At a glance.
- BEC used to steal physical goods (including food).
- BlackCat ransomware activity increases.
- Epic Games settles FTC regulatory case for $520 million.
- InfraGard database pulled from dark web auction site.
- CISA releases forty-one ICS advisories.
- Further assessment of Russian cyber performance.
- The growing value of open source intelligence.
- Twitter agonistes.
BEC used to steal physical goods (including food).
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have issued a joint cybersecurity advisory warning of business email compromise (BEC) attacks designed to steal food shipments. Threat actors are impersonating real food and agriculture companies to order hundreds of thousands of dollars worth of food and ingredients:
“While BEC is most commonly used to steal money, in cases like this criminals spoof emails and domains to impersonate employees of legitimate companies to order food products," the Joint Cybersecurity Advisory says. "The victim company fulfills the order and ships the goods, but the criminals do not pay for the products. Criminals may repackage stolen products for individual sale without regard for food safety regulations and sanitation practices, risking contamination or omitting necessary information about ingredients, allergens, or expiration dates. Counterfeit goods of lesser quality can damage a company’s reputation.”
In one incident that took place as far back as February of this year, scammers posed as four different companies and stole nearly $600,000 worth of whole milk powder and nonfat dry milk from a food manufacturer. For more on this development in BEC, see CyberWire Pro.