Welcome to Issue 38.
It’s been hot and dry here in central Pennsylvania. The classic dog days of summer.
Speaking of dogs…as I mentioned in last weeks issue, more incidents of dog fraud. In one case, the bad guys have created an entire website to peddle fictitious Old English Sheepdogs.
www.oespuppiesforsale [dot] com
I searched several of the images and a few code snippets but couldn’t find the original sources.
The domain is registered with Namecheap and the site hosted on Duda. I have filed abuse claims with both, but the site is still standing as I write this. And I assume people are still being victimized.
Of course crime pays!
I wrote about this in a previous issue when it was announced that an employe of the United States Postal Service had been arrested for stealing mail. The employee worked in the State College, PA post office and was stealing mail addressed to Penn State University students. It is a pretty secure bet that cards sent to students will include cash or gift cards. And what do you get for stealing an untold amount of mail over an eight month period…a federal offense mind you? One year probation and a $300 fine. No seriously, thats it. Whoever said crime doesn’t pay was doing the wrong crime. https://www.pennlive.com/news/2021/08/ex-postal-worker-given-probation-fine-for-stealing-from-mail-intended-for-psu-students.html
Wawa settles suit…with gift cards
In December of 2019, Wawa disclosed a breach that compromised the accounts of over 22 million customers. Eventually, the company agreed to a 12 million dollar financial settlement. The settlement includes three tiers of customers, who will receive gift cards for either $5 or $15, or $500 in cash, depending on the severity of their injury from the data breach. Would it be irony if the gift cards they provided as restitution ended up compromised? https://news.bloomberglaw.com/privacy-and-data-security/wawa-customers-win-initial-settlement-approval-in-data-suit
Latvians in Pittsburgh
Proving that cybercrime is borderless…two Latvian members of the international money-laundering operation for cybercriminals called QQAAZZ have pleaded guilty in federal court in Pittsburgh. The two are among 20 Eastern Europeans under indictment in Pittsburgh on charges related to QQAAZZ, a European-based organization that provided cryptocurrency transactions for computer hackers on a global scale. What is QQAAZZ - it took me a while, but look down at the keyboard! So simple. https://www.post-gazette.com/news/crime-courts/2021/08/06/Two-members-of-QQAAZZ-money-laundering-group-for-cybercriminals-plead-guilty-in-Pittsburgh/stories/202108060128
Spam is back!
Kaspersky released their Q2 Spam and Phishing report highlighting the organizations observations of email based attacks for the second quarter of 2021. After a prolonged decline, the share of spam in global mail traffic began to grow again in Q2 2021, averaging 46.56%, up 0.89 p.p. against the previous reporting period. Yea, awesome. https://securelist.com/spam-and-phishing-in-q2-2021/103548/
Not a jobs crisis…a hiring crisis
To piggy back on my commentary in last weeks issue, ZDNet published this well written and reasoned article on the so called “cybersecurity jobs crisis”. A recent ISSA study that queried security professionals found “38% said their organization doesn't offer competitive compensation, while 29% said their HR department doesn't understand the skills needed for cybersecurity and 25% said that job postings at their organization tended to be unrealistic” The industry doesn’t have a jobs crisis, or a talent crisis, it has a hiring crisis. https://www.zdnet.com/article/the-cybersecurity-jobs-crisis-is-getting-worse-and-companies-are-making-basic-mistakes-with-hiring/
The Rest…
Remember how they got Capone… yeah this guy too. They couldn’t get him on embezzlement so they pinned a tax charge on him for not reporting the $318,583 he acquired (allegedly stole) - as income. https://www.pennlive.com/news/2021/08/pa-man-accused-of-not-paying-federal-income-taxes-on-318583-he-allegedly-embezzled.html
Naturalized U.S. citizen pleads guilty to laundering more than 30 million dollars in drug proceeds for multi-national traffickers. https://www.justice.gov/opa/pr/leader-transnational-money-laundering-network-pleads-guilty-aiding-drug-trafficking
Office365 phishing variant bypasses Microsoft security features to target remote employees. https://cofense.com/blog/office-365-phishing-variant/
And proving that even criminal syndicates have to worry about malicious insiders, the Conti ransomware group gets exposed by a former confederate. https://www.flashpoint-intel.com/blog/disgruntled-conti-affiliate-leaks-ransomware-training-documents/
Cool Tools
What’s that plane flying overhead?
Know those BIN’s: https://www.bindb.com/bin-database
“Every single person you meet knows something you don’t.” - someone smarter than me.
Thanks for opening this weeks issue. Please help me grow the newsletter and share with a colleague.
Matt