Threats Without Borders - Issue 200
Cybercrime Investigation Newsletter, week ending September 15, 2024
200 or 4? Which is more significant?
You are reading the 200th issue of the Threats Without Borders newsletter. I fully plan to celebrate four years of publishing the newsletter in eight weeks.
If you run some quick numbers there, you’ll calculate this is the 200th publication in 200 weeks.
Through all the effort of family, work, illness, travel, and terrible government, I have published my paltry thoughts in this space for two hundred straight weeks!
You can’t swing a dead cat without hitting a cybercrime/cybersecurity focused newsletter, but I challenge you to find one as consistent as Threats Without Borders.
Yes I know, consistency doesn’t always equate to quality.
Regardless, I’ve always said I’d keep publishing as long as people subscribe and read. So, we’ll keep going for a few more weeks, or 200.
Cyber Basics: Bulletproof Web Hosting
Bulletproof hosting is a web hosting service that provides clients with very high levels of privacy protection and often doesn't enforce internet abuse policies strictly. As a result, these hosting providers tend to ignore illegal or unethical activities carried out by their clients. This makes bulletproof hosting a popular choice for cybercriminals who want to host malicious content, including phishing websites, malware, command-and-control servers, and sites involved in illegal sales or pornography.
The hallmark of bulletproof hosting, and why criminals pay a premium to use them, is a lack of cooperation with law enforcement and the absence of content restrictions. These hosting providers are usually based in jurisdictions with weak or non-cooperative law enforcement, which makes it challenging for authorities to shut down websites or access client information. Furthermore, these providers often allow customers to host content typically prohibited or removed by legitimate hosting companies, such as spam operations, botnets, terrorist content, and child sexual assault material.
Some News…
This guy believes he designed a better version of the Cyber Kill Chain and he might have just done it. The Cyber Kill Chain is a cybersecurity framework developed by Lockheed Martin to identify and understand the stages of a cyberattack. It outlines the steps adversaries follow when infiltrating a network or system. Organizations can better detect, respond to, and prevent cyber threats by understanding each step. https://www.unifiedkillchain.com/
Criminal IP and IPLocation.io have combined their threat intelligence resources to offer IP address analysis along with enhanced threat intelligence data. Criminal IP uses a machine learning ecosystem, employing AI and machine learning techniques to provide accurate, updated data. Users can evaluate IP address risks using a range of evidence-based information and inbound/outbound scoring. The system also detects potential evasion attempts through VPN, proxy, and Tor data, allowing for predictive insights into future risks. https://www.bleepingcomputer.com/news/security/criminal-ip-and-iplocationio-join-forces-for-enhanced-ip-analysis/
This author explores the use of AI in fingerprint analysis. No, not browser fingerprints, finger fingerprints, the ones on your hand. It highlights a study that challenged the assumption of fingerprint uniqueness by finding similarities between different fingers of the same person. The article discusses the evolution of fingerprint recognition technology, the role of AI in improving accuracy, and the challenges posed by latent fingerprints and contactless fingerprint capture. The author concludes that human expertise remains crucial, especially in criminal investigations. https://cacm.acm.org/news/automating-detective-work/
Stolen iPhones will soon be effectively useless. For anything. In the past, even if the owner locked the device, it could be torn down and used for parts. Apple corrected that with the upcoming release of iOS 18, which will apply “Activation Lock” to the camera, battery, and display. https://9to5mac.com/2024/09/12/apple-activation-lock-iphone-parts/
The FBI released a report through the Internet Crime Complaint Center (IC3) detailing Business Email Compromise (BEC) attacks have cost victims 55 billion dollars over the past ten years. https://www.ic3.gov/Media/Y2024/PSA240911
Speaking of Business Email Compromise scams…A school district in Tennessee lost $3.36 million in a BEC scam after an employee was tricked into sending funds to a fraudulent account. The scammer impersonated a representative from Pearson, a digital learning materials provider, using a spoofed email address. The finance director, believing the communication to be legitimate, initiated two wire transfers totaling $3.36 million to the fraudulent account. Why was that money allowed to be moved without multiple layers of confirmation? https://therecord.media/tennessee-school-district-loses-3-million-bec-scam
There has been an alarming increase in criminals exploiting legitimate services like Dropbox and Docusign to launch attacks. The Malwarebytes Lab team identified a scam targeting Mac users seeking AppleCare+ support. Scammers exploit Google Ads to direct users to fake AppleCare+ pages hosted on GitHub. These pages mimic Apple's branding and trick users into calling fraudulent call centers, potentially leading to financial losses and identity theft. https://www.malwarebytes.com/blog/scams/2024/09/scammers-advertise-fake-applecare-service-via-github-repos
And to no one’s surprise, the Office of the Comptroller of the Currency found deficiencies in Wells Fargo's anti-money laundering controls and financial crimes risk management. The investigation was part of a clean-up process following a fake accounts scandal in 2016, which led to penalties and lawsuits. I guess the clean-up isn’t going so well. https://www.cnbc.com/2024/09/12/wells-fargo-cannot-expand-into-certain-high-risk-areas-without-permission-regulator-says.html
Mastercard pays 2.6 BILLION dollars for threat intelligence firm Recorded Future. Who wants to partner with me to start a threat intel business? https://www.reuters.com/markets/deals/mastercard-buy-threat-intelligence-company-recorded-future-265-bln-2024-09-12/
Reader Mail
“you linked an article about the destruction of our rights to free speech. I hope it was just an oversight that you put it in the “irrelevant” section. It’s anything but.” - Will
I appreciate you pointing that out, Will. I actually noticed it myself, but only after I had already published the article. The "Irrelevant" section is intended for sharing articles that I found interesting but are not directly related to the focus of the newsletter. It's like a miscellaneous collection. I didn't mean any disrespect, and I'll make sure to penalize my copy editor for it!
Cool Job
Manager of Risk and Compliance - Carfax. https://jobs.jobvite.com/careers/carfax/job/oQK7tfwU
Cool Tool
FDown - Download videos from Facebook. https://fdown.net/
Black Lantern Security’s Big Huge OSINT Tool (command line and Python) https://github.com/blacklanternsecurity/bbot
Long technical read…worth the read
Intigriti discusses the prevalence of improperly configured Amazon S3 buckets and how easily they are exploited. Is your organization storing data in these buckets? It's probably a good time to start asking questions. https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide
Irrelevant
Only Fans has grown into a massive enterprise. Mind-boggling actually. Matthew Ball breaks down the stunning financial numbers. https://www.matthewball.co/all/fansprofitandloss
Sign Off
Thank you for taking the time to read the newsletter this week. We don't have an advertising budget and rely on referrals from our subscribers to grow. Please consider sharing the newsletter with your colleagues to help us continue to grow.
Have a great week and we’ll see you back here next week with issue 201.
Matt
“ONE OF THE HARDEST DECISIONS YOU’LL EVER FACE IN LIFE IS CHOOSING WHETHER TO WALK AWAY OR TRY HARDER” - me, every day.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity cyber financial crime fraud aml investigations