As defined by Wikipedia, the Curse of Knowledge is a cognitive bias that occurs when an individual, who is communicating with others, wrongly assumes they have the background to understand the communication. Just because you have mastered a subject doesn't mean everyone you communicate with has also. I often assume that my audience has the prerequisite knowledge to understand the information I am presenting. I am usually wrong, which leads to frustration on both ends. This doesn't mean they are low intelligence, or unable to learn, it just means we have different backgrounds, experiences, and professions. An orthopedic doctor trying to explain bone density to me is going to get the same response as me trying to explain Network Address Translation to her.
I recently participated in a ransomware tabletop exercise at a local business. Initially, I was disappointed in the simplistic scenario presented by the consultant running the exercise. Uhh, so basic, I can't believe they are getting paid for this, I thought. But as the exercise played out, I observed that even such a basic scenario led to very productive conversation. In fact, the participants couldn’t have handled much more. Many of the stakeholders were not in the business of security, or Internet technology, and needed to be brought up to speed.
The curse of knowledge got me again. I allowed my familiarity of the topic influence my opinion of the exercise and assumed the other participants had an equal or better understanding of ransomware and the incident response process. I had been through the scenario so many times, in both exercises and reality, that I had the answers. I wrongly assumed the others would also.
Tabletop exercises are a great way to equalize the level of knowledge. It educates the less experienced members of the team and reinforces the knowledge of the rest. And as this exercise demonstrated, it doesn't need to be a complex event.
Is your organization regularly conducting tabletop exercises and role-playing scenarios? If not, why?
If you are a small business or non-profit with a limited budget and can't afford a consultant-led exercise or don't know where to start - contact me and I'll point you in the right direction. If geographically feasible, I’ll come run one for you!
Getting to the point!
A new ransomware group is getting right to the point, straight extortion. “We have your data, now pay us to not release it.” They are skipping right over the encryption of data part since they realize most companies are now able to restore from back-ups. The author of this article warns that paying the demand is risky. Of course. But I’d image they will keep their word and not release the data after receiving payment, or future victims would have no incentive to pay the extortion demand. https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/
Keep it in the family
A father and daughter team have been sentenced to five years in prison for running a massive organized retail theft operation. The couple were using Amazon and Wal-Mart reseller accounts to move the stolen goods. To the tune of over 4.3million dollars! The couple was sending out an army of professional shoplifters with lists of items they needed to stock their stores. https://www.marketwatch.com/story/retail-theft-on-a-massive-scale-father-daughter-duo-sentenced-in-multi-million-dollar-shoplifting-scheme-11634063888?mod=financial-crime
Google - not all bad.
I kid, I kid. The Google Threat Analysis Group is extremely active combatting attacks against Google users. They get little press and rarely promote themselves so it’s nice to see this post where they detail some of the work they are doing. So far in 2021, they have notified over 50,000 Google users that have been targeted by a nation-state threat actors. I guess the real question is, if you get that email, do you believe it’s legitimate or a phish itself? https://blog.google/threat-analysis-group/countering-threats-iran/
Well, they did something right.
The Biden administration convened their virtual “International Summit on Ransomware” last week - sans Russia and China. This quote sums up our current situation, “I’ve been in cybersecurity for 24 years and I’ve never seen it this bad,” said Tom Kellermann, head of cybersecurity strategy at software company VMware Inc. “I’ve never seen cybercrime cartels this emboldened, this organized, this sophisticated and so punitive in their actions.”.
https://www.wsj.com/articles/u-s-convenes-international-summit-on-ransomware-11634115600?mod=djemCybersecruityPro&tpl=cy
https://thehill.com/policy/cybersecurity/576417-white-house-convenes-virtual-meeting-of-countries-to-counter-ransomware
https://www.whitehouse.gov/briefing-room/statements-releases/2021/10/14/joint-statement-of-the-ministers-and-representatives-from-the-counter-ransomware-initiative-meeting-october-2021/
But it’s still all talk. Do something!
The Rest…
In San Francisco, retails stores are literally being forced out of business by rampant retail theft. No, check that, they are being forced out of business by the ludicrous policies by extremist politicians. https://nypost.com/2021/10/12/walgreens-closes-five-more-san-francisco-locations-due-to-theft/
VirusTotal released their very first Ransomware report. The findings are staggering. https://blog.virustotal.com/2021/10/ransomware-in-global-context.html
Eleven persons were charged in connection to a BEC fraud and Romance scam ring. The group defrauded over 50 victims for more than 9 million dollars. (And that is only the victims that were identified). https://www.justice.gov/usao-sdny/pr/us-attorney-announces-charges-against-11-members-money-laundering-and-bank-fraud-ring
The FTC threatens to crack down on businesses using deceptive advertising and fake reviews. https://www.ftc.gov/news-events/press-releases/2021/10/ftc-puts-hundreds-businesses-notice-about-fake-reviews-other
Believe it or not, the United States is not the epicenter of cy-fi crime. It’s Great Britain. This article explains why. https://www.reuters.com/world/uk/welcome-britain-bank-scam-capital-world-2021-10-14/
Cool Tool
Search for the same or similar images from the right-click menu. Searches Yandex.ru, Google.com, Bing.com and Tineye.com. Available in both Chrome and Firefox extensions.
https://chrome.google.com/webstore/detail/who-stole-my-pictures/mcdbnfhkikiofkkicppioekloflmaibd
https://addons.mozilla.org/en-US/firefox/addon/who-stole-my-pictures/
“The cost of anything in life is either money, time, or attention” - someone smarter than me.
Cool Job
Fraud Operations Crypto Investigator - Robinhood
See you next Tuesday! Thank You.
Matt