Threats Without Borders - Issue 71
Matt's Newsletter - Week ending March 27, 2022
Welcome to Issue 71 of the Threats Without Borders newsletter.
There was A LOT of information published over the past week. I generally read the articles as I find them, but some get tacked to a note in Evernote and I catch up over the weekend. By Friday, my reading list was arms length and I never did get to it all by the time I sat down to write this issue of the newsletter.
We celebrate World Back-Up day this week. Take a moment and save all your important data somewhere else. Seriously, do it now. Well, finish reading Tw/oB and then do it!
Fake landlords…no, fake ads
Vice News reports on the proliferation of fake residential-rental ads posted to classified websites and smartphone apps. The tight real estate market has accelerated the issue. The increased use of money transfer apps has made it even worse. As described by the author of the article: A person sees a too-good-to-be-true rental deal on a site like Craigslist, Facebook Marketplace, or Zillow and contacts the seller, who then asks for lots of money, generally gives off plenty of weird vibes, and provides the tenants a way to access the home and move in. The renter, however, soon discovers the hard truth: The property they thought they rented is owned and managed by an entirely different person, the “landlord” they dealt with was a fraud, and they’ll have to leave.
USAA gets what it deserves
USAA gets its hand slapped by the Financial Crimes Enforcement Network for violating bank Secrecy Act and AML regulations. I apologize to subscribers that are employed by USAA Federal Savings Bank but this is well deserved. Unrelated to these sanctions, USAA has (had, maybe it changed) this ridiculous policy that they will only accept court orders and search warrants from the courts of Texas. So any law enforcement officer outside of Texas must go through this nearly impossible “naturalization process” to serve search warrants for account information. Basically, anyone with a USAA bank account can use that account to commit crime in any other state, but Texas, without fear of identification - as long as the dollar loss remains relatively low and won’t push an investigator to drive through the naturalization process or get it picked up by a federal agency.
Do your due diligence
Those of you who are responsible for vetting third-party vendors understand the importance of TPRM - Third Party Risk Management. The examples of organizations being pwn’d through a third party are endless. Anyone using Okta recently? Demanding accountability and transparency from vendors is mandatory and requires a full-time commitment to constantly reassess their security posture. In this article, Panorays offers some suggestion to improve your vendor security questionnaire. https://resources.panorays.com/hubfs/assets/10_More_Key_Questions.pdf
IC3 2021 Report
The Internet Crime Complain Center (IC3) has released its 2021 Internet Crime Report. I’ll dig into the report deeper and publish a separate writing on my observations. Immediately noticeable is that while the total number of complaints was only a small increase the total dollar loss had a huge percentage increase.
Manhattan, NY district attorney Alvin Bragg brags about the break-up of a global money laundering ring who converted 2.3 dollars of dirty money into Bitcoin. (Actually a really solid write-up). https://www.manhattanda.org/d-a-bragg-announces-takedown-of-global-bitcoin-money-laundering-operation/
Securelist explores what you actually get when you purchase a PhishKit from the darkweb. https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/
Unit 42 will give you their updated Ransomware report in exchange for your (or your co-workers) contact information. https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html
Unless you’ve been completely unconnected over the past week you’ve heard of Lapsus$. Here is what/who that is: https://www.zdnet.com/article/who-are-lapsus-and-what-do-they-want/
Red Canary released their 2022 Threat Detection Report. https://redcanary.com/blog/2022-threat-detection-report/
Financial Crimes Consultant - Bread Financial
Automate your dorking. https://dorksearch.com/
Find email accounts by username/nickname. https://github.com/sharsil/mailcat (this is a python tool)
A nice write-up on mechanical keyboards.
My favorite (with Gateron Blue switches)- https://www.keychron.com/products/keychron-k3-wireless-mechanical-keyboard
Substack offers a weekly open discussion for its newsletter writers. I posted a comment last week about the email delivering the newsletter being sent to the spam folder by most email service providers. The response to the comment showed I’m not the only writer with the problem.
Thank you for opening this weeks email. And a special thank-you to those that dug it out of the spam box. I hope you find again next week.
“IF YOU WANT A DIFFERENT RESULT, MAKE A DIFFERENT CHOICE AND MOVE.” - someone who’s better at moving on than me.
Homophones are hard
Flow - to move with a continual change of place among the constituent particles, to have a smooth continuity
Floe - floating ice formed in a large sheet on the surface of a body of water