It is Cyber-Monday 2020. I published a short piece at my write.as site about the threat e-commerce websites face from ransom driven dedicated denial of service attacks (RDDOS).
Cyber Monday - Make sure YOU show up!
Speaking of Cyber Monday and Internet shopping deals, don’t take advantage of any deals Wal-Mart may offer on a Jetstream Router. Security researcher James Clee has found the devices contains multiple vulnerabilities including a backdoor that would allow an attacker instant access to you all of your network communications. Clee also believes he has found proof the controllers of the Marai botnet are exploiting this vulnerability to bring devices into their control. The Chinese made router is also sold by Amazon under the Wavlink name.
Cybernews: Wal-Mart exclusive router contains hidden backdoor
The Internet has an endless supply of synthetic identities which has been a boon for fraudsters who specialize in “Bust Out Fraud”. This fraud occurs when a completely made-up person (identity) is used to open financial accounts, usually credit cards and loans. The fraudster makes a few timely payments to build good standing and allow them to apply for a greater amount of credit. Once the card is maxed out, the bad guy just walks away, or busts out, leaving the financial institution holding the debt.
A Glendale, California man was sentenced to 7 years in federal prison last week for running a series of Bust Out scams which defrauded more than 20 banks of over 5 million dollars. Of course he purchased the regular items of high-end liquor, cars and Rolex watches, but he also purchased cemetery plots. What?
Kudos to the Secret Service, Homeland Security Investigations and Glendale Police Department for crashing this scheme.
Press Release - United States Attorney Office, Central District of California
Financial crime management application Feedzai has released their Quarterly Financial Crime Report (Q4 2020 Edition). I was confused by the title including the Q4 since it still is the financial fourth quarter, but it seems they analyzed data from the third quarter and are presenting it in the fourth quarter, hence the Q4 tag.
Regardless, several of the facts presented are striking such as a realization of a 30% increase in Card Not Present (CNP) transactions. That is a huge shift from in-person shopping to Internet shopping, I suspect is due to the Covid-19 crisis. When the fraud numbers pan out I’m sure that will show a similar increase.
The report suspicious doesn’t explain where they get their data from other than a footnote claiming the report is based off their “exclusive data from over 4 billion global transactions across all major industries between March and September 2020.”.
Contact your senior management and have them change their email credentials…NOW! A source has demonstrated for ZDNet that someone is actively selling account access to hundreds of email accounts for executives in private industry. Most of the C-Suite is represented. Again, the common theme is Microsoft Office 365.
Hacker selling email accounts of hundreds of C Level Executives
The devil is in the details. Mercy Iowa City Hospital released a breach notification advising patients of an account breach which may have compromised patient accounts resulting in the loss of personal health information. The notification is standard issue and offers little information about the breach itself - other than it resulted from a compromised email account. The striking detail is the notation of the account being compromised from May 15, 2020 through June 24, 2020. Forty-two days. The average dwell time for network intrusions is 95 days so a discovery 42 days is pretty good. But I always take a harder line with email accounts. Pay attention to your accounts and report suspicious activity immediately. Missing messages, oddly forwarded messages, newly created or deleted folders, replies from people you don’t know or didn’t send an email to, and most of all, new email rules you didn’t create, should all be investigated.
The Rest…
Microsoft has identified and is tracking a campaign targeting Office365 users that bypasses advanced anti-phishing techniques and detects when the email has been opened in sand box environment. Microsoft detailed the new campaign in this Twitter thread.
A researcher in Belgium succeeded in a proof of concept design and created a device that allows complete access to a Tesla vehicle, including to start it and drive away, in less than 90 seconds. The device costs less than $300 to make and fits inside a backpack. Tesla Model X - Gone in 90 Seconds!
Intel471 interviewed a CIO of a major corporation that recently went 10 rounds with a ransomware infection. A very honest and inciteful read: Here’s what happens after a business gets hit with ransomware.
Cool Tool
OpenCorporates provides detailed business information for over 180 Million U.S. and International corporations. Start here when investigations involve a business entity.
You’ve stuck around to the end. Thank You. If you like what you see, please consider subscribing or sharing!