Threats Without Borders - Issue 188
Cybercrime Investigation Newsletter, week ending June 23, 2024
I recently directed a Business Email Compromise attack victim to file a complaint with the Internet Crime Complaint Center and request the services of the RAT! The FBI created the Recovery Asset Team in 2018 to tackle the growing wire fraud issue. This specialized unit is dedicated to helping victims recover stolen funds and enhancing the collaboration between law enforcement and financial institutions.
The RAT’s primary function is to serve as a liaison between law enforcement agencies and financial institutions. This role involves supporting statistical and investigative analysis, which helps identify fraudulent accounts and stay ahead of emerging financial fraud trends. RAT significantly enhances the overall response to cybercrime by facilitating prompt and efficient information sharing.
When a complaint meets specific criteria, RAT initiates a rapid response process. The team forwards transaction details to the recipient bank’s point of contact to alert them of fraudulent activity and request an immediate account freeze. Upon receiving a response from the bank, RAT coordinates with the appropriate FBI field office to further the investigation and recovery efforts. This process, known as the Financial Fraud Kill Chain (FFKC), has proven to be highly effective in quickly freezing fraudulent transactions.
RAT addresses many cybercrimes like BEC scams, investment fraud, real estate scams, tech support scams, and ransomware attacks. In 2023 alone, IC3 received over 880,418 complaints, with reported losses exceeding $12.5 billion. This broad scope highlights the critical role of RAT in mitigating various forms of cybercrime and protecting victims from substantial financial losses.
The RAT has successfully recovered $538 million of the reported $758 million in misdirected funds, achieving a 71% success rate! The RAT is one of the most successful components of the FBI’s strategy to combat cybercrime.
Remember the RAT! Direct your victims to file a complaint with the Internet Crime Complaint Center at www.ic3.gov.
Some News…
Great time to take a job in the finance industry, Matt. Citi's researchers have stated that around 67% of banking jobs have a "higher potential" to be automated or augmented by AI. The researchers believe that the implementation of modern AI tools, particularly GenAI, in financial services will be relatively slow compared to other sectors due to the sector's highly regulated nature. Hopefully, I can wait them out. https://ir.citi.com/gps/9j79xHIa-vfPi785TYiSciffO0j4I0D52fI9LrahsLZEo6MpT4aM7SpwSFagAL9CIukqn2fwiJ_GNvDsLy4b6XEjftdK1abu
New ransomware attack technique: Manipulating the File Access API of your web browser. When you start uploading a file using your web browser, you need to select a drive on your network or hard drive. The File System Access API enables browsers to use this API, allowing users to choose files to upload within the browser. Unfortunately, cybercriminals exploit this API by embedding ransomware. This means that when you select a file, the ransomware automatically encrypts all the files in the folder you open and all its subfolders. Antivirus software scans for malicious payloads to detect viruses. However, in this type of attack, the ransomware runs inside the existing browser instead of being embedded in the payload. https://theconversation.com/cybersecurity-researchers-spotlight-a-new-ransomware-threat-be-careful-where-you-upload-files-219560
Pro Tip: If you have a clear image of a baby's face tattooed on the side of your head, put on a hat before you commit fraud! https://www.kget.com/news/crime-watch/man-with-babys-face-tattooed-on-head-wanted-in-fraud-investigation/
US prosecutors have charged 24 individuals with laundering over $50 million in drug money involving Chinese and Mexican drug cartels. The network allegedly includes Chinese, Mexican, and American men who worked as couriers, money brokers, and traffickers for the Sinaloa Cartel. Chinese money laundering groups have been undercutting competitors by charging cheaper fees and tapping into the Chinese population in the US and Latin America. The DEA has formed a new illicit finance team to identify money laundering networks, and federal agents are closing in on "bigger fish" among Chinese money launderers. https://www.cnn.com/2024/06/18/politics/us-chinese-money-launderers-drug-cartels/index.html
Understanding the role of “Red Flag Analysis” in due diligence investigations. https://www.americanbusinessmag.com/2024/06/unmasking-hidden-dangers-the-vital-role-of-red-flag-analysis-in-due-diligence-investigations/
A human resources employee from the city of Jackson, Mississippi, was dismissed following a fraud investigation. The employee was accused of embezzling funds that former co-workers had paid for insurance. The exact amount stolen and the number of victims are not specified, but the mayor described it as an “alarming amount.” Bonus points for the mayor’s strong beard game! https://www.wlbt.com/2024/06/17/alarming-amount-city-jackson-employee-dismissed-following-fraud-investigation/
Probably not the best time to buy a car. CDK Global, a software provider to 15,000 car dealers, has been hit by cyberattacks since June 19. The attacks have caused chaos in sales, service, parts, and inventory management. CDK's systems are expected to be down for several more days, impacting an end-of-quarter sales push. The attacks have caused a warning from CDK about bad actors posing as members or affiliates of the company. https://finance.yahoo.com/news/car-dealer-chaos-arises-cyberattack-111506147.html
Mail Call
“Your criticism of the IAFCI candidates is not fair to those non-incumbents. There are agreements about how to run for election made by previous boards and enforced by the current board. I think you would see campaigning if it would be tolerated”. - C.D.
“Matt, I just finished reading the book “Never Split The Difference - Negotiating like your life depended on it” by Chris Voss. Brilliantly written book by a former FBI negotiator. It’s one of those books that really does change how you approach life” - Sean
Cool Job
Senior Manager, Security Planning and Assessment - National Hockey League. https://www.teamworkonline.com/hockey-jobs/hockeyjobs/nhl-league-office/senior-manager-security-planning-and-assessment-2079321
Program Manager, Anti-Human Exploitation Financial Crimes. Cash App. https://jobs.smartrecruiters.com/Square/743999996230275-program-manager-anti-human-exploitation-financial-crimes-cash-app
Cool Tool
Maplandia.com provides a searchable world gazetteer based on Google Maps. Over 2,000,000 places are divided into geographical categories according to continents, countries, and administrative regions. http://www.maplandia.com/
Invite me
I have some availability in my schedule this fall and would be delighted to speak at your event. Sometimes, I even say intelligent things! Please reach out if you are interested in having me participate in your event.
Irrelevant
Get yourself promoted!
Breaking News…
The Lockbit ransomware group claims to have taken 33 TB of data from the Federal Reserve. Good grief…how much noise is created by exfiltrating 33 TB of data? Think about it. https://hackread.com/lockbit-ransomware-us-federal-reserve-data-ransom/
Sign Off
Thank you for hanging around another week. I recognize the strain on your time and appreciate that you gave this forum a few minutes. The newsletter grows through word-of-mouth, so those who share it with others are golden.
Matt
“SHOW RESPECT TO EVERYONE WHO WORKS FOR A LIVING.” - is writing a newsletter working?
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.