Week of March 22nd, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

New Service Alert: CIS Benchmark Audits?

“Establishing, maintaining, and proving an organization’s security posture remains a?high priority for business, government, and regulatory bodies. Through accreditation?with the Center for Internet Security (CIS), Packetlabs can show their?customers and partners that their cybersecurity posture meets the best practice?guidance as set forth in the CIS Controls, underpinned by the rigorous standards of?CREST accreditation.”?

-Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group

It’s official: Packetlabs is now accredited through the Center for Internet Security (CIS). We are now offering CIS Benchmark Audits as part of our security assessment offerings. CIS Benchmark Audits achieve several important objectives related to cybersecurity and the overall security posture of an organization’s systems.?

CIS (Center for Internet Security) benchmarks are a set of best practices and guidelines for securing computer systems, networks, and cloud providers. A CIS Benchmark Audit has over 100 secure configurations across the following categories:

• Cloud providers (e.g., AWS, GCP, Azure, Oracle, Microsoft Office 365, Google Workspace)
• Operations systems (e.g., Windows, Unix)
• Server software (e.g., Web servers, Kubernetes, Databases)
• Mobile devices (e.g., Apple, Android)
• Network devices (e.g., Cisco, Palo Alto, Fortinet, Check Point)
• Desktop software (Microsoft Office, Web browsers)

Have confidence that your infrastructure and sensitive information are safe by checking the status of your organization’s security and compliance posture against CIS benchmarks.

Insidious Phishing Attack Uses Microsoft Office Ploy to Deploy NetSupport RAT??

Are you one of the 1.2 billion people globally who use Microsoft Office?

If so, this latest phishing tactic should be on your radar: a new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. NetSupport RAT is a malicious offshoot of a legitimate remote desktop tool known as NetSupport Manager, allowing threat actors to conduct a spectrum of data gathering actions on a compromised endpoint.

The starting point is a salary-themed phishing email that purports to be from the accounting department and urges recipients to open the attached Microsoft Word document to view the "monthly salary report."

A closer analysis of the email message headers – particularly the Return-Path and Message-ID fields – shows that the attackers use a legitimate email marketing platform called Brevo (formerly Sendinblue) to send the emails.

The Word document, upon opening, instructs the victim to enter a password provided in the email body and enable editing, followed by double-clicking a printer icon embedded in the doc to view the salary graph.

Doing so opens a ZIP archive file ("Chart20072007.zip") containing one Windows shortcut file, which functions as a PowerShell dropper to retrieve and execute a NetSupport RAT binary from a remote server.

Cyberattacks Are Targeting Water Systems Across The United States–Here’s What to Know

Cyberattacks are hitting water and wastewater systems “throughout the United States” and state governments and water facilities must improve their defenses against the threat, the White House and Environmental Protection Agency warned US governors this past Tuesday.

“We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices,” said the letter to the governors from EPA Administrator Michael Regan and national security adviser Jake Sullivan.

The US water sector, which spans 150,000 public water systems, has often struggled to find the cash and personnel to deal with hacking threats.

In November, hackers breached industrial equipment at multiple US water facilities to display an anti-Israel message on the equipment, according to US officials. The Biden administration blamed the Iranian government for the hacks.

Chinese state-backed hackers have also infiltrated US water facilities, according to US officials. It’s a hacking campaign that the Biden administration worries Beijing could use to disrupt critical infrastructure in the event of a conflict with the US. China denies the allegations.

Neither the alleged Iranian nor Chinese hacks have had any impact on drinking water, but they have alarmed senior US officials and lawmakers and draw fresh attention on the security challenges in the water sector.

The Biden administration has tried to use a mix of regulation and federal support for new cyberdefense technologies to address the problem. But the EPA in October was forced to rescind a key cybersecurity regulation for public water systems following a legal challenge from Republican attorneys general.