The name change is obvious. I’ve published this newsletter for the past 24 weeks under the generic “Matt’s Newsletter” because, well, I just wasn’t witty enough to come up with anything else. While enjoying a well crafted Old Fashioned this week, the phrase “Threats Without Borders” came to me as an apt descriptive for cybercrime. The Internet allows criminal threat-actors to victimize others anywhere in the world. Regardless of physical location or geo-political nationality. Your countries physical border is benign and irrelevant!
See sometimes drinking is good for you!
Paying at the pumps
We’ll be paying at the pumps for cybercrime. Colonial Pipeline, which operates the largest fuel pipeline in the United States and supplies most of the east coast with gasoline, has been shuttered by a ransomware attack. CNBC is reporting the Darkside ransomware group has stepped forward to claim responsibility. Open your wallets as the clean-up costs will surely be passed along to the end user. Not only will be paying to cover the incident response and remediation costs for the initial attack, but also for the increased shipping costs since the gas is now being transported via truck.
https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html
https://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/
Financial Institutions and Covid-19
BAE Systems has released a report titled “The Covid Crime Index: What was the true cost to financial services and consumers?”. The study found 74% of reporting financial institutions have experienced a rise in malicious activity and 29% observed an increase in overt criminal activity over the past year. Of course, it makes you think about the businesses that reported no increase in malicious or criminal activity. None? Really? https://www.baesystems.com/en-financialservices/insights/the-covid-crime-index
Amazon reviews are fake. Wait, what?
Gasp. No really. Researchers found an open database that listed over 200,000 Amazon users that were supplying fake reviews for compensation. However, the joke is on them since the database contained their name, email address, Paypal info, Amazon profile, and phone numbers. I wonder if I can find the people who left all those five star reviews for the brass hose nozzle that was supposed to turn a garden house into a pressure washer? (True story). https://www.zdnet.com/article/data-leak-implicates-over-200000-people-in-amazon-fake-product-review-scam/
When gift cards are not a gift
The Microsoft Threat Intelligence Team reported on a threat group that is targeting businesses through email to obtain gift cards. It’s just a BEC scam with the attackers trying to obtain gift card numbers rather than having the victim send a wire. I found it interesting to see the increase targeting of the real estate industry (11%). The report is really well written and worth the time to read it. https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/
We are losing the war on money-laundering
Or so says Forbes journalist David Birch in this article titled “The Case Against the Anti-Money Laundering Rules”. Birch claims the compliance costs for banks and other financial institutions “could be” more than 100 times higher than the amount of money laundered. And he makes an adequate claim that the only people really being punished are the innocent. I don’t know if I completely agree with all of his reasoning but I like being pushed and this article makes you explore another view point. https://www.forbes.com/sites/davidbirch/2021/05/03/im-anti-the-anti-money-laundering--rules/?sh=251af11d3111
The Rest…
Turns out their “bulletproof hosting” wasn’t so bulletproof as two Russians, one Lithuanian, and one Estonian plead guilty to federal RICO charges for running the infrastructure used by others to commit widespread cybercrime. https://www.justice.gov/opa/pr/four-individuals-plead-guilty-rico-conspiracy-involving-bulletproof-hosting-cybercriminals
Mobile banking is being targeted by phishers. https://threatpost.com/bait-phishers-convincing-lures/165834/
Proofpoint documents the taxonomy of BEC- Invoice Fraud. https://www.proofpoint.com/us/blog/threat-insight/bec-taxonomy-invoice-fraud
Tools
https://dangerzone.rocks/ - an open-source sandbox tool where you can open unknown or suspicious documents and convert them to safe PDFs.
Find those fake product reviews on Amazon, Best Buy, Ebay, and Wal-Mart with the browser extension https://www.fakespot.com/.
“Your best response to an insult is “You’re probably right.” Often they are!” - someone smarter than me.
Thank for reading this weeks issue of Threats Without Borders. Please consider sharing with a friend and a colleague.
Super Geeky item of the week: Cofense does a breakdown and analysis of the BazarBackdoor malware being used in advanced phishing attacks. https://cofense.com/blog/bazarbackdoor-avoid-detection/