Threats Without Borders - Issue 195
Cybercrime Investigation Newsletter, week ending August 11, 2024
Approximately 2.7 billion personal information records from individuals in the United States have been leaked on a hacking forum. The leaked data, believed to have been stolen from National Public Data, includes names, Social Security numbers, addresses, and possible aliases.
This is pretty much all of us.
There is a scene in the Band of Brothers series where Lt. Speirs speaks to Blithe about how he froze with fear and hid in a ditch during a fight. The young, frightened soldier says, “ I didn’t really try to fight. I just kind of stayed put. I was scared”
Lt. Speirs then delivers his famous “War is hopeless” speech where he says:
“You hid because you think there is still hope, but Blithe, the only hope you have is to accept that you’re already dead. And the sooner you accept that, the sooner you’ll be able to function without fear”
Obviously, the battle to protect our personal identifying information falls significantly short of the horrors of war, but I think we can aptly apply Lt. Speir’s words to the situation.
At this point, you must accept that your information is in the wild. It is available to criminals, who will use it to commit fraud. There is little hope of keeping your personal identifying information private or secure.
And the sooner you accept that the sooner you’ll be able to function without fear.
We should be guarded when handling our personal information, but most of us, if not all, are already right of boom. Instead of fixating to prevent identity theft, we should concentrate on reducing its impact, as clearly there's little we can do to stop it ourselves.
Some News…
Trump campaign admits it was “hacked”. Sources say the breach resulted from an email phishing attack on a high-ranking campaign official. President Trump, I’m available to provide security awareness training to your staff. Shoot me an email. https://www.axios.com/2024/08/10/trump-campaign-hacked
The Federal Trade Commission (FTC) took action against Financial Education Services (FES) for operating a credit repair pyramid scheme. FES lured consumers with promises of improved credit scores and then enrolled them in a scheme that sold credit repair services to others. The FTC alleged that FES deceived consumers, charged upfront fees for undelivered services, and made inflated income claims. As a result, the owners and operators of FES face permanent bans from credit repair and multi-level marketing activities, along with substantial monetary penalties. https://www.ftc.gov/news-events/news/press-releases/2024/08/ftc-action-leads-permanent-bans-scammers-behind-sprawling-credit-repair-pyramid-scheme
Four men from New Jersey have been accused of stealing and altering checks sent through the mail. They illegally collected checks from blue mailboxes and obtained stolen mail from other sources, including a USPS employee. The men altered the checks, changing names and increasing values, before depositing them into their personal accounts. https://www.pennlive.com/crime/2024/08/4-men-stole-cashed-hundreds-of-checks-sent-through-mail-feds.html
Akamai successfully mitigated a massive 24-hour Distributed Denial of Service (DDoS) attack involving a staggering 419 terabytes of malicious traffic. The attack originated from a globally distributed botnet and used various attack vectors, such as UDP flood, UDP fragmentation, DNS reflection, and PSH+ACK. The main attack window lasted three hours, with peak traffic of 798 gigabits per second, making it the sixth-largest DDoS peak traffic ever mitigated by Akamai. https://www.akamai.com/blog/security/2024/aug/akamai-blocked-419-tb-of-malicious-traffic
Cybersecurity researchers at Cyble have uncovered a phishing campaign targeting users searching for Google Authenticator on Google Search. The campaign directs users to download malicious Android apps disguised as Google Authenticator, leading to installing either the Latrodectus or ACR Stealer malware. Latrodectus, a persistent malware, steals sensitive information, including credit card details, and monitors device activity. Further investigation revealed connections between these activities and the notorious Golddigger and Gigabud Android malware families, indicating a potential overlap or collaboration between these threat actors. https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/
Rebranding appears to be good for business. Since its emergence, the BlackSuit ransomware group has been identified as the perpetrator behind over $500 million in ransom demands. Originating as Quantum ransomware and later rebranding as Royal, the group has demonstrated evolving tactics with frequent name switches. https://www.bleepingcomputer.com/news/security/fbi-blacksuit-ransomware-behind-over-500-million-in-ransom-demands/
Is the cure worse than the malady?
The United Nations unanimously passed its first cybercrime treaty, an agreement initially proposed by Russia. This treaty establishes a global legal framework for addressing cybercrime and data access. While it signifies progress in international cybercrime cooperation, the treaty has drawn criticism from human rights organizations and tech companies due to concerns about potential misuse of surveillance and data access.
The legislation appears to be a complete government take-over to criminalize any opposition conducted via technology and the Internet.
The Rage believes the law will overrule the Bank Secrecy Act and criminalize any private security research.
https://www.therage.co/un-cybercrime-convention-bank-secrecy/
Reader Mail
“great write-up about email trackers. I suggest using Proton Mail as they block trackers by default in addition to their other privacy protections.” - Sean
“Matt, I feel ya about getting old. I always think I’m as good as I ever was, until I have to do something like, oh, lift a bag of groceries out of the trunk!” Darron
Cool Job
The stock market rebounded - have yourself a new job.
Fraud Subject Matter Expert - NICE. (U.S. Based) https://job-boards.eu.greenhouse.io/nice/jobs/4302750101?gh_jid=4302750101
Senior Manager of Incident Response - Chime. https://boards.greenhouse.io/chime/jobs/7494540002
Cool Tool
Search for a username from over 30 domains and 90 social media services. https://namechk.com/
Authentic8 published a bang-up guide to investigating Reddit users: https://www.authentic8.com/blog/osint-gathering-reddit
Irrelevant
The Stoics were ahead of their time. Or maybe just in time. https://dariusforoux.com/stoic-lessons/
Late Breaking
The FBI has dismantled servers of the Radar/Dispossessor ransomware operation in the US and Europe. The group, led by a hacker named "Brain," has targeted 43 companies since August 2023, mainly in the education, healthcare, financial services, and transportation sectors. https://therecord.media/fbi-seizes-ransomware-servers-radar
Sign Off
Thank you for reading another issue of the Newsletter. Your time is limited, and I appreciate you spending some of it here.
Matt
“IT IS EASY TO DODGE OUR RESPONSIBILITIES, BUT WE CANNOT DODGE THE CONSEQUENCES OF DODGING OUR RESPONSIBILITIES.” - someone who has seen me dodge responsibilities.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.