This newsletter has evolved. It was published for the first twenty-four weeks under the generic “Matt’s Newsletter” because, well, I just wasn’t witty enough to come up with anything else. Then the phrase “Threats Without Borders” came to me as an apt descriptive for cybercrime. The Internet allows criminal threat-actors to victimize others anywhere in the world. Regardless of physical location or geopolitical nationality. Your countries physical border is benign and irrelevant!
As we have witness this week, a countries actual physical borders are also irrelevant in the presence of a motivated attacker set on warfare. This newsletter is generally apolitical, however I would be negligent if I failed to acknowledge the plight of the Ukrainian people in their struggle to repel an invasion of their sovereignty.
Regular readers of this newsletter, or anyone who even casually keeps up on news pertaining to cybercrime and cybersecurity, is well aware that the Russian government is responsible for much of the worlds victimization, either directly or through corrupt acquiescence. I have no ill-will towards the people of Russia as they have little control at this point, but Mr Putin and his associates can go to hell.
Help Ukraine Win. https://helpukrainewin.org/
Robocalls are relentless
I’m not a fan of Vox or any of its subsidiary products but this Recode article about persistent spam-robocalls is spot on. Inquisitive, informative and with a touch of humor. “Someone out there really, really wants to help me avoid expensive car problems. Their recorded voice tells me that they’ve been trying to reach me about an extended warranty my car doesn’t have, yet which is somehow about to expire. I just have to press 1 to learn more. They’re persistent: I get multiple calls a day from multiple phone numbers across the country.” Apparently, the author doesn’t know to tell them you own a Tesla. Seriously, it works. https://www.vox.com/recode/22882647/robocalls-robotexts-scams-stir-shaken-voip-extended-warranty
Call the gardener, we need some maintenance
Kroll released their Q4 of 2021 Threat Landscape Report and it details that we need some serious landscape maintenance. The group observed a 356% increase in common vulnerabilities exposures or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. More vulnerabilities and more attackers exploiting them and faster than security teams can mitigate the risks https://www.kroll.com/en/insights/publications/cyber/q4-2021-threat-landscape-software-exploits-abound
What is the point?
Why do we keep doing this? Why do all of us financial crime investigators and bank security officers keep showing up? This Pennsylvania woman admitted to illegally obtaining over $100,000 in pandemic relief PPP funds, AND assisting a co-conspirator who fraudulently obtained over $431,000 in PPP loans - but only gets sentenced to one year and one day in prison. Seriously, only 366 days in prison. https://www.pennlive.com/news/2022/02/pa-woman-gets-a-year-and-a-day-in-prison-for-using-covid-19-relief-funds-to-buy-bitcoins.html
Ransomware up. Duh.
The NCC Group has revealed that ransomware attacks almost doubled in 2021, rising 92.7% year-on-year, according to its 2021 Annual Threat Monitor. The report report details the events of 2021 and their impact on the cyber threat landscape, providing an overview of incidents across all sectors. Surprising no one, the most targeted region was North America with 53% of the documented attacks. https://newsroom.nccgroup.com/pressreleases/ransomware-attacks-rise-almost-93-percent-in-2021-according-to-ncc-group-annual-threat-monitor-3163511
Phishing Targeting Financials
PhishLabs released their Quarterly Threat Trends & Intelligence Report and it isn’t good news for those of you working to protect financial institutions - or really good news in terms of job security. Phishing attacks targeting Financials climbed consistently in share throughout 2021, including a 6.25% increase in share in Q4. https://info.phishlabs.com/hubfs/PhishLabs%20-%20QTTI%20Report%20-%20February%202022.pdf
The Rest…
Crowdstrike explains “access brokers” - groups that specialize in compromising organizations and then selling the access to cybercrime actors. https://www.crowdstrike.com/blog/access-brokers-targets-and-worth/
Citibank customers are being victimized by an ongoing large-scale phishing campaign. https://www.bleepingcomputer.com/news/security/citibank-phishing-baits-customers-with-fake-suspension-alerts/
Flashpoint published a guide to cyber threat intelligence that is worth the time to read it. https://www.flashpoint-intel.com/blog/cyber-threat-intelligence-guide/
Cool Job
Director of Security and Compliance - Coindesk & TradeBlock
https://boards.greenhouse.io/coindesk/jobs/5908578002?gh_src=7aef0c612us
Cool Tool
A huge list of Bitcoin resources from Jameson Lopp
https://www.lopp.net/bitcoin-information.html
Irrelevant
The Swedes are smart.
https://thehustle.co/how-ikea-tricks-you-into-buying-more-stuff/
Thank you for reading this weeks issue. Please help me gain five new subscribers this week by sharing this issue with a colleague.
Thanks,
Matt
“IT’S OKAY TO ADMIT THAT YOU DON’T KNOW OR DON’T UNDERSTAND WHAT’S GOING ON.” - someone who knows me too well.
Take 30 minutes to better understand the Ukraine/Russia conflict