I trust that everyone enjoyed the weekend and took a moment of remembrance in celebration of the Memorial Day holiday. I don’t think there is better quote to summarize where we are as a nation than this:
“Those who have long enjoyed such privileges as we enjoy forget in time that men have died to win them.” - Franklin D. Roosevelt
Phishlabs released the Q1 2021 Threat Trends and Intelligence Report. There is a lot of good information to digest but most striking is the finding that 82 percent of phishing attack sites uses SSL certificates. And not so striking, is 62% of all phishing sites abuse free online services and tools. I hope to collect my thoughts about the report into a blog post. Of course, I’m still trying to finish my post about the Verizon DBIR. https://info.phishlabs.com/blog/q1-2021-threat-trends-intelligence-report
In other news, I purchased my third laptop computer in four months. The allure of the new Apple M1 silicon chip was more than I could resist. Read about my experience HERE.
Cryptocurrency isn’t the problem
I give a talk titled “Ransomware 051” where I explain the need-to-know of ransomware and preventive security. I explain that although ransomware existed prior to the invention of digital cryptocurrency (see AIDS Trojan), it wasn’t until the value rise of Bitcoin, circa 2011, that ransomware was really able to thrive. Lee Reiners argues in this Wall Street Journal article - “Hey, let’s just ban crypto, then the bad guys can’t get paid”. That won’t work because the form of currency isn’t the real problem. Besides, the fastest growing payment method funding cybercrime right now is gift cards. Shall we ban them too? https://www.wsj.com/articles/ban-cryptocurrency-to-fight-ransomware-11621962831 (Sorry if you hit a paywall. Check out last weeks issue for help).
ATM Jackpotting with Pi
For about $150 you can buy the hardware to create a Rasberry Pi jackpotting rig. That is actually the easy part. The true challenge is finding an ATM that allows access to a connection port. I know that all of the ATM’s I use are secured. Maybe unsecured ATM’s still exist in larger cities and or in foreign countries. Anyways, if you can find one, making it spit out a bunch of money is easy as Pi. https://www.cloudsavvyit.com/11402/how-hackers-are-using-raspberry-pi-to-hack-atms/
PA man scams the lonely out of 1.9 Million
In close to home news, a Pennsylvania man, by way of Nigeria, admitted in federal court to scamming and laundering over 1.9 million dollars from victims of Internet frauds. “The Okpakos preyed on U.S. women ages 55 to 85 who visited on-line game, relationship and dating websites including Instagram, Facebook, Words with Friends and What’s App, Rocktashel said. They cultivated online relationships through texts, instant messaging and the exchange of pictures and then induced them to send or transmit money for fictitious reasons.” His wife was involved also. Whats that saying…the couple that defrauds together, stays together? Or something like that. https://www.pennlive.com/news/2021/05/man-admits-role-in-pa-based-scheme-that-sent-nearly-19-million-to-co-conspirators-in-africa.html
Swiper No Swiping!
28% of all online storefronts are running the Wordpress ecommerce plug-in WooCommerce, so naturally it is going to be a favorite target for malware writers. Securi has identified a card skimmer targeting the module and explains what to look for and how to protect your Wordpress site from being infected. https://blog.sucuri.net/2021/05/woocommerce-credit-card-skimmer.html
The Rest…
Kela demonstrates how easy it is for cybercriminals to commit unemployment fraud. https://ke-la.com/usa-unemployment-fraud-its-easier-than-you-think/
Fireeye Threat Research documents the threat actors are moving towards simple attacks to compromise operational technology. https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html
Cyberint has observed a significant increase in SMS phishing attacks targeting customers of retail businesses. https://blog.cyberint.com/new-sms-phishing-campaigns-target-retail-customers
The DOJ announces law enforcement actions to combat Covid-19 related health care fraud.
Tool
When you really, really, don’t want anyone to know what you’re searching the Internet for use https://private.sh/ or see how it works at https://private.sh/how-it-works.html
“A CALM MIND IS NOT THE ABSENCE OF CONFLICT OR STRESS, BUT THE ABILITY TO COPE WITH IT.” - someone smarter than me.
Thank You for reading. Your time to consume media is limited and I appreciate you giving my products a few minutes.
Please consider sharing this newsletter with friends and colleagues.
Matt