At a glance.
- Indictment in business email compromise case.
- Using bots to amplify extortion demands.
- PSM's focus on user privacy.
- Black Friday scammers also threaten victims' privacy.
Georgia man indicted for lucrative BEC scam.
A resident of Atlanta was indicted for participating in a business email compromise (BEC) operation that allegedly targeted employees of various companies and organizations by sending them fake invoices demanding payments of hundreds of thousands of dollars. As SecurityWeek recounts, if submitted, the payments were sent directly to bank accounts controlled by the scammers. In some cases, the cybercriminals also stole the victims’ email credentials in order to hijack their accounts, which they then used to distribute additional fake invoices. Christian Akhatsegbe was indicted for aggravated identity theft, access device fraud, and conspiracy to commit wire and computer fraud. Acting US Attorney Kurt R. Erskine said, “These federal charges also serve as a reminder to those perpetrating cyber and fraud schemes, whether it be from Atlanta or any corner of the globe.”
Even cybercriminals need attention.
As we noted last week, the Russian threat group Grief Gang claims to have hit the National Rifle Association (the US group more commonly referred to as the NRA) with a ransomware attack. While the NRA neither confirmed nor denied the attack, hundreds of Twitter bot accounts spread the claims all over the platform. Typically, ransomware gangs post evidence of their misdeeds on their own extortion sites, but this tweet-storm is a new tactic. The bot accounts were created all at once and little effort was put into making them seem realistic, with most accounts sporting women’s names, zero followers, and placeholder profile pics. Sam Riddell, associate threat intelligence analyst of information operations at Mandiant, told the Daily Beast, “Given their exclusive focus on promoting content pertaining to Grief-related incidents, we suspect that their primary objective is to amplify coverage on these incidents.” Mandiant’s senior manager of financial crime analysis Jeremy Kennelly, predicts this could be a new trend for cybergangs who fear their campaigns, lost in the whirlwind of recent attacks, are not getting enough publicity to pressure their victims to pay up. And in this case criminals appear to be borrowing a tactic from information operations, which have for some time used bots and trolls to amplify their messages.
Google’s new PSM protocol focuses on user privacy.
Security Week reports that Google has launched Private Set Membership (PSM), a cryptographic protocol aimed at protecting privacy during specific queries by withholding details about identifiers from the user and query results from the server. Google explains, “As an example, users may want to check membership of a computer program on a block list consisting of known malicious software before executing the program. Often, the set’s contents and the queried items are sensitive, so we designed Private Set Membership to perform this task while preserving the privacy of our users.” Devices operating on Chrome OS already employ PSM to verify device information with Google during the enrollment process, and the tech giant anticipates many other applications in the future.
Purandar Das, President and Co-founder of Sotero commented on Google's initiative:
"This is an interesting offering. Though the article refers to a lot of advanced cryptography tools it boils down device or application validation. Also, the specific example refers to a knowledge base of devices and applications. It is not clear where or how the knowledge base is built or stored. If Google is building and storing the knowledge base then it is a matter of Google making their authentication process more secure. Also, not clear is what the role of homomorphic encryption for device validation is. Regardless, enabling consumers to achieve validation without having to expose sensitive or identifying information is a good start."
Black Friday discounts come at a price.
With Black Friday just around the corner, cybercriminals have found a way to take advantage of one of the US’s biggest shopping days of the year, proving that in some cases those unbelievable deals might actually be too good to be true. The Fortinet Blog details a new scam that uses a fraudulent Amazon gift card generator to separate victims from their cryptocurrency. Once the target executes the generator, it deploys device-monitoring malware that overwrites the victim’s wallet address on the clipboard with its own, resulting in the money being transferred to the attacker. A second operation takes advantage of consumers looking to find hot-ticket Black Friday merchandise like gaming consoles. The hackers distribute malicious pdfs that supposedly contain tips for nabbing the products, but in reality trick victims into sharing their credit card numbers and login credentials for shopping site accounts.
Erich Kron, security awareness advocate at KnowBe4, reminds everyone to stay alert during the holidays:
“The holiday season, and Black Friday specifically, has been a time full of scams and offers that are too good to be true. Of course, the pressure to get the latest high-demand holiday gift has been around for a long time. The stress involved in holiday shopping, especially when looking for that elusive, limited edition item, has long been a holiday tradition. With the shortage of items already being experienced, this year will be more stressful than ever. This stress is great for cybercriminals who will take advantage of this pressure to get people to try less traditional methods to fill the space under the tree.
"People should be more cautious than ever this season, as more people are testing the cryptocurrency markets and these attacks cross the line from focusing on the typical theft of gift cards and credit card info, to the compromise of cryptocurrency accounts. These cryptocurrency accounts, unlike credit cards, do not have ways to get back the money if it is stolen, even if it is proven to be fraud.
"During this holiday season, people should be more watchful and diligent than ever as they navigate the turbulent waters of online shopping. They should always be cautious of deals that are too good to be true or that promise non-traditional ways to get the hottest gifts of the season and should never open a file ending in .exe or enable active content in downloaded documents.”