Drugs, Espionage, Breaches, and Router Bugs - The Month of May in 5 Articles

Next: Why C-Level Executives are Being Targeted for Credential...
Previous: Moody’s Equifax Downgrade: What it Means for the...
June 07, 2019

Brittney serves as Product Marketing Manager at Terbium Labs and loves research, technology, and Idris Elba though not necessarily in that order. Some say on quiet nights, if you hold your laptop up to your ear, you can hear her typing blog posts to “Reynes of Castamere."

Each Month Terbium Labs’ Research Team curates news and information from the corners of the internet just for you! Articles, research, infographics, and more related to infosecurity, cybercrime, payment card fraud, automation, and other popular topics are summarized to provide market insight each month here on our blog.

Feds Dismantled the Dark Web Drug Trade — but It’s Already Rebuilding

Law Enforcement has been successfully taking down dark web marketplaces that facilitate the sale of drugs and stolen information for use in fraud schemes.

Why do I care?

The problem is, these marketplaces are being rebuilt immediately and in other forms by the dark web marketplace community of vendors, buyers, and site operators. In addition, the takedown of these marketplaces generally has a minimal effect on the fraud trade. The fraud economy does not rely on physical goods and is more resilient than the drug trade.

As law enforcement continues to see the fight against dark web marketplaces as necessary, it is clear that these disruptions will only make it incrementally harder for users to purchase drugs and stolen data. The marketplace may fall but its vendors and purchasers will remain and rebuild somewhere else.

The Gist

This article looks at what appears to be a never-ending war against drug sales in dark web marketplaces and the market community that is already rebuilding.

A Cisco Router Bug Has Massive Global Implications

Security researchers have exploited two vulnerabilities across some of the most important Cisco products like the Cisco 10000-X series router which provides connectivity at places like stock exchanges and hospitals.

Why do I care?

One of the vulnerabilities is a bug that allows a hacker to remotely obtain root access to Cisco devices but can be fixed relatively easily via software patch. The second is a nightmare and allows the hacker to bypass the routers’ fundamental security protection, the Trust Anchor, and fully compromise the networks these devices are on. This, unfortunately, is a shining example of widespread third-party risk, as Cisco devices can be the entry point for bad actors.

“We’ve shown that we can quietly and persistently disable the Trust Anchor,” says Ang Cui, the founder and CEO of Red Balloon, who has a history of revealing major Cisco vulnerabilities. “That means we can make arbitrary changes to a Cisco router and the Trust Anchor will still report that the device is trustworthy. Which is scary and bad, because this is in every important Cisco product. Everything.”

The Gist

This article looks at a vulnerability across Cisco hardware that allows hackers to fully compromise the networks the devices are on.

Financial Crime Outpaces Espionage as Top Motivation for Data Breaches, Verizon Report Finds

71% of data breaches last year were financially motivated; financial companies, for the first time last year, experienced more card-not-present fraud than fraud involving a physical card.

Why do I care?

This seems to follow the evolution in fraud security professionals anticipated after the adoption of EMV technology, signaling a shift in fraud tactics. The financial sector also experienced a very sharp uptick in social engineering.

Other insights from the 78-page Verizon report include points on crypto mining, espionage, and compromised point-of-sale systems.

“While there’s been an uptick in espionage targeting the manufacturing sector, the overwhelming majority of cybercrime still is carried out by hackers primarily interested in making a buck.” - VDBIR 2019

The Gist

This article looks at the trends presented in the Verizon Data Breach Investigations Report as they relate to financially motivated cybercrime.

Baltimore Slammed with 2nd Ransomware Attack in a year

Baltimore was hit with another ransomware attack a little over a year from the last.

Why do I care?

The first ransomware attack in 2018 was against the Computer Aided Dispatch (CAD) system that supports the city’s 911 operations and kept the CAD system offline for 17 hours. This time the city fell victim to the”Robinhood” virus, which infected approximately 10,000 machines, locking up and encrypting files rendering them inaccessible and useless.

The hackers gave officials four days to pay or they would increase the price, and after 10 days the data would be irretrievable.

The attack is one of several within the last 2 years on “vulnerable” government systems. Local governments often rely on outdated systems, replacing them less frequently than a corporation would. Governments also lack the budget and expertise to properly protect their assets and as a result are being targeted for ransomware attacks.

The Gist

Baltimore was crippled by a ransomware attack impacting city-wide activity. This is the second time in less than 2 years that Baltimore has been attacked which may point to insufficient training in areas like BEC, but also to insufficient preventive security measures.

Hackers Breach Company That Makes License Plate Readers for U.S. Government

Boris Bullet-Dodger, the same hacker who took credit for the CityComp attack in May, has now taken credit for the hack of Perceptics LLC.

Why do I care?

Perceptics provides license plate readers to the US Government for use at the U.S.-Canadian and U.S.-Mexican borders. Perceptics’ data seems to include information from a variety of databases, company documents, and even financial documentation.

On Thursday a Perceptics employee confirmed the breach and succeeding legal investigation, though authorities have not yet learned the motive behind the attack. Bullet-Dodger previously reached out to the press to explain the purpose of the CityComp attack but has not offered any explanation regarding the Perceptics hack. He has, however, contacted the press with a link to the stolen data.

“Perceptics, once a subsidiary of major government contractor Northrop Grumman, mainly distributes license plate readers, under-vehicle cameras, and driver cameras to the U.S., Canada, Mexico to place at border crossings. According to a company slide presentation from 2016, its readers and cameras are designed to be combined with federal “biographic/passport data” of the passengers.”

The Gist

This article is a short briefing on an intentional data breach impacting a US company that provides security hardware for U.S. borders.


analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...