Welcome to the Threats Without Borders Newsletter - 80.
Yesterday I read someone ask “why do we say Happy Memorial Day when there’s nothing happy about the meaning of the day?”. That’s right. But I guess in today’s America we should be happy we still have some common ground to stand on and there is no cause more worthy than our military, its history, and the sacrifice made by its soldiers, airmen, sailors, marines, and coast guardsman. And saying “Have a solemn and respectful Memorial Day” doesn’t have the same flow.
Fraud follows fashion
Just like fraudsters take advantage of a worldwide epidemic or a major natural disaster, they also follow the social trends. And right now it’s super cool to signal your virtuous commitment to the trendy social issues of the day. Some commitments are for the worthy cause and some are for the cause of filling pockets. The Security Exchange Commission has announced it will enhance its Names Rule, which enables the agency to take action against mutual and exchange-traded funds with misleading names. The amendment would require funds that use ESG (environmental, social and governance) or similar terminology in their names to put at least 80% of their holdings into those assets. I hope they are sincere but I suspect the commission is also following the trends. https://techcrunch.com/2022/05/25/sec-weighs-crackdown-on-phony-environmental-and-social-justice-funds/
Loose you data…or get arrested
A new strain of ransomware requires you to do good deeds for the less fortunate to get your data back. The strain is called “Goodwill” and the designers lay out three challenges of social betterment that you must accomplish before they will provide you the encryption key. If you get this in America…just accept you’ve lost your data because attempting to complete the challenges will probably get you investigated by the police. Gathering up poor children and take them to dinner - grooming. Lurking in a hospital… loitering and trespass. Recording your conversations to prove your efforts - wiretap. Regardless, CloudSEK has done a really thorough write up on their analysis of the strain. https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need/
SilverTerrier gets leashed
Interpol announced the arrest of a Nigerian man responsible for running a massive worldwide business email compromise (BEC) ring. The Unit 42 group of Palo Alto networks has called this man SilverTerrier since the law enforcement operation began back in December of 2021. The man is never formally identified, even in the official Interpol press release…which is odd. https://unit42.paloaltonetworks.com/operation-delilah-business-email-compromise-actor/
FBI issues alert to academics
The FBI issued an alert informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publicly accessible forums. I adjunct at a local college and my college email is constantly barraged with spam and other attacks. And those just the ones that get through as the college does a pretty good job of blocking most of it. https://www.ic3.gov/Media/News/2022/220526.pdf
The Rest…
Circle ID published this excellent write-up on the use of branded domains in phishing attacks. Almost half of all observed attack (49.6%) make use of a brand-specific domain name to construct a deceptive URL. In most of these cases (41.7% of the total), the exact brand name is used, while the remainder feature a brand variant or misspelling. https://circleid.com/posts/20220526-branded-domains-are-the-focal-point-of-many-phishing-attacks
Bitdefender wrote a solid history of ransomware…how we got here and where we’re going. https://businessinsights.bitdefender.com/the-origin-of-ransomware-exploring-the-evolution-of-one-of-cybersecuritys-most-prolific-threats
If you are in the education space then you’ve used Screencastify, the free screen recording application. The Chrome web store shows over ten million installs. But it’s got some security flaws. https://www.bleepingcomputer.com/news/security/screencastify-chrome-extension-flaws-allow-webcam-hijacks/
A U.S. Army soldier has been indicted for his involvement in a romance scam that took at least $149,476 from at least 25 victims. Multiply that by three. https://www.justice.gov/usao-ks/pr/us-soldier-indicted-romance-scheme
Chicago is the best place to be a criminal. You can shoot your rivals at will and you can steal a half-a-mill from your employer and get off with only two-years probation. Truth. https://www.breitbart.com/pre-viral/2022/05/30/report-no-prison-time-for-chicago-man-who-stole-537k-in-coins/
Cool Training
For those in law enforcement - the National White Collar Crime Center (NW3C) is offering the course “Targeting Investment Fraud” on June 8, 2022 from 8am to 4pm EST. The course is online, live, and best of all, FREE.
https://www.nw3c.org/classroom-training/classroom-course-detail/22986
Cool Job
Cyber Security Awareness Coordinator - Under Armour. https://careers.underarmour.com/job/Remote-Professional%2C-Cyber-Security-OR-97458/889534900/
Cool Tool
View the exif data of any image on the Internet just by right-clicking on it: (works with any chromium based browser)
https://chrome.google.com/webstore/detail/exif-viewer-pro/mmbhfeiddhndihdjeganjggkmjapkffm
Irrelevant
What’s the latest must-have social media app for teens? BeReal! Alternatively posted: Noticed your kids taking pictures of themselves at seemingly inopportune times? Their BeReal went off.
I sincerely appreciate everyone who reads this newsletter. Thank You for making it part of your week and feel free to respond to me with criticisms or suggestions to help make it better.
Matt
“Show me your calendar and I will tell you your priorities. Tell me who your friends are, and I’ll tell you where you’re going.” - someone smarter than me.