The unpleasant weather over the past week (at least here in Central Pennsylvania) provided me time to catch up on some reading and research. Two great resources recently released are the ‘Cost of Insider Threat Global Report’ by Proofpoint and ‘Cryptocurrency Crime and Anti-Money Laundering Report” published by CipherTrace. Both are referenced and linked below.
The SANS Open-Source Intelligence Summit starts this Tuesday (February 9th, 2021). This event will be LIVE online and is free! Find out more and register at OSINT Summit 2021.
Astronomical
Last week was Identity Theft Awareness Week, the annual celebration of identity theft and fraud sponsored by the Federal Trade Commission. The true nugget in their press release was a fact concerning the increase in benefit fraud related to pandemic unemployment assistance. The release notes the agency received 394,280 reports of government benefit fraud in 2020 compared to the 12,900 received in 2019. For those of you playing at home…that’s a 2,956 increase!
It’s not always criminal
Proofpoint released their 2020 Cost of Insider Threats Global Report and it is worth your attention. We get so focused on the criminal threat actor that it is easy to overlook the fact that most insider incident are the result of negligent employees or vendors. They have no ill-will or malice. Just poorly trained at best and ignorant, careless, or stupid at worst. We have a much better chance at mitigating these threats than those of a dedicated criminal threat actor. An important point made in the report is the cost of insider threat investigation and mitigation continues to be the fastest growing cost center.
With friends like this…
The team at Cisco - Talos made friends with a confirmed ransomware operator and wrote about it. The purveyor of the Lockbit ransomware strain submitted to a series of interviews that revealed both strength and vulnerability. I found it interesting that he is from the Siberian area of Russia. That isn’t the place that first comes to mind when you think of advanced threat actors conducting business through high speed Internet. Of course, the information must be taken with a grain of salt - he is a criminal - but it’s a compelling read.
DeFi-Crime … the new thing
CipherTrace released their 2021 Cryptocurrency Crime and Anti-Money Laundering Report and the it documents the continued criminal use of cryptocurrency to process ill-gotten financial gains. The report also shines a light on “Decentralized Finance” or DeFi and declares it is the “next major threat vector for fraud and money laundering”. And if aren’t yet convinced that you should be paying attention to the criminal use of crypto, consider the fact that criminally associated bitcoin addresses sent over $3.5 billion worth of bitcoin in 2020! Read the report.
The Rest…
And speaking of cryptocurrency crime, an Ontario, California man was charged for operating an unlicensed Bitcoin exchange and money laundering operation. The U.S. Attorney’s Office for Central California alleges he moved over 13 million dollars in cryptocurrency in his two year operational period.
Blockchain intelligence firm Chainalysis believes that ransomware groups raked in over 350 million dollars in 2020!
These Massachusetts woman ran a home health care fraud scheme that netted them over 100 million dollars in illicit profits. Medical over-billing; so simple and so profitable. Of course, staying with the script they spent the money on homes and cars.
Not playing politics, but the woman who oversaw Washington State lose “hundreds of millions of dollars” to an international unemployment fraud scheme was just appointed to run the federal labor department’s Employment and Training Administration program. Yes, that puts her in control of federal unemployment benefits! Only in government can you fail-up so well!
The FTC provides a common sense reminder; Don’t post pictures of your Covid-19 vaccination card to social media. The virus may not get you but identity thieves will.
Cool Tool
APTMAP - visual map linking advanced persistent threat groups (APT) to probable home countries. Also contains complete documentation including open-source information links.
“ONE WHO IS AFRAID TO ASK IS ONE ASHAMED TO LEARN” - someone smarter than me.
Thank You so much for making it to the end. Have a great week and watch your inbox for next week’s edition.
Matt