The FBI’s Internet Crimes Complaint Center (IC3) released their 2020 Internet Crime Report and it confirms what we all anecdotally know - cyber crime is HUGE! Some numbers from the report:
Cyber crime complaints are up 69%
Reports of victimization through phishing are up 110%
1.8 Billion dollars lost to Business Email Compromise fraud
4.2 Billion dollars in losses due to cyber crime in 2020
I plan to detail my thoughts on the report in a separate writing, but I urge you to read it for yourself. https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics
Editorial Note: You’ll notice the actual URL included with each note. I preach “don’t ever click a link that you don’t know where it goes”, but I expect you to click blind links in a newsletter. If you trust me - click the underlined bold font word in the note, if you don’t (I wouldn’t) then copy the URL into your browser address bar.
Acer is out of Aces
Computer manufacturer Acer appears to have sustained a significant ransomware attack perpetrated by the REvil group. Bleeping Computer is reporting the threat actors are demanding a 50 million dollar payment to release the encryption keys. The group has been publishing the chats as the two groups negotiate the payment. Knowing the company has back-ups and doesn’t really need to pay encryption keys, the REvil group is threatening to release exfiltrated records if payment isn’t made. https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/
Start-up results in fraud
The US Securities and Exchange Commission (SEC) has charged the co-founders of uBiome with fraud reaching an estimated $60 million. The company claimed that it could test fecal matter to determine the bacterial make-up of the patient. It seems they couldn’t really test anything as the SEC alleges the couple "falsely portrayed uBiome as a successful startup with a proven business model and strong prospects for future growth." https://www.zdnet.com/article/sec-charges-co-founders-of-ubiome-medical-testing-startup-with-operating-60m-fraud/
Windows update kills printers
It wouldn’t be a Windows update if something didn’t get destroyed. And this time it was your printer. Users with certain brands of printer experienced APC_INDEX_MISMATCH errors and blue screens, but now Microsoft has issued a warning that there may be additional problems with elements missing from print outs, or even entirely blank pages being output. Microsoft has issued updates to fix the problems - or at least allegedly fix the problem. https://betanews.com/2021/03/18/windows-10-updates-more-printer-problems/ https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1574
69 Million on what?
Some fool laid out 69 million dollars this week for a Non-Fungible Token (NFT). NPR does a pretty good job explaining the NFT concept in this article. Even more pertinent to those of us who investigate financial crime is this piece by Charles Delingpole questioning the future use of NFT’s to launder ill-gotten money. https://www.npr.org/2021/03/05/974089381/whats-an-nft-and-why-are-people-paying-millions-to-buy-them https://www.linkedin.com/pulse/what-money-laundering-risks-non-fungible-tokens-nfts-defi-delingpole/
Phishers return to old waters
Email security business Inky warns that threat actors are preparing to return to old haunts as pandemic displaced employees return to the office. The company explains that security teams need to be prepared for the increase in phishing emails as workers seek “accurate information about COVID-19, vaccines, and related work policy changes”. https://www.inky.com/blog/going-back-to-the-office-phish
The Rest…
In non-cyber news, a United States Postal Service employee working at the State College, PA mail facility admitted to stealing mail addressed to Penn State students. The selected mail contained cash, checks, and gift cards - all the things sent to college students. https://www.pennlive.com/news/2021/03/former-pa-postal-worker-admits-to-stealing-cash-from-mail-intended-for-penn-state-students.html
New York state 911 center hit with ransomware: The County Public Safety network which includes Albany, Saratoga, and Rensselaer Counties, was hit with a ransomware attack. https://www.news10.com/news/tri-county-sheriff-dispatch-hit-with-ransomware-attack/
Area1 Security details an advanced spear-phishing campaign that targets C-Suite executives, their admin assistants, and financial department employees. The campaign uses techniques designed to avoid Microsoft Office 365 defenses. This is a really good write-up well worth your time to read. https://www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/
A member of the REvil ransomware gang admits to what we knew all long - they are targeting business with cyber-insurance because it’s a guaranteed ransom payment. https://www.computing.co.uk/news/4028633/revil-member-gang-targets-organisations-cyber-insurance-ransomware-attacks
Cool Tool
lookingatcars.com - A brilliant resource for those of us that have to identify vehicles from security camera video.
“DO NOT FEAR FAILURE. FEAR NEVER HAVING THE COURAGE TO TRY” - someone smarter than me.
Thanks for reading! Watch your inbox next Tuesday for Issue 19.
Matt