Tech Friday with Dave Hatter - May 1st 2020 - SPONSORED BY INTRUST IT


  • Business Email Compromise attacks cost three British private equity firms $1.3 million:
    • Business email compromise (BEC) attacks have surged in recent years making big bucks for cybercriminals
    • In 2019, the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) estimated global "exposed dollar losses" to BEC exceeded $26 billion in the past three years
    • The FBI has also stated that they believe only 10% to 12% of all cybercrime is reported
    • Palo Alto Networks' found a that criminal group working out of Nigeria named 'SilverTerrier' carried out an average of 92,739 attacks a month in 2019
    • A recent BEC attack caused three private equity firms in England to wire-transfer $1.3 million to criminal's accounts
    • Roughly $700,000 of the total was permanently lost to the attackers
    • The remaining amount was recovered after Check Point researchers alerted the targeted firms in time
    • Check Point said the sophisticated cybercrime gang behind this attack "seems to have honed their techniques over multiple attacks, from at least several years of activity and has proven to be a resourceful adversary, quickly adapting new situations"
    • "The techniques they use, especially the lookalike domains technique, present a severe threat — not only to the originally attacked organization but also to the third-parties with whom they communicated using the lookalike domain" - Check Point
    • It works by sending sophisticated phishing emails to high profile individuals to gain access to their account
    • The criminals then lurk in an account which allows them to understand the nature of the organization and key roles in it
    • Eventually, the attackers create mail rules that divert relevant email to a different folder or forward the emails
    • The criminals also register spoofed lookalike domains allowing them to perpetrate a Man-In-the-Middle (MITM) attack by sending emails from the spoofed domains
    • The criminals eventually inject fraudulent bank account information into the conversation to intercept money transfers
    • "Every email sent by each side was in reality sent to the attacker, who then reviewed the email, decided if any content needed to be edited, and then forwarded the email from the relevant lookalike domain to its original destination" Check Point wrote on a blog post about BEC scams
    • According to Check Point, the gang named "The Florentine Banker" has launched previous spear-phishing campaigns primarily targeted at the manufacturing, construction, legal, and finance sectors located in the US, Canada, Switzerland, Italy, Germany, and India
    • Check Point previous reported on similar BEC attack that resulted in the theft of $1 million from a Chinese venture capital firm
    • Learn more here:https://research.checkpoint.com/2019/incident-response-casefile-a-successful-bec-leveraging-lookalike-domains/
  • Big offices may be a thing of the past thanks to the COVID19 pandemic:
    • COVID-19 is forcing companies to accelerate their digital transformation leading to what could be huge changes in how businesses operate
    • The pandemic is demonstrating that technology has progressed to the point where people can work remotely
    • Email, chat, videoconferencing, collaboration software and cloud applications allow colleagues to work together productively and collaboratively
    • For example, Microsoft CEO Satya Nadella revealed that Teams usage has increased to more than 75 million daily active users and 200 million meeting participants in a single day this month
    • Nadella also mentioned that two-thirds of Teams users are also sharing files inside the application
    • Zoom has reported 300 million meeting participants this month
    • All this technology is leading to a more agile way of working and communicating. Meetings become emails, and emails become instant messages or video conferences
    • The pandemic has forced people unaccustomed to using tech tools to quickly adapt. Some of these workers are becoming more efficient
    • "I think you’ll see a new norm around trust and respect" as it pertains to managing staff says career coach Julie Kratz
    • Kratz said it will be more difficult harder to deny flexibility around work hours and work settings after the success demonstrated on short notice during the pandemic
    • As a result, many employees won’t return to the office regularly
    • For example, about 70,000 of Barclays' worldwide staff are working remotely due to the pandemic
    • Barclay's CEO Jes Staley said this is causing them to reconsider their long term "location strategy" as the bank is now being run by staff working "from their kitchens"
    • "The notion of putting 7,000 people in the building may be a thing of the past" - Staley
    • Many experts believe business trips as we know them will be a thing of the past too
  • Phishers exploiting employees’ layoff, payroll concerns
    • Sadly, scammers and cyber criminals are using COVID-19 to launch a wide variety of online scams and attacks that are increasingly crafty and devious
    • Many government agencies have warned about new phishing attacks during the pandemic
    • For example, The Secret Service wrote "The United States Secret Service is proactively taking steps to alert the public about the types of email scams associated with the Coronavirus."
    • FBI Deputy Assistant Director TonyaUgoretzspeaking in an online panel hosted by the Aspen Institute recently said the number of Internet crime related reports has quadrupled compared to months before the pandemic
    • "The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months,"Ugoretzsaid
    • "They really run the gamut. Everything from setting up fraudulent internet domains [...], we've seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion, etc.. So pretty much, sadly, anything you can think of. Cyber-criminals are quite creative"Ugoretzsaid
    • While anti-virus and anti-phishing software is constantly improving, the bad guys are always at least one step ahead
    • COVID-19-related phishing has been on the rise since January according to security firm Barracuda Networks
    • Researchers have observed a massive 667% spike in these attack since the end of February
    • These COVID-19 phishing emails could deliver malware, steal credentials, and scam users out of money, etc.
    • Barracuda said "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the Coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims"
    • Barracuda researchers have seen 3 main types of COVID-19 phishing themes: scamming, brand impersonation, and business email compromise (BEC)
    • Two new attacks attempt to exploit fears by delivering fake have been seen
    • The first is an email that appears to be from the Human Resources department which demands that you attend a Zoom meeting regarding your termination
    • The email contains bogus links to a spoofed Zoom login page
    • Abnormal Security said "The email looks and is formatted like a legitimate meeting reminder commonly used by Zoom. The landing page is also a carbon copy of the Zoom login page; except the only functionality on the phishing page are the login fields used to steal credentials. Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials"
    • A regular Zoom user could be fooled into entering their credentials
    • The second attack appears to be an email from a HR contractor informing employees of additional stimulus payments
    • The email contains a link to a fake payroll report hosted on Google Docs which contains yet another bogus link that downloads malware
    • Abnormal Security said "This attack utilizes growing concerns regarding employee payroll during the COVID-19 pandemic. Users are likely to read this message, and rush to claim their supposed stimulus while ignoring obvious red flags along the way. Whether this is a result of greed or desperation, attackers are able to manipulate users into downloading harmful files"
    • What you should do to protect yourself:
      • Be extremely skeptical and cautious of any emails, texts, or social media postings in any way related to Coronavirus
      • Don't click any links or open any attachments UNLESS and UNTIL you have verified out-of-band that the email is legitimate
      • You must be highly skeptical of ANY web page that asks for your user credentials unless YOU went directly to that URL by typing it in, and confirm that it's correct by carefully examining the URL
      • Use a strong, unique passphrase for every site/app/platform
      • Use a password management application
      • Enable multi-factor authentication (MFA, 2FA)
      • Rely only on reputable sources such as: