A quick Saturday digest of cybersecurity news articles from other sources.
[FBI HEADS UP] US Defense Industry Targeted with New USB-Based Ransomware Attacks
The FBI recently released a notice about cybercriminal group FIN7, according to a Bleeping Computer article, warning defense contractors to be wary of USB drives being sent through the mail. According to the notice, FIN7 is impersonating Amazon and the Department of Health & Human Services (depending on the target victim) in an effort to get them to plug in the USB drive.
The USB drives are “Bauds” or “Bad Beetle USB” devices with the Lily GO logo, and are commonly available for sale on the Internet. The drives register with the victim computer as a keyboard and include a wealth of hacker tools, including Metasploit, Cobalt Strike, Carbamic malware, the Griffon backdoor, and PowerShell scripts. The goal of these drives is to infect networks with either BlackMatter or REvil ransomware.
This is a real-world form of targeted attack that uses the same social engineering we commonly see in phishing attacks. Users that undergo continual security awareness training are already aware they should not be plugging in unknown USB drives – especially those sent unsolicited. These attacks could just as easily be turned into an access for sale attack, given the amount of control hackers have over the compromised endpoint. Be on guard.
Blog post with links:
https://blog.knowbe4.com/fbi-us-defense-industry-organizations-targeted-with-usb-based-ransomware-attacks
Crime Shop Sells Hacked Logins to Other Crime Shops
Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. More…
FBI: Beware of a New Google Voice Authentication Scam – Even if You Don’t Use Google Voice!
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers. If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?
According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.
What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup.
Blog post with more details and links:
https://blog.knowbe4.com/fbi-beware-of-a-new-google-voice-authentication-scam-even-if-you-dont-use-google-voice
Get ready for the ‘Great Shutdown’
Do you have a business continuity plan? Thanks to Omicron, many businesses may have no choice but to close down soon. But you can be prepared.
Tax scam emails are alive and well as US tax season starts
If in doubt, don’t give it out! (And don’t forget that no reply is often a good reply.)
Alleged carder gang mastermind and three acolytes under arrest in Russia
The motto of the gang was “In Fraud We Trust”, and they went by a dizzying range of online nicknames.
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
The company has put out a brief security report that summarises the ‘what’, but not yet the ‘how’ or ‘why’.
Russia says no to crypto mining, joining a growing list of countries
China, Iraq, Egypt and others have already put a stop to it, but don’t assume those bans are the reason for Bitcoin and Ethereum’s latest nosedives.
Share
JAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com