In last week’s issue I included a news article from The Guardian newspaper (UK) questioning the value and ethics of cyber-insurance covering ransomware attacks. The dilemma consumed me over the week and prompted to write down some thoughts. Who actually ends up paying the ransom? We all do.
You Pay The Ransom (write.as blog post)
And a special note of thanks to everyone who has subscribed over the past week. I know there is intense competition for your attention and I’m honored that you give me a few minutes of your time.
A week of disruptions
Cybercrime had a rough week due to law enforcement actions that spanned the world. The largest coordinated LE event was the takedown of the Emotet botnet. The botnet has served as the infrastructure to launch numerous malware and ransomware attacks. The crimeware-as-a-service business will recover but this served as a major setback, albeit temporary I’m sure. The Ukranian National Police released a video showing the raid of a Emotet suspect’s home.
The U.S. Department of Justice also announced a major action that crippled the Netwalker ransomware organization. The coordinated world-wide offensive resulted in the destruction of internet resources, one arrest, and the seizure of $500,000.
More Ransomware…
Emsisoft released their 2021 State of Ransomware Report providing a look back on 2020. The report document the trend of ransomware operators to target government, healthcare, and education. Emsisoft reports that in 2020 ransomware struck 113 government agencies, 560 healthcare providers, and 1,681 educational facilities. Now the questions becomes, are those entities specifically being targeted at higher rates - or are they just the weaker links that haven’t adapted security practices and training standards resulting in better prevention? I want a cite if someone turns that into a thesis.
The benefit that keeps giving
Of course, only if you are a criminal. Unemployment benefits have a finite term for most if us but criminals just keep raking it in. The California Department of Labor confirmed they have paid out 11.4 BILLION dollars in fraudulent claims. The labor secretary explained “There is no sugarcoating the reality, California did not have sufficient security measures in place to prevent this level of fraud, and criminals took advantage of the situation." Sad, but you could actually substitute “California” in that quote with any other state and it would be equally as true.
Phishing…on the fly
Multiple security news agencies reported on the LogoKit Phishing automation software that replicates the victims given log-in page on the fly. If the victim is replying from a “outlook.com” email then the software will replicate the Outlook log-in page. If the victim is replying to a phishing email about a Capital One Visa account, the software will replicate the Capital One log in page. It is real time page creation. RiskIQ has a fantastic, although technical, breakdown of the application.
The Rest…
The U.S. Attorney’s Office for the District of Nevada announced the indictment of a Las Vegas man for defrauding multiple financial institutions out of 1.9 Million dollars. Yes, more CARES fraud.
Cyborg Security provided a quick listing of some easy-to utilize threat hunting tools.
Flashpoint compiled the facts and stats of over 1,100 ransomware attacks and offers insightful data analysis.
A short piece from my local Fox affiliate concerning the rise in apartment rental fraud.
The BBB warns you about purchasing dogs from craigslist. My agency has taken at least two of these reports over the past few months. Both involving French Bulldogs.
Cool Tools
RootAbout - See if an image has been archived by the Internet Archive’s - Wayback Machine.
DNS Twister - search your own domain to protect against typo-squatter attacks and phishing domains.
Cool Job
TESLA - Red Team Security
THE GREATEST LESSON IN LIFE IS TO KNOW EVEN FOOLS ARE RIGHT SOMETIMES. - WINSTON CHURCHILL
Thank You for making it to the end. I appreciate your attention!
Please consider sharing and for those who just stumbled in …subscribing.