social media to express a mix of frustration and humor, with a few even welcoming the unplanned break before the Thanksgiving holiday. As of now, Microsoft continues to monitor the situation, with the expectation that all services will be fully operational by the following day.
To read more about this article, click here.
Hackers Exploit Godot Game Engine to Infect Thousands of PCs
Cybersecurity researchers have uncovered a malicious campaign leveraging the popular Godot game engine to distribute malware to over 17,000 devices in just three months. According to a report from Check Point Research, attackers have used a custom malware loader dubbed “GodLoader” to exploit Godot’s scripting capabilities, deploying harmful payloads undetected by antivirus solutions.
The campaign’s primary targets include gamers and developers across multiple platforms such as Windows, macOS, and Linux. Threat actors are taking advantage of Godot’s flexible GDScript scripting language and its .pck file format, which is typically used for game assets, to embed malicious scripts that evade detection. Once these files are executed, they enable attackers to deliver additional malware, such as the XMRig cryptocurrency miner, or to steal sensitive user credentials.
The malware was distributed via the Stargazers Ghost Network, a sophisticated malware Distribution-as-a-Service (DaaS) platform that abuses GitHub repositories. Between September and October 2024, attackers used over 200 repositories and 225 accounts to propagate infected files, relying on GitHub’s popularity and trustworthiness to disguise their malicious payloads as legitimate resources.
Victims were tricked into downloading infected tools or games, often from repositories that appeared genuine. While Check Point primarily identified Windows samples, researchers demonstrated how the malware could easily be adapted to other systems such as macOS and Linux.
The malicious campaign recorded over 200,000 visits to configuration files hosting XMRig malware settings, suggesting the extensive scale of operations. The Stargazer Goblin group, responsible for managing the Stargazers Ghost Network, has reportedly earned over $100,000 since its inception in mid-2022. They also use GitHub “ghost accounts” to manipulate the platform’s trending algorithms, further legitimizing their malicious repositories.
Godot itself is not inherently insecure. Rémi Verschelde, a Godot maintainer and security team member, clarified:
“The vulnerability is not specific to Godot. It is possible to write malicious programs in any programming language. We encourage people to only execute software from trusted sources.”
Verschelde further emphasized that Godot does not register file handlers for .pck files, meaning malicious actors must ship the Godot runtime alongside these files. This requirement adds a layer of complexity for attackers, although it doesn’t mitigate the risk entirely.
To mitigate such risks, experts recommend only downloading software and tools from verified sources and staying vigilant about suspicious downloads. Developers using platforms like Godot should integrate robust security practices into their workflows, including regular scans for malicious components and updates to mitigate vulnerabilities.
To read more about this article, click here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
