Threats Without Borders - Issue 126
Matt's Cyber Financial Crime Newsletter, Week ending April 16, 2023
One of best benefits of publishing this newsletter each week is the knowledge and education that flows back to me. Sometimes, like last week, I’ll throw out some shit-post and better minded people will contact me to provide ideas and thoughts that never occurred to me, or I hadn’t give much consideration.
Like this email received after last weeks issue (Issue 125):
“Security training is kind of broken and I agree with everything you wrote. Especially about the interactive media, or “gameified” as you called it. Everyone in my organization, at least everyone over age 25 hates them. Some of the skits are funny but I’m not sure they actually make an impact.
But we’re a global company with over 9000 employees. Asynchronous training is an absolute must for us. We have no choice but to use video lessons by companies like [edited] because conducting live training for every one of our employees is virtually impossible. We deal with different cultures, time zones, and languages. I’m not sure leadership cares either. Cybersecurity training is viewed as a compliance matter. Check the box and we can keep our cyber insurance and satisfy the auditors for another year. What’s the easiest way to do that? Training videos.”
Thank you for the the email Kerry. A large and globally dispersed workforce certainly would put a quick end to my ideas for live and in-classroom security training.
Have concerns, snark, or hate? Those who have registered accounts with Substack can always post comments below. Otherwise, feel free to respond back to the newsletter delivery email.
Macs don’t get malware, right?
Most of the macOS security news over the past few days has been regarding an infostealer aptly called “MacStealer”. Allegedly, it has the capability to steal it’s victims Keychain database, among other items. Malwarebytes published a thorough examination of the virus and how it works. Obviously getting any malicious software on your machine is bad, however, this is an unsigned DMG file not available through the official Mac App Store or any reputable software seller. The macOS system is going to give you multiple notices that you are installing something bad. The exploit also requires you to alter some security settings before it will run properly. You must work to get infected by this.
The more important security related macOS news comes to us from the security collective MalwareHunterTeam who found the Lockbit group distributing a new strain of ransomware that specifically targets the Apple macOS computers. This is going to be trouble considering a lot of Mac users really believe “mac’s don’t get viruses” and run rampant over the Internet with that mindset.
https://9to5mac.com/2023/04/16/lockbit-ransomware-targeting-macs/
So much to unpack
Hopefully the detectives who investigated this case come forward at some point and discuss the mechanics of this fraud scheme. Two woman took their boss for over $450,000! They changed his bank accounts, sold his personal property, and attempted to sell some his real estate valued at over 1 million dollars. They even went as far as trying to change his will and make themselves the beneficiaries. This takes the concept of malicious insiders to the next level. https://6abc.com/2-women-steal-from-doctor-west-chester-county-theft-in-arrested/13119330
Fraud is everywhere
Even the air cargo industry. The U.S. Attorney’s Office for the Southern District of New York has charged ten persons for a scheme that cost Polar Air Cargo over 52 million dollars. The criminally charged employees, including senior management officials, allegedly traded contracts, cargo space, and the enrollment in incentive programs, for kickbacks from the benefiting customers and vendors. https://www.aircargonews.net/airlines/freighter-operator/us-doj-charges-10-with-defrauding-polar-air-cargo-worldwide/
It’s on the timeline
CISA released version 2.0 of it’s Zero Trust Security Model. The first edition, Version 1.0, was only released in August of 2022 so this a fairly quick update. CISA is definitely doing work! I have only given it a cursory skim and hope to give it more attention this week. Of immediate note is the bold, and highlighted, warning “The path to zero trust is an incremental process that may take years to implement”. Years to implement you say… Zero Trust please meet 2FA, 2FA this is Zero Trust. https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf
Lonely Wyoming
This research group analyzed Internet search trends to see what states are the most susceptible to being victimized by various scams and frauds. Completely unscientific, but interesting nonetheless. Online shopping fraud - New Hampshire. Spam text messages - Hawaii. Romance scams- it must be lonely in Wyoming. https://www.securedatarecovery.com/blog/states-struggling-scammers
The Rest…
Cado Security discusses a new credential harvester targeting Amazon Web Services accounts that is delivered through an email. https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/
The U.S. extradites infamous Nigerian scammer who victimized Americans for over 6 million dollars. https://www.theregister.com/2023/04/14/nigerian_bec_scam/
Avanan looks at some recent phishing attacks targeting Zelle users. https://www.avanan.com/blog/zelle-phishing
Cool Job
Fraud Risk Strategy Manager - Current. https://current.com/careers/open-positions/?id=4953938&gh_jid=4953938
Cool Tool
Makes investigating a web domain (almost) too easy. https://synapsint.com/index.php
Hash creator / look-up tool. https://hashes.com/en/decrypt/hash
Irrelevant
42 different pens - tested and ranked for 2023. https://www.jetpens.com/blog/The-42-Best-Pens-for-2023-Gel-Ballpoint-Rollerball-and-Fountain-Pens/pt/974
Conference Alert
You still have time to register for the Keystone Konnection 2023 conference hosted by the Delaware Valley and Pittsburgh Metro chapters of the International Association of Financial Crime Investigators. This is one of the best bang-for-the-buck financial crime/fraud conferences considering the speaker line-up and networking opportunities.
https://keystonekonnection.com/
Substack has launched a Twitter alternative called Notes. I’ve published a few and those with Substack accounts can follow along. Subscribing to the newsletter does not equate to having a Substack account.
Thanks for being a reader. See you next Tuesday.
Matt
“The best teachers are your previous mistakes” - I have so many teachers.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.