Transnational fraud ring stole millions from Army members, veterans
Fredrick Brown, a former contractor for the U.S. Army, was sentenced to 151 months in prison yesterday after confessing to his involvement in a scheme that defrauded thousands of U.S. service members and veterans, resulting in millions of dollars in financial losses. He obtained personally identifiable information (PII) by photographing his computer screen while logged into his Armed Forces Health Longitudinal Technology Application account. This enabled Brown and his co-conspirators to access benefits information for the U.S. military community through the Department of Defense portal, stealing millions from veterans’ pension and disability benefits as well as military members’ bank accounts. In addition to his prison sentence, Brown was ordered to repay $2,331,639.85 in restitution and will serve three years of supervised release following his incarceration.
Canadian vaccine passport app exposes data
According to a report from CBC News, the passport app known as PORTPass is being examined for exposed data after its operators left data, including names, driver’s licenses, blood types, and email addresses, on an unsecured website. This data was allegedly stored in plain text and could be accessed by the public. The company behind the app is based in Calgary. It has denied that PORTpass was experiencing any verification or security issues, however the app’s website has been taken offline, and visitors to the site are currently met with the message, “We are updating. Stay tuned.”
Business leaders admit willingness to pay five-figure ransoms
According to research conducted by security firm Arctic Wolf, “forty percent of business executives would be willing to pay at least a five-figure ransom to restore operations following an attack, going against the advice of governments and law enforcement.” This comes from a poll of 500 decision-makers from UK firms with over 1000 employees. The research also found that 20% of UK execs have previously concealed a cyber-attack to preserve their reputation, 67% of respondents believe their company is more vulnerable to attacks if staff work remotely or in a hybrid environment, and 62% are unsure whether IT teams can identify and detect some threats accurately.
Infant fatality could be first recorded ransomware death
According to papers filed in June 2020, “Teiranni Kidd of Mobile, Alabama, is accusing Springhill Memorial Hospital and its owners of failing to mitigate a crippling cyber-attack and then conspiring to hide its impact on patient care.” Her daughter had been born with her umbilical cord wrapped around her neck, that “purportedly led to brain damage and the infant’s death several months later.” Fetal heart rate monitors could have detected such a condition but, according to the Wall Street Journal, “medical staff could not access these from the usual location as a display had been locked by threat actors seeking a ransom payment.” The hospital denies any wrongdoing.
Thanks to our episode sponsor, Votiro
Hybrid workplaces need to update emergency communications
The Workplace Safety and Preparedness Report from Rave Mobile Safety found that 33% of workers were unaware or unsure of their company’s emergency response plans (ERMs) in March 2021. These plans cover incidents such as active shooters, workplace violence, medical emergencies, fire, hazmat incidents, weather events or cyberattacks/system outages. The report showed that forty-three percent of remote workers prefer mass text messages as their emergency notification method, followed by 22% preferring email. The survey found that over half of businesses used email as an emergency communication method in 2020, 47% used in-person announcements and 42% used a mass text messaging system.
Facebook’s Android, Java bug hunting tool Mariana Trench goes open source
Mariana Trench, originally an internal tool for Facebook’s security engineers, has now been released to the public “to help scale security through building automation.” It is a tool for finding vulnerabilities in Android and Java, with a particular focus on examining code in Android applications. According to Facebook, it is able to scan “large mobile codebases” and will alert users to potential security problems found in the code by analyzing data flows prior to production. Facebook warns that this tool is only one addition to a security engineer’s arsenal, and false positives prior to production need to be considered.
(ZDNet)
Hackers rob thousands of Coinbase customers using MFA flaw
Coinbase, the world’s second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries, has disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature. The thefts happened between March and May 20th, 2021. To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account, which it believes was done through phishing campaigns.
Ransomware gangs are complaining that other crooks are stealing their ransoms
Cyber criminals using a ransomware-as-a-service scheme have been complaining that “the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves.” A LinkedIn post by Security expert Yelisey Boguslavskiy describes how REvil uses a secret backdoor coded into their product, which allows them to restore the encrypted files without the involvement of the affiliate. This could allow REvil to takeover negotiations with victims, hijack the so-called “customer support” chats – and steal the ransom payments for themselves.