June Cyber update II from the Office of Rob Kleeger
Jun 13, 2022 3:45 pm
,
I hope this email finds you and your loved ones safe, secure, and healthy.
All the best,
Rob Kleeger
1010101001010111010101100010100101010010101
Words of Wisdom:
“We make a living by what we get, but we make a life by what we give.” - Winston Churchill
CURRENT DATA SECURITY NEWS:
Hacker accesses a Verizon employee database and tries to ransom the data for $250,000
A hacker has obtained a database that includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. Verizon says it’s cut off contact and that the directory was ‘readily available’.
The anonymous hacker said they obtained the data by convincing a Verizon employee to give them remote access to their corporate computer. At that point the hacker said they gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database.
“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,”
Furthermore, in recent years hackers have managed to launch SIM swap attacks that hijack cell phone numbers, and can lead to the interception of calls and SMS messages, and then the compromise of online accounts.
Average Ransom Payment Dropped by 34% in Q1, 2022
The average ransom payment in ransomware attacks fell by 34% in Q1, 2022, from an all-time high in Q4, 2021, according to ransomware incident response firm Coveware. The average ransom payment in Q1, 2022 was $211,259 and the median ransom payment was $73,906. The fall in total ransom payments has been attributed to several factors. Coveware suggests ransomware gangs have been targeting smaller organizations and issuing lower ransom demands, due to the increased scrutiny by law enforcement when attacks are conducted on large enterprises. The median company size has been falling since Q4, 2020, and is now companies with around 160 employees. This appears to be the sweet spot, where the companies have sufficient revenues to allow sizable ransoms to be paid, but not so large that attacks will result in considerable scrutiny by law enforcement.
Another reason why total ransom payments have fallen is fewer victims of ransomware attacks have been paying the ransom. The number of victims of ransomware attacks that pay the ransom has been steadily declining, from 85% of victims in Q1 2019 to 46% of victims in Q1, 2022. Also, some of the most prolific ransomware operations have gone quiet, such as Maze and REvil (Sodinokibi).
Americans Lost $1 Billion to Crypto Scams in the Past Year
A new analysis from the Federal Trade Commission (FTC) reveals that Americans reported losing more than $1 billion to fraud involving cryptocurrencies from January 2021 through March 2022. Cryptocurrency is quickly becoming the payment of choice for many scammers, with one of every four dollars reported lost to fraud paid in cryptocurrency, according to the analysis.
The report finds that most of the losses reported involved bogus investment opportunities, tallying $575 million since January 2021.
1010101001010111010101100010100101010010101
CURRENT LEGAL CASE UPDATES:
Feds Allege Former IT Consultant Hacked Healthcare Company
A former IT consultant has been charged in an Illinois federal court for allegedly hacking into a computer server of a healthcare company client that prosecutors say had months earlier denied him employment with the organization.
Department of Justice Seizes Three Web Domains Used for DDoS and Stolen Data Sales
The US Department of Justice (DoJ) has seized three web domains used by threat actors to facilitate distributed denial-of-service (DDoS) attacks and trade stolen personal data. According to the announcement, the seized domains are:
- weleakinfo[.]to
- ipstress[.]in
- ovh-booter[.]com
The first one featured a searchable database of information stolen in over 10,000 breaches. The website’s database consisted of 7 billion records of personally identifiable information (PII), including full names, usernames, phone numbers, email addresses, and online account credentials (usernames and passwords). Users could access these stolen records through varying subscription tiers. In January 2020, authorities confiscated a domain bearing an almost identical name (weleakinfo[.]com) and made 21 arrests tied to the illicit operation. Last year, one of the related domain’s operators received a two-year prison sentence.
Former OpenSea Employee Charged with Wire Fraud and Money Laundering in First Ever “Digital Asset Insider Trading” Scheme
The Department of Justice (DOJ) has framed this to be the first ever “digital asset insider trading scheme” to be prosecuted in the United States.
Nathaniel Chastain, a former employee of OpenSea, the largest marketplace for the purchase and sale of non-fungible tokens (NFTs), has been indicted and charged with wire fraud and money laundering allegedly in connection with actions he took while employed by OpenSea. NTFs bought and sold on the OpenSea platform mostly consist of digital assets that represent the ownership interest in a piece of digitally generated and displayed works of art. The full ten-page indictment is available here.
1010101001010111010101100010100101010010101
CYBER SECURITY TIPS OF THE MONTH:
How to Protect Yourself Against a SIM Swap Attack
A SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. By diverting your incoming messages, scammers can easily complete the text-based two-factor authentication checks that protect your most sensitive accounts. Or, if you don’t have two-factor set up in the first place, they can use your phone number to trick services into coughing up your passwords.
- Multi-Factor Authentication (MFA): Use authentication apps instead of regular text messages for two-factor authentication. Keep in mind that text message verification may not stop a SIM card swap.
- Set up a call back with your Wireless Provider so that they will call you back if there was a SIM change request or if they believe someone might be tampering with your account to confirm whether or not it was you.
- Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts.
- Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
If you’re the target of a SIM swap scam, contact your cellular service provider immediately to take back control of your phone number. After you re-gain access to your phone number, change your account passwords.
1010101001010111010101100010100101010010101
Did you know that Digital4nx Group was recognized by Enterprise Security as one of the top ten digital forensics companies in 2022.
Being acknowledged as a leader in the industry is a great honor. In addition to the award, Enterprise Security featured Digital4nx Group and me in an article in their publication in print and online.
If you are an attorney who litigates, know one, or are a responsible business executive that's ass is on the line if a data breach occurs, I would love to have a call or introduction!
Please share the above information with those people or arrange an introduction. Look forward to seeing you in the flesh!
DON'T FORGET ABOUT US:
Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training
- CISO-as-a-service