It has been the rare occasion that I have published a newsletter without a ransomware story. And every one mentions the competing narratives of the necessity to pay the ransom and the reasons why we don’t pay ransoms. Victim businesses generally understand why they shouldn’t feed the beast, but have no other options. It a choice between bad and worse.
Now we have this story where financial advisors in law and tax are floating the idea that ransom payments might be, or should be, tax deductible. "I would counsel a client to take a deduction for it," says Scott Harty, a corporate tax attorney with Alston & Bird. "It fits the definition of an ordinary and necessary expense."
So now we have to be alert for, investigate, and prosecute, ransomware tax fraud?
Small business makes a nice profit. Small business sets up an anonymous cryptocurrency wallet. Small business infects a non-vital server with a ransomware variant and communicates with itself the demand for a ransom payment. Small business transfers cryptocurrency to itself. Small business claims the ransom payment as a tax deduction to offset its profit. Small business cashes out cryptocurrency wallet and launders cash back into the business.
This is going to happen. Absolutely. And the government will still be tripping over itself trying to figure out why issuing pandemic relief payments on a gift card didn’t work.
https://www.fox2detroit.com/news/ransomware-attack-payments-might-be-tax-deductible-says-us-government
Profit is motive
Transunion conducted a survey of federal, state, and local IT and cybersecurity professionals and found that account takeover fraud is a serious issue within government networks. 53% of the surveyed said the number of account-takeover incidents have increased over the past two years, while 60% said such attacks are becoming more severe. Government is less likely to make changes, or changes at all, since there is no fear of financial loss. In private industry a security incident equates to loss profits. Not so in government where the tax payers money is a never ending flow. https://statescoop.com/online-fraud-transunion/
The BIG rip
This article is intended to be a political story but it’s actually one about fraud; and the results of not employing basic fraud prevention techniques before giving hundreds of millions of dollars. Yes, covid-19 relief fraud continues to dog politicians of states that sustained huge loses of money to fraud. “This is probably going to go down in history as the biggest rip-off of taxpayer dollars ever,” Rep. Jackie Walorski of Indiana, told RealClearPolitics. https://www.realclearpolitics.com/articles/2021/06/11/ca_unemployment_fraud_backlog_still_dog_newsom_145906.html
Thumbdrive seeding - the crypto version
Thumbdrive seeding is when malicious actors drop malware laden usb thumbdrives around a target area and wait for the finders to plug them in. Ledger makes hardware wallets for cryptocurrency and was involved in a recent data breach. Threat actors are now mailing Ledger customers who were exposed in the breach new Ledger hard wallets - but with an added feature - malware that allows the criminals to steal the cryptocurrency. There is so much to this story. I want to discount it as manufactured hype due to the significant upfront costs to deliver the exploit, but never underestimate a motivated attacker. https://www.bleepingcomputer.com/news/cryptocurrency/criminals-are-mailing-altered-ledger-devices-to-steal-cryptocurrency/
And again with gift cards
Who would have thought that an internet search for “cheap car rentals” and then paying with a gift card would result in you having no car and a zero balance card? The FTC and and AARP have issued a warning about the increase in vehicle rental fraud, specifically, Internet based scams taking advantage of people looking for cheap post-pandemic car rentals. https://www.yahoo.com/news/cheap-car-rental-may-fraud-183144453.html
The Rest…
Ransomware, Cryptocurrency, Money Laundering, China, and Russia. This rambling Forbes article covers just about everything. https://www.forbes.com/sites/kenrapoza/2021/06/14/dark-tech-latest-ransom-scandals-highlight-cryptos-role-as-money-laundering-play/
For those us around way-back-when, it was huge story in 2012 when MoneyGram was prosecuted for money laundering. Nine years later, a federal just has brought closure to the suit. https://www.pymnts.com/news/security-and-risk/2021/federal-judge-orders-2012-charge-against-moneygram-to-be-tossed/
Ransomware groups are pivoting away from email attacks and just flat out buying access to victim networks that have already been infiltrated by other cybercriminal groups, says Proofpoint. https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware
In this article about a group of romanian’s indicted on federal charges for ATM skimming the author notes: “It was not clear what brought the defendants from Romania to Southwest Virginia”. Ahhh, gonna go out on a limb here and say…ATM skimming. Just a hunch. https://roanoke.com/news/local/man-pleads-guilty-in-atm-fraud-case-that-stole-more-than-250-000/article_8b680200-cfac-11eb-8ddb-bf67d53f23e6.html
Tools
https://www.duplichecker.com/text-analysis-tools
“YOU WILL NEVER START ANYTHING IF YOU ALWAYS WAIT UNTIL YOU ARE FULLY READY” - someone smarter than me
Thank You for reading another issue. Please consider sharing with a friend or colleague. Or even a nemesis.
Matt