Email security company Mimecast released their 2021 State of Email Security Report. It’s a good report that reminds us businesses are constantly under attack from cyber-financial criminals and email is a primary attack vector. In fact, 70% of those surveyed expect their organizations will be victimized by an attack delivered by email in 2021.
One statistic really stood out though - only 20% of respondent organizations provide regular cybersecurity training to their employees. I explored the meaning of that statistic more in this writing.
I won’t hold my breath
The Department of Justice has formed the Ransomware and Digital Extortion Task Force. The task force aims to prioritize ransomware cases and increase efficiency and intelligence sharing. It also intends to offer training to front line investigators. I have written and spoken at length about ransomware and digital extortion and could offer a true front line perspective. I’ll be waiting for my invitation to join the task force, however I suspect that will come the same time a federal agency increases efficiency and intelligence sharing. https://thehill.com/policy/cybersecurity/549549-justice-department-convenes-task-force-to-tackle-wave-of-ransomware?rl=1
Old wine New jug
The Covid-19 pandemic accelerated the universal adoption of digital commerce. The Covid-19 accelerated the criminals universal adoption of victimizing through digital commerce. Bolster’s 2021 State of Online Fraud and Phishing Report illustrates how digital business has amplified risks and created new ones that many companies did not have to consider in the past. It’s still crime. Just delivered through a new means. https://bolster.ai/blog/fraudsters-joyride-as-digital-business-skyrockets/
Think differently
The title of this article is “Think like a Detective” but one of the most important tips offered is to think like a contrarian, or specifically a “devils advocate”. I always try to emulate a defense attorney. How is the defense going to attack my case? What do I need to do to mitigate that criticism? https://psyche.co/guides/how-to-solve-problems-by-thinking-like-a-detective
Best of luck…you’ll need it
A threat researcher who specializes in Business Email Compromise (BEC) fraud is raising money to open a technology hub in Nigeria. The goal of the training center is to offer young Nigerians technology skills training that will lead to legitimate work, not a life of crime. Specifically, the criminal lifestyle of working in a BEC crew. I applaud the effort, but to quote one of my favorite songs by The Smiths…”stop me if you’ve heard this one before”. https://therecord.media/can-you-fight-bec-popularity-in-nigeria-by-steering-youth-to-legitimate-it-job/
The Rest…
Mobile device forensic tool Cellebrite and secure communication application Signal have been in a tit-for-tat slapping battle over the past few months. Signal fired the deathstar. https://signal.org/blog/cellebrite-vulnerabilities/
The Supreme Court ruled against the FTC finding that Section 13(b) of the Federal Trade Commission Act "does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement" for consumers. https://arstechnica.com/tech-policy/2021/04/supreme-court-ruling-helps-scam-artists-avoid-punishment-ftc-chair-says/
Costco warns it’s customers of widespread fraud. The company published screenshots of 14 "prominent fraudulent emails, texts, and posts" in which cyber-criminals are impersonating Costco on it’s website. https://www.infosecurity-magazine.com/news/costco-issues-scam-warning/
Parking service and mobile application publisher ParkMobile admits to a data breach but claims no sensitive user data was lost. Brian Krebs says “not so fast” and claims the stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. https://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/ https://support.parkmobile.io/hc/en-us/articles/360058639032-Security-Notification-March-2021
The network of the Illinois Attorney General has been infected by ransomware. https://www.databreaches.net/illinois-attorney-generals-office-hit-by-ransomware-state-investigating/
Tools
https://wheregoes.com/ - URL redirect checker. Find out where that link is taking you before you actually click it.
https://redirectdetective.com/ - Same thing only different
Stupid
Don’t mess with snakes Particularly ones that can inject poison into you. And certainly not with a tool designed to turn hot dogs. https://www.pennlive.com/nation-world/2021/04/man-bitten-by-rattlesnake-that-he-tried-to-pick-up-with-barbecue-tongs.html
“IT IS MUCH EASIER TO BE CRITICAL THAN TO BE CORRECT.” - someone much, much, smarter than me
Thank You so much for reading. Time is short and attention is precious. I appreciate you giving me a bit of both. - Matt
Super Geeky Bonus - Trend Micro does a deep dive on the Carbanak and the Fin7 cyber threat groups.