Every year for the past twelve years, my family takes a week-long vacation at a beach along the Atlantic ocean. Each trip sees me carry along a computer, a bag of books, and a project list. This year was no exception with the to-do list including a few articles to write, working on a new website for a side project, and updating my CV. As with all the other years, none of that got done. One thing that did get done, however, was the publishing of Threats Without Borders.
For the past 31 weeks, I have published this Substack newsletter highlighting the best news and opinion pieces I read over the preceding week concerning cyber and financial crime, or CyFicrime as I have coined it. I'm a voracious reader and easily spend 20 hours a week just reading articles, blogs, and documents published on the Internet. The easiest way to share my knowledge is with a newsletter delivered through email. I joke with my colleagues that I read the entire Internet so they don't have to.
The newsletter has evolved. It was published for the first twenty-four weeks under the generic “Matt’s Newsletter” because, well, I just wasn’t witty enough to come up with anything else. Then the phrase “Threats Without Borders” came to me as an apt descriptive for cybercrime. The Internet allows criminal threat-actors to victimize others anywhere in the world. Regardless of physical location or geopolitical nationality. Your countries physical border is benign and irrelevant! The name was changed and I think it's been well received.
My goal from the start has been to publish a newsletter every week for 52 weeks. So far so good. And I even delivered during vacation.
I have an updated goal; grow the newsletter to 1000 subscribers by the end of 2021. This is easily obtainable. If you casually browse to the Substack site to read the newsletter - please subscribe. And if you already subscribe, please share it with a colleague. It’s not like I'm asking you to share your religion or opinion as to what is the best bear (Obligatory The Office joke). Click the button!
Monero Rises
The cryptocurrency Monero has become the crypto-cash of choice for cybercriminals. As noted in this ARS Technica article, “Monero’s original white paper argued that bitcoin’s traceability was a “critical flaw,” adding that “privacy and anonymity are the most important aspects of electronic cash.” Alternative crytpo’s that offer more anonymity will supplant Bitcoin as cybersecurity and intelligence firms get better at tracing Bitcoin blockchain transactions. https://arstechnica.com/information-technology/2021/06/monero-emerges-as-crypto-of-choice-for-cybercriminals/
Online retail targeted
Intel471 documents how criminals are focusing on the online spaces of retail businesses. And guess what is a prime target - gift cards. “If cybercriminals aren’t dealing with money itself, they often reach for gift cards as their next best option. Whether it be physical cards or solely online credits, the underground has long used gift cards as a conduit to move money.” As the retail enterprise moves online from brick and mortar storefronts, so will the criminals. https://intel471.com/blog/retail-cybercrime-threats-2021
Speaking of Ecommerce
Securi explains the current trends in online credit card theft. The most shocking point made in the article is the sheer dominance of WooCommerce which powers 40.9% of all online storefronts. The next closest competitor is Shopify with 26% marketshare. A WooCommerce exploit can do a lot of damage, particularly since it is not a managed platform and security updates are not automated. https://blog.sucuri.net/2021/06/online-credit-card-theft-online-fraud.html
CVS loses my data
Damn it, looks like my information has been exposed again. This time by my drug store. More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. The record file was 240 GBs. That is a HUGE database file. I always laugh when people get edgy about what is posted to my LinkedIn profile. Do we have any privacy left? https://threatpost.com/cvs-health-records-billion-customers-exposed/167011/
The Rest…
Congress attempts to regulate the antique and art market for AML compliance. https://www.moneylaunderingnews.com/2021/06/congress-regulates-the-antiquities-market-and-perhaps-the-art-market-for-aml-compliance-a-guest-blog/
More evidence the government rarely does anything correct and especially sucks at distributing money - 260 Billion pandemic relief fraud. https://reason.com/2021/06/28/government-pandemic-loans-plagued-by-potential-260-billion-in-fraud/
FBI Director Wray pleads - for the love of God, stop rewarding criminals! https://www.reuters.com/technology/fbi-director-wray-urges-companies-stop-paying-ransoms-hackers-2021-06-23/
Bipartison group of lawmakers introduce bill to increase cybersecurity awareness. See the above comment - “Government rarely does anything correct”. https://thehill.com/policy/cybersecurity/560077-house-lawmakers-introduce-bill-to-increase-american-awareness-of-cyber
Phishing campaign exploits the booming housing market. https://cofense.com/blog/phishing-campaign-housing-boom/
Tools
Master all the shortcuts - usethekeyboard.com
“Don’t let your email inbox become your to-do list” - someone smarter than me.
Thank you for reading!
Matt