Press "Enter" to skip to content

Crime pays in other ways than ransomware

Let’s talk security without a single ransomware incident.

First, new data from MITRE out about the effectiveness of endpoint detection and response solutions.     The research focused company tweaked their traditional testing approach, and added a focus on protection more than simply detection.     Additionally, they used attack simulations rather than just malware samples.

While the data is in the show notes, here’s the interesting tidbit – three first generation anti-virus products are on the list, highlighting that experience certainly counts in cybersecurity.  

The US Attorney’s office has broken up a password theft scheme, who stole and sold more than 200,000 customer account credentials, mostly to streaming services like Netflix, and had offered them via a online service called AccountBot.  Users of the site paid a subscription fee to use other’s credentials at a lower price.    The case dates back to 2018 and 2019.

The FBI is warning about cybercrime gangs using search results and ads to promote phishing sites and are designed to mimic the brand of an unnamed US-based financial institution.    The FBI indicates that this new model is on the rise.

The FBI is also warning about scammers targeting families of missing persons, attempting to extort them using information on social media.     The actors gather information to make their demands seem legitimate but have no physical contact with the missing person and cannot offer proof of life.    The scams range between five and ten thousand dollars in ransom.

Why do we care?

Maybe we should have no-ransomware Fridays or something.       

The MITRE data is useful as there’s a rush to the latest and greatest to solve a security problem, when time tested solutions can do the trick.   None of these work if they aren’t implemented right anyway.

The takeaway on security issues here is that crime pays – and unless there are incentives to change behavior, we’ll see continued product and service offerings from the criminals.     Ransomware is top of mind, but it’s not the only crime out there to push back on.