I am a victim. Well, my wife is actually, but since we share a bank account I'm going to also claim victimhood. She purchased a gift card from a local business that agreed to send it by mail to save us a 30 minute trip to the store. We received an envelope from the business, empty. The three-inch slit in the envelop, just big enough to slide out a plastic gift card, tells me this isn't a case where the business mistakenly mailed an empty envelope. I suspect the blame for this lays squarely on an employee of the United States Postal Service.
It's good to be a victim now and again. Particularly if you are in a victim-serving business. I hear victim stories so often that I quickly become callous to the emotional toll exploitation takes on a person. The hurt and frustration I observed from my wife reminded me of the need to be sensitive and responsive to the feelings of my victims. And after 22 years in the game, that is easier said than done.
I'm out one hundred dollars and my wife now has to deal with the hassle of replacing a stolen gift card, but I gained a renewed perspective on the importance victim-care. Something I sorely needed.
Try to keep up
As many financial security investigators are just getting up to speed with cryptocurrency, a new facet has been introduced: Crypto-lending. This Protocol article sufficiently explains the concept and questions how security and regulation will keep up. It won’t. https://www.protocol.com/fintech/crypto-lending-defi-regulation
And now we have Quishing
Abnormal security has identified a new phishing attack that involves the use of malicious QR codes. That have aptly named this form of attack “Quishing”. I would have thought it would be QRishing, but I guess they are being grammatically correct and placing the required U after the Q. So Quishing it is. https://abnormalsecurity.com/blog/qr-code-campaign-bypass-security
False Claims they say
Is your organization receiving federal funds? If so, you better get your cybersecurity team up to speed. The Department of Justice will use the False Claims Act to pursue civil penalties against companies who’ve procured federal dollars while knowingly permit business practices with unacceptable cybersecurity risk. https://www.jdsupra.com/legalnews/doj-announces-civil-initiative-focused-8799303/
Sometime you just smile
Every once in a while I hear about about a criminal that is so stupid there nothing to do but shake my head and smile. This half-wit in Georgia fraudulently obtained $85,000 in pandemic reliefs funds only to spend $57,789 of it on Pokeman cards. Yes, 57K on trading cards of cartoon figures. And don’t even email me about how much a graded Charizard is worth! https://www.pennlive.com/daily-buzz/2021/10/man-submitted-false-information-to-get-his-covid-relief-loan-then-used-the-money-to-buy-a-pokemon-card-feds.html
The Rest…
Kaspersky’s Securelist released their Q3 APT trends report. https://securelist.com/apt-trends-report-q3-2021/104708/
Trend Micro explains what to expect if you find yourself in negotiations with ransomware actors. https://www.trendmicro.com/en_us/research/21/j/what-to-expect-in-a-ransomware-negotiation-.html
Red Canary released their Intelligence Insights report for October. https://redcanary.com/blog/intelligence-insights-october-2021/
Federal pandemic unemployment assistance programs may be coming to an end but the fraud persists… and will continue to be a problem due to the lessons learned by the criminals.. https://www.recordedfuture.com/termination-federal-unemployment-programs-turning-point-fraudsters/
Cool Tools
Online hash cracking tool - https://www.onlinehashcrack.com/
Whats the difference - https://text-compare.com/
What was that bank called…the one bought out by Bank X…no, before they were called that… https://banks.data.fdic.gov/bankfind-suite/bankfind - find any FDIC insured bank from anytime.
Cool Job
Cryptocurrency Investigations Analyst - Uphold
Impertinent
Americans have a terrible diet and it’s killing us in more ways than one: https://www.politico.com/news/2021/10/31/covid-deaths-diet-diseases-nutrition-america-517076
Homophones are hard
Axle - A supporting shaft or member on or with which a wheel or a set of wheels revolves.
Axel - A jump with one (or more) and a half turns in the air.
MOST PEOPLE WILL CHOOSE UNHAPPINESS OVER UNCERTAINTY. - someone smarter than me.
Thanks.
Matt
Email threat intelligence tips, compliments, complaints, or jest to twbnewsletter@protonmail.com