Phishing Attack Alert! Los Angeles County Says No Harm Done! – Disposable mail news

A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised.

The attack was discovered by the staff, last month. The containment of the attack was done by the staff instantaneously before much damage was done.

The hackers were apparently after the county’s residential data.

Per sources, it all began when the Los Angeles County received a phishing email which extended malicious activities. The malicious campaign was aimed at stealing the receiver’s personal data.

The hackers’ plan was to get the recipient to click on the links/attachment in the email. Reportedly, the email had come from a “third-party account”. Allegedly, the distribution list of the third party got leaked and was sent to more than 25 county employees.

Per website sources, The LA County happens to be the most populated area in the US. It has over 35,000 personal computers, 12,000+ cell phones and 800+ government network locations.

According to reports the “Internal Services Department” happens to support the “Countrywide Integrated Radio System” which extends essential services during emergencies.

Most local governments have faced attacks along the same lines including Los Angeles County as well. Per sources, in the Minnesota case where the phishing attack targeted over 100 LA County employees, the personal data including targets’ names, social security numbers, dates of birth, card details and other personal data was compromised.

It is evident that the phishing attack could have taken a gigantic form if it hadn’t been for the prompt skills of the employees and staff of the LA County.

Given that such a humongous number of devices and networks could have been jeopardized this attack must necessarily be taken as a serious warning.

The already existing and well-established security controls of the county also had a lot to contribute to this successful aversion of the accident.

Reportedly, the county’s Chief Executive Officer had taken this incident as quite a forewarning and mentioned that they would work stalwartly towards improving the security provisions and strengthening them.

The overall incident is still under investigation by the county along with help from a few private participants.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

First encounters through the eyes of the Disposable mail scanner – 10 minute mail

What do typical websites look like through the eyes of our vulnerability scanner the first time they are tested? How does that picture change over time? Take a look behind the scenes, in the first of a long series of insights into our data.

In 2015 we have tracked down over 2 million vulnerabilities in more than 20 thousand websites all around the world, about once every other eye blink in the sole month of November. These, of course, cover a wide variety of security flaws and are classified on-the-fly with respect to their characteristics and overall impact according to the Common Vulnerability Scoring System (CVSS) specifications.

From this point of view, every website appears to be very peculiar in its own way, as typically the number of vulnerabilities increases with the size of the website itself, and their severity is highly dependent on many different factors. We asked ourselves if we could identify common weaknesses and if we could illustrate somehow a typical website with respect to its vulnerability status.

Such picture is shown in the bubble chart below, which represents a typical website as it is seen through the eyes of our vulnerability scanner the first time that it is tested.

Disposable mail Vulnerability Scanner

Each bubble represents a specific vulnerability.

The bubbles come in three different colors, corresponding to our categorization of vulnerabilities according to their severity:

  • in red the most critical ones with a CVSS score bigger or equal than 6;
  • in yellow those with a CVSS score bigger or equal than 3 and smaller that 6;
  • in blue the lower severity ones with a CVSS score bigger than zero and smaller than 3.

The size of each bubble is proportional to the frequency with which the vulnerability that it represents is found over all the websites that we tested. Such frequency is shown as a percentage in the for the most frequent vulnerabilities.

To make the long story short, with the risk of oversimplifying the whole picture, we can say that the smaller a bubble is, the less a vulnerability is likely to be found. And everything looks also more secure when bigger percentages are in yellow or, even better, blue bubbles.

What vulnerabilities are mostly found during the first test?
The majority are medium and low severity ones, i.e. yellow and blue bubbles, with Missing DNSSEC showing up in about 85% of the cases, followed with SSL BEAST found in 48% of the cases. The most relevant medium severity vulnerabilities are instead Cookie is not set to be HttpOnly and Technology Disclosure, which are respectively found in 74% and 72% of all the cases. Finally, among the most harmful ones, Login Cross Site Request Forgery is the most common one, found in 33% of all the cases.

What happens after the first test?
Quite interestingly, despite the size of yellow and blue bubbles change quite a lot after the first test, there are 4 red bubbles which are always at the top of the list among the most found critical vulnerabilities.

Top 4 critical vulnerabilities found on websites

  • Login Cross Site Request Forgery (CSRF/XSRF)
  • Email Spoofing / Missing SPF Records
  • Potential Vulnerabilities In The Web Server
  • Cross Site Scripting

All in all, hopefully you have found this helpful to prevent some of the weak spots that we most frequently find in websites.

Until next time, and may all the bubbles shrink!

Andrea Palaia
Data Scientist, Disposable mail
@_endriu


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

An intelligent way to look for vulnerabilities – 10 minute mail

Have you ever wondered how we manage to test your website for hundreds of vulnerabilities without making you wait too long? We have built a powerful fingerprinting algorithm to spend just the right  amount of time to find what we look for, and this is how we do it.

More and more vulnerabilities come to the surface every day, so it would take an increasingly long time to check for all of them against every single website. Many of these vulnerabilities are also very specific and can only affect certain web servers or Content Management Systems (CMSs). It would therefore be very time consuming and ineffective to test blindly for all of them.

We do the very best in order to keep our scanner up-to-date with the latest security threats, from the most generic to the platform-specific ones. When we test a website we do not just scroll a long list of possible vulnerabilities trying to find all those who affects it, but we rather tailor our tests to the technology stack that we find.

Having a clear picture of what web servers, CMSs and libraries types and versions run on a website is not at all a trivial task. It involves a cautious evaluation of the website content and of the messages exchanged between clients and server. Our so-called fingerprinting algorithm (see detectify.com/technology) at the core of the Disposable mail scanner, is where all this magic happens.

All the information collected by our crawler is fed to a classification algorithm that is able to decide within a bunch of millisecond what web servers, CMSs and libraries we are dealing with. On the basis of that information, we are then able to start looking for all pertinent vulnerabilities, excluding those that we know for sure are not there.

//Andrea Palaia


About Andrea:

Andrea is a data scientist at Disposable mail. He moved to Sweden from Italy in 2009 for a Ph.D. in accelerator physics,  and for several years he has been jumping back and forth between CERN, Uppsala and Berlin. After his Ph.D. he started to pry into the startup world with Patamu.com and about 8 months ago he landed at Disposable mail where he makes numbers speak.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.