Threats Without Borders - Issue 121
Matt's Cyber-Financial Crime Newsletter, week ending March 12, 2023
The Harrisburg Security BSides event over the weekend was awesome. Kudos to all of the organizers who made it happen. I volunteered to work at the event and met some fantastic people. The event had a capture-the-flag competition, lockpick village, and two rooms of speakers running through the day. If you are interested in computers, technology, or cybersecurity, in any way, you couldn’t find a better way to spend twenty-five dollars. What a great time. Learn more about the BSides events and get involved!
Subscribers to the newsletter come and go but last week there were several unsubscribes within an hour of publication. I immediately reviewed the issue but couldn’t find anything too controversial. Other than my grammar. I mentioned the Crowdstrike Global Threat Report was “wordy”. I downplayed the White House’s new Cybersecurity Policy because, well, it's the government. And I called for the death penalty for a couple of subhumans who attempted to steal $25,000 from an 86-year-old grandmother. I’m not wrong on any of those points and if anyone left because of that then good luck with life.
At the last minute, after the issue’s deadline, Cloudflare published its Top 50 most phished brands report on Monday. I’ll share more thoughts about this in the issue but wanted to share the link now as it’s interesting reading for sure.
Credit Unions on the clock
The National Credit Union Association (NCUA) amended it’s cyber reporting regulations to mandate that federally insured credit unions report cyber incidents to the NCUA within 72 hours. The sticky-stick, of course, is how does one define a “cyber incident” and even further a “reportable cyber incident”. The document DOES define these terms, but as we all know, a team of lawyers will work 71 hours and 55 minutes to make their particular incident not applicable. https://ncua.gov/files/agenda-items/cyber-incident-notification-requirements-final-rule-20230216.pdf
Android Banking Trojan targeting 400 banks
And counting. ThreatFabric reports on a banking trojan that does it all, literally a complete fraud package once it infects an android device. It even has the ability to abuse the victims multi-factor-authentication (MFA) application. Read the report…it’s really well done. https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
Not cyber(ish), but too rich to pass over
There is a saying that goes…people get the government they deserve. The Government of New York City mandated face masks through the pandemic and continued to encourage them even as most areas of the country had moved on. Much to the surprise of ONLY the New York City government, violent crimes including business robberies, have spiked in the city and Mayor Eric Adams is now calling for the masks to come off. "We are putting out a clear call to all of our shops, do not allow people to enter the store without taking off their face mask," he stated in a recent radio interview. https://www.npr.org/2023/03/07/1161623700/nyc-stores-masking-eric-adams-robberies-shoplifting-bodegas
SBA Grant applicants targeted
Cofense details a phishing attack targeting Small Business Administration grant seekers. The phishing email’s design and supporting infrastructure is really well done and has undoubtedly collecting many victims. https://cofense.com/blog/fake-small-business-administration-sba-grant-used-in-new-phishing-scam/
Domain Tools is tracking a threat group running an ever-evolving financial advisor impersonation scam. The group is believed to be based somewhere in West Africa and is now impersonating the Financial Industry Regulatory Authority (FINRA) to collect “identity documents” from it’s victims. These documents are then be used to facilitate countless other frauds, including opening financial accounts under the victims identity. https://www.domaintools.com/resources/blog/update-financial-advisor-impersonation-ring-targets-finra/
The FBI and global law enforcement partners shut down domains used to market the Netwire Remote Access Trojan (RAT). https://www.justice.gov/usao-cdca/pr/federal-authorities-seize-internet-domain-selling-malware-used-illegally-control-and
The Record shows the latest Ransomware numbers. https://therecord.media/ransomware-tracker-the-latest-figures
No good jobs this week so have some extra tools!
Different way to Internet search - pretty cool actually. https://swurl.com/
Read that Youtube video - https://youtubetranscript.com/ (doesn’t work with shorts)
Find any book, anywhere, and at the best price. https://www.bookfinder.com/
I’m an adjunct instructor at a local college where I teach various criminal justice classes. In many of the classes we cover the concept of Corpus Delicti or the “body of the crime”. This is the object of the criminal activity - a stolen car, a burnt down house, the stolen cash, or sometimes the body of the crime is literally a body. One of the exercises I run through with the students is “Can you have a murder trial without a dead body?”. It's always a lively discussion. Eventually, someone will get to the topic of “what if someone just disappears and everyone thinks they’re dead but they’re just hiding”. The counterargument is “that's impossible today with all the technology we have, someone will eventually find you”.
Well… we have a new hide-n-seek world champion. This lady disappeared in 1992 and was just found in Puerto Rico - 30 years later. Thankfully for her husband the investigating police agency was on the side “you need a body to have murder”.
The International Association of Financial Crime Investigators (IAFCI) has chapters worldwide and most have training events planned over the coming months. These are the best “bang for your buck” training/networking events you will find if your job involves financial crime and fraud investigations. Check out the training calendar and get involved. https://www.iafci.org/Public/Events/Public/Training_Events/Regional_Events_Webinars.aspx?hkey=90afc301-f37c-4cdf-a634-db27fcf0c253
Thank you for opening this weeks email and reading Issue 121. Your attention is at a premium and it’s awesome you spent a bit here.
“GENIUS AIN’T ANYTHING MORE THAN ELEGANT COMMON SENSE”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.