Providing our members with a weekly insight into the threats and malicious activity directly targeting New Jersey networks.
Scammers Create Spoofed Technical Support Site
The NJCCIC recently detected a spoofed technical support webpage on a popular NJ website containing a fake toll-free number and links. Calling this toll-free number will likely connect the user to a scammer posing as a technical support representative. Clicking on the links will likely connect the user to a fraudulent technical support site meant to deceive the user into providing personal or financial information. This action could potentially download malware or remote access software onto the user's system. The spoofed webpage also contained incomplete sentences and grammatical errors. The NJCCIC recommends users refrain from clicking on unsolicited links and to instead navigate directly to official company websites when searching for technical support contact information. We encourage victims to report incidents to their local police departments and to the NJCCIC via the Cyber Incident Report form.
Announcements
Cyber Symposium
Date: Wednesday, March 20, 2019| Time: 8:30 a.m.
Location: The Event Center at iPlay America, Freehold, New Jersey
Audience: Public sector organizations including state, county and
municipal governments and authorities, K-12 and higher-education
Over the past year, the NJCCIC received numerous reports of cyber incidents, many ransomware, that significantly impacted municipal and county government organizations here in NJ, resulting in millions in ransoms being paid out and major operations disruptions. Oftentimes, poor cyber hygiene was what allowed the threat actors to succeed. We will provide attendees with practical strategies, tactics, resources, and tools to help manage cyber risk in their respective organizations.
Girls Go Cyberstart Cybersecurity Competition
Governor Philip D. Murphy and the NJCCIC encourage young women in New Jersey’s high schools to take advantage of an opportunity to explore their aptitude for cybersecurity and computer science by trying to solve the challenges of the 2019 Girls Go CyberStart program. Previous knowledge and experience in information technology or cybersecurity are not needed to participate. A computer and internet connection are the only requirements to take part in this program, which comes at no cost for schools and students. Students use the CyberStart Game, an online series of challenges that allows students to act as cyber protection agents to solve cybersecurity-related puzzles and explore exciting, relevant topics such as cryptography and digital forensics.
Open to female high school students, the Girls Go CyberStart initiative encourages participants to explore their interests in cyber studies, learn core cybersecurity skills, and build confidence in problem solving. Students will also have the opportunity to win cash prizes for themselves and their schools, and at least 10 New Jersey high school girls will receive $500 scholarships to help pay for college.In 2018, 453 girls in 44 schools throughout New Jersey participated in Girls Go CyberStart, and the goal for 2019 is to triple those numbers.
Registration and complete details for the Girls Go Cyberstart competition may be found at www.girlsgocyberstart.org. As of March 11, New Jersey was ranked 6th for the number of high school students preregistered.
Threat Alert
Facebook Phishing Campaign Targets iOS Users
Image Source: Myki
Researchers from Myki discovered a new iOS phishing campaign, which directs users to a spoofed website to log in using their Facebook credentials. After entering their credentials, the user is alerted that their account has been compromised and the session has effectively ended; however, the legitimate credentials are still sent to the threat actor. Myki indicated that the attack is poorly constructed with several flaws in process and design. Myki recommends users to be attentive to slight slight differences in the website and tab switching. The NJCCIC recommends verifying that a URL is valid and HTTPS is enabled, checking for fraudulent websites, and enabling multi-factor authentication where available. Myki provides a demo and more information about this phishing campaign here.
Vulnerability Advisories
Security Gaps in Medical Equipment
Image Source: Check Point Software Technologies LTD
According to Check Point experts, the Internet of Medical Things (IoMT) is expected to increase the number of smart devices used in healthcare organizations. The study expects 87 percent of healthcare institutions to use IoT technologies by the end of 2019, and nearly 650 million IoMT devices in use by 2020; however, it underscores the danger of what could happen if these devices are poorly secured. Check Point used an ultrasound device as a case study, finding that it was running on an extremely outdated Windows 2000 program and no longer receiving updates or patches. Threat actors could potentially exploit these vulnerabilities, use records to access personally identifiable information (PII), and target healthcare organizations for attacks such as ransomware. The NJCCIC recommends users ensure software, patches, and anti-virus/anti-malware are up-to-date. More information about the Check Point study can be found in their blog post and Dark Reading’s blog post.
Vulnerability Found On Windows Servers via WDS
Image Source: HelpNet Security
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. Twelve vulnerabilities were identified in November 2018 when Microsoft supplied 62 patches. However, some servers have not been upgraded and are still open to attack. This vulnerability affects how Windows Deployment Services (WDS) Trivial File Transfer Protocol (TFTP) Server handles objects in memory, which is widely accessible to anyone connected via LAN port, and therefore, allows threat actors to take over a system and other services such as DNS and Active Directory. The NJCCIC strongly advises all Microsoft users operating WDS to patch systems as updates become available. HelpNet Security provides more details on the Windows Servers vulnerability and updates here.
Hidden Third-Party Tags Could Be Leaving
Fortune 100 Companies At Risk
Image Source: HelpNet Security
A study done by Crownpeak found hidden third-party tags on multiple Fortune 100 companies. While these tags are not intended to be malicious, they create a vulnerability which can be exploited. Personal data can potentially be accessed without consent, causing security issues and violating privacy laws. The third-party tags can also cause a latency of up to 11.1 seconds in site performance, affecting user experience. Chief Strategy and Product Officer at Crownpeak, Darren Guarnaccia, suggests, “Businesses need to ensure they have intelligent systems in place to assist them in gaining a holistic view of the tags operating on their website and allow the control of such tags.” The NJCCIC recommends that businesses review the General Data Protection Regulation (GDPR), and discuss third-party tags with their data protection or information security officer. HelpNet Security provides more information here.
Breach Notification
Citrix
Citrix was contacted by the FBI recently about an internal network breach involving business documents potentially exposing customer data. The Iranian-linked group, IRIDIUM, has attacked more than 200 government agencies, oil and gas firms, and technology companies in the past. This targeted network intrusion, allegedly by the same group, was planned and organized with a likely used tactic of password spraying, which is a technique of exploiting weak passwords for a large number of accounts and ultimately bypassing additional layers of security. As this breach is still under investigation, the specific documents are currently unknown and there is no indication of compromise to Citrix products and services at the time of this writing. The NJCCIC recommends using strong and unique passwords, using multi-factor authentication where available, and monitoring accounts and systems. We also encourage users to review Cybersecurity Best Practices here for more information on how to keep their accounts and data safe. More information about the Citrix breach can be found in their blog post here and Forbes’ blog post here.
Threat Profiles
Android: No new or updated variants added. Botnet: No new or updated botnets were added. Cryptocurrency-Mining: No new or updatedvariants were added. Exploit Kit: No new or updated exploit kits were added. Industrial Control Systems: No new or updated variants were added. iOS: No new or updated variants were added. macOS: No new or updated variants were added. Point-of-Sale: No new or updated variants were added. Ransomware: No new or updated variants were added. Trojan: No new or updated variants were added.
FTC Says Taxpayer Voice Phishing Scams Are Up Nearly 20x Comment: The Federal Trade Commission (FTC) reported the total losses for 2018 rose to $16.6 million, a 20x increase from a $210,000 loss reported in 2017. The scammers use fear tactics such as expressing that a potential victim’s bank accounts and assets will be seized, or that they may be arrested. Vishing (or voice phishing) calls may be reported to the FTC here. Possible SSN compromises and more information about identity theft can be found here.
The Impact of Spear Phishing on Organizations and How to Combat This Growing Threat Comment: Spear phishing attacks target specific users within mostly financial departments of organizations to execute transactions or provide data to the threat actors. Threat actors trick the users with a sense of urgency and make it look like the email or request has come from higher level management. Users can take preventive measures to combat these attacks and avoid financial loss through email security, awareness training and education, and stronger authentication and authorization processes such as multi-factor authentication and multi-party approval.
Zombie Email Rises From Grave After Eight Years Of Radio Silence Comment: What happens to social media accounts after they are canceled? Digital data continues to live on, allowing cybercriminals to pilfer contacts and other data from long-dormant accounts. Old email accounts can be easily taken over for nefarious purposes under the guise of an old account holder’s name. Review any dormant accounts attached to cloud services, mobile or IoT (Internet of Things) devices, or ISP’s (internet service providers). If shutting them down is not possible, attempt to log in and add a more difficult password unlikely to be broken through brute force. For an added measure, contact the companies attached to the email addresses and find out what their policies are for shutting down email accounts after customers leave.
Cyber at a Glance
How To Make People Sit Up And Use 2-Factor Auth: Show 'Em A Vid Reusing A Toothbrush To Scrub A Toilet – Then Compare It To Password Reuse Comment: Single-factor, password-only security is quickly becoming archaic because it can be easily manipulated. However, users are still not employing multi-factor authentication (MFA) which creates an extra layer of security. Some types of MFA are physical (such as hardware tokens) and biometric (such as fingerprints and face scans). The shortfall seems to be ease-of-use; thus, education is key. Videos seem to work best in explaining the importance of MFA and the various options available.
Online Banking Best Practices for Businesses Comment: Online banking can cause anxiety even in the most cautious users. The best ways to avoid becoming a victim of potential attack or fraud are to set up a “live CD” approach from a dedicated system, maintain updated systems, and practice computer hygiene. It is also important to be mindful when using banking apps on mobile devices.
The Weekly Bulletin aggregates information about cyber threats, vulnerabilities, and other resources to promote shared awareness and the adoption of best practices. Designed for a general audience, the Bulletin aims to bridge the information sharing gaps between all levels of government, the private sector, and our citizens.
Connect
Share
We respect your right to privacy - click here to view our policy.
