Unless you have been living in a cave or have completely shunned all news media, which may be one-in-the-same, you are aware of the Colonial Pipeline ransomware attack. I’ve heard people say “so what”? We’ll if you don’t care about the legal or political ramifications, you’ll at least care when you go to the gas pump to fill up your car. Or to the store to buy anything that had to be transported by a fuel consuming vehicle.
Every news outlet has been compelled to cover the event, some did it well, and some not so much. I won’t bore you with article links for the obvious reasons. But I will make this observations - many of the reports and opinions are way off base. What, Where, When, and Why, all matter, but the only important question that truly needs answered at this point is How. Two of them in fact.
How did the system become compromised?
How can we prevent it from happening again?
Everything else is water under the bridge. Attribution and justice are lofty goals. But first and foremost, lets not allow it to happen again!
In something completely unrelated…my wife destroyed an iPhone last week. It reminded me of an important security tenant and I wrote about it here.
Americans aren’t the only ones…
This BBC article details how the rise in Internet fraud is affecting those on the other side of the Atlantic ocean. Online fraud in England, Wales, and Northern Ireland is up an estimated 44% over the past year. The reported increase in pet sale fraud caught my eye as that is definitely on the rise here in America also. Particularly for those seeking designer dog breeds like cockapoo and labradoodle. Those seeking hard to get “trendy” breeds like the French Bulldog and Shibu Inu are also targeted since local breeders are rare for most buyers. https://www.bbc.com/news/business-57070589
Binance investigation
If your business processes $756 MILLION dollars of dirty money…are you a money launderer? I guess we’ll find out as multiple investigative agencies have opened criminal probes to examine Binance, the world’s largest cryptocurrency exchange. Crypto-intelligence firm Chainanalysis has traced 2.8 billion dollars in criminal bitcoin transactions and determined $756 million of it was facilitated by Binance. C’mon…at some point you have to realize your customers are up to no good! https://arstechnica.com/tech-policy/2021/05/binance-the-biggest-cryptocurrency-exchange-reportedly-under-investigation/
Small budgets…big costs
International insurance company published their findings that the average cost for a small business to recover from a cyber attack is $25,612. The study looked at U.S. businesses with less than 250 employees. I’d like to see how many of the surveyed businesses engaged their employees with proactive security training? https://www.hiscox.com/articles/average-annual-cost-cyber-attacks-us-small-business-25k-reveals-hiscox
How does this market even exists
Well, I know how. But why? This Hacker News article details the explosion of counterfeit Covid-19 related products, specifically vaccines, on Internet underground markets. Why? Who needs to purchase off-market Covid-19 vaccine here in America? It’s free. Walk into a clinic and get a shot. I understand the vaccines are harder to get in other parts of the world, BUT why are you willing to put a liquid into your body purchased from a dark web seller? Even if the serum is legit - is it still good? The vaccines are notoriously volatile. You’d be better off taking your chances with the actual Covid virus. https://thehackernews.com/2021/05/dark-web-getting-loaded-with-bogus.html
The Rest…
Lior Div, founder and CEO of Cybereason, writes about his participation on the newly created Ransomware Task Force. https://www.cybereason.com/blog/solving-the-ransomware-crisis
Security services and consulting firm NTT released their 2021 Global Threat Intelligence Report. https://hello.global.ntt/en-us/insights/2021-global-threat-intelligence-report%20
Check Point Software documents the scope of ransomware and explains how it has become a “triple extortion” threat. https://blog.checkpoint.com/2021/05/12/the-new-ransomware-threat-triple-extortion/
Check out the website https://www.fragattacks.com/ to see if your devices are open to recently disclosed security vulnerabilities effective Wi-Fi devices.
Tools
https://millionshort.com/ - a different type of Internet search engine, designed to search the road less traveled.
https://www.phishtank.com/ Add a Phish - Verify a Phish
“BE BRAVE ENOUGH TO SUCK AT SOMETHING NEW” - someone braver than me
Thank you for reading.
If you just browsed in - I invite you to subscribe. I have nothing to sell, never include ad’s or paid endorsements in the newsletter, and promise to not spam your email.
Matt