News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | The FBI breached and start sending emails out with legit headers

I don’t like starting the week with a security segment… but when the FBI are hit themselves, that feels like the top story.

Bureau emails servers were hacked and used to distribute spam email impersonating FBI warnings that the recipients network was breached and data was stolen.  Pretending to warn about a sophisticated chain attack, the message warns about a threat from the head of security research of the dark web intelligence companies NightLion and Shadowbyte.  The headers are from internal FBI servers, and the FBI did confirm the emails are fake they are working to solve the issue.  The hacker used a misconfiguration in the Law Enforcement Enterprise Portal.  The goal was likely to discredit that individual.  
Showing their commitment to cyber efforts, the US has joined the Paris Call for Trust and Security in Cyberspace, which was established in 2018 to create international norms and laws for cybersecurity and warfare.     The Trump administration had previously declined to join.

The DoJ announced A Russian man convicted on wire fraud and money laundering charges for his role in the Methbot digital advertising scheme was sentenced to 10 years in prison on Wednesday.

It’s not all good news from the government – an audit by the General Accountability Office finds that the U.S. Education Department needs to update its plans for responding to cyberattacks against grade schools, as they face a slew of online threats, including ransomware, denial-of-service attacks, email scams and pandemic-era concerns like disruptions to virtual learning environments.   It’s planning documents have not been updated since 2010.    The audit also revealed that the department believe that protecting schools is CISA’s responsibility.  

The FTC has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology.  The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA their Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.   The second step, addressing the employees’ exploitable human nature, is to train their staff to recognize the tricks ransomware operators use to infiltrate their target’s network, including phishing messages that deliver malware designed to deploy backdoors on infected systems.  That from bleeping computer.

Why do we care?
The FBI hack causes huge confusion as they’re the points of contact.   I’d anticipate there is a lot of help desk issues across the US right now from that one.

The insight from the Department of Education is that assigning responsibility matters.   One can see how the department would believe CISA oversees cybersecurity, and how others might see the department as responsibility.  If roles aren’t clearly defined, no one is in charge.  
The FTC guidance is another resource for use with clients.    The list is ever growing – resources from CISA, the FTC, the SBA, all signing a chorus of addressing cybersecurity.  Use them. 

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories