The Month of May in 5 Articles
The Terbium Labs’ Research Team has curated news and information from the corners of the internet to summarize the month of May in 5 articles, just for you! Research, happenings, and more related to Infosecurity, cybercrime, payment card fraud, automation, and other popular topics are distilled to provide insight each month here on our blog.
Law Enforcement has been successfully taking down dark web marketplaces that facilitate the sale of drugs and stolen information for use in fraud schemes.
WHY DO I CARE?
The problem is, these marketplaces are being rebuilt immediately and in other forms by the dark web marketplace community of vendors, buyers, and site operators. Besides, the takedown of these marketplaces generally has a minimal effect on the fraud trade. The fraud economy does not rely on physical goods and is more resilient than the drug trade.
As law enforcement continues to see the fight against dark web marketplaces as necessary, it is clear that these disruptions will only make it incrementally harder for users to purchase drugs and stolen data. The marketplace may fall, but its vendors and purchasers will remain and rebuild somewhere else.
This article looks at what appears to be a never-ending war against drug sales in dark web marketplaces and the market community that is already rebuilding.
Security researchers have exploited two vulnerabilities across some of the most essential Cisco products, like the Cisco 10000-X series router, which provides connectivity at places like stock exchanges and hospitals.
WHY DO I CARE?
One of the vulnerabilities is a bug that allows a hacker to obtain root access to Cisco devices remotely but can be fixed relatively easily via a software patch. The second is a nightmare and allows the hacker to bypass the routers’ fundamental security protection, the Trust Anchor, and fully compromise the networks these devices are on. This, unfortunately, is a shining example of widespread third-party risk, as Cisco devices can be the entry point for bad actors.
“We’ve shown that we can quietly and persistently disable the Trust Anchor,” says Ang Cui, the founder, and CEO of Red Balloon, who has a history of revealing significant Cisco vulnerabilities. “That means we can make arbitrary changes to a Cisco router, and the Trust Anchor will still report that the device is trustworthy, which is scary and bad, because this is in every important Cisco product. Everything.”
This article looks at a vulnerability across Cisco hardware that allows hackers to compromise the networks the devices are on fully.
71% of data breaches last year were financially motivated; financial organizations, for the first time last year, experienced more card-not-present fraud than fraud involving a physical card.
WHY DO I CARE?
This seems to follow the evolution of fraud security professionals anticipated after the adoption of EMV technology, signaling a shift in fraud tactics. The financial sector also experienced a very sharp uptick in social engineering.
Other insights from the 78-page Verizon report include points on crypto mining, espionage, and compromised point-of-sale systems.
“While there’s been an uptick in espionage targeting the manufacturing sector, the overwhelming majority of cybercrime still is carried out by hackers primarily interested in making a buck.” – VDBIR 2019
This article looks at the trends presented in the Verizon Data Breach Investigations Report as they relate to financially motivated cybercrime.
Baltimore was hit with another ransomware attack a little over a year from the last.
WHY DO I CARE?
The first ransomware attack in 2018 was against the Computer Aided Dispatch (CAD) system that supports the city’s 911 operations and kept the CAD system offline for 17 hours. This time the city fell victim to the” Robinhood” virus, which infected approximately 10,000 machines, locking up and encrypting files rendering them inaccessible and useless.
The hackers gave officials four days to pay, or they would increase the price, and after ten days, the data would be irretrievable.
The attack is one of several within the last two years on “vulnerable” government systems. Local governments often rely on outdated systems, replacing them less frequently than a corporation would. These local government entities also lack the budget and expertise to protect their assets adequately. As a result, they are being targeted for ransomware attacks.
Baltimore was crippled by a ransomware attack impacting city-wide activity. This is the second time in less than 2 years that Baltimore has been attacked, which may point to insufficient training in areas like BEC, but also inadequate preventive security measures.
Boris Bullet-Dodger, the same hacker who took credit for the CityComp attack in May, has now taken credit for the hack of Perceptics LLC.
WHY DO I CARE?
Perceptics provides license plate readers to the US Government for use at the U.S.-Canadian and U.S.-Mexican borders. Perceptics’ data seems to include information from a variety of databases, company documents, and even financial documentation.
On Thursday, a Perceptics employee confirmed the breach and succeeding legal investigation, though authorities have not yet learned the motive behind the attack. Bullet-Dodger previously reached out to the press to explain the purpose of the CityComp attack but has not offered any explanation regarding the Perceptics hack. He has, however, contacted the media with a link to the stolen data.
“Perceptics, once a subsidiary of major government contractor Northrop Grumman, mainly distributes license plate readers, under-vehicle cameras, and driver cameras to the U.S., Canada, Mexico to place at border crossings. According to a company slide presentation from 2016, its readers and cameras are designed to be combined with federal “biographic/passport data” of the passengers.”
This article is a short briefing on an intentional data breach impacting a US company that provides security hardware for U.S. borders.