The Month of May in 5 Articles

The Terbium Labs’ Research Team has curated news and information from the corners of the internet to summarize the month of May in 5 articles, just for you! Research, happenings, and more related to Infosecurity, cybercrime, payment card fraud, automation, and other popular topics are distilled to provide insight each month here on our blog.

FEDS DISMANTLED THE DARK WEB DRUG TRADE — BUT IT’S ALREADY REBUILDING

Law Enforcement has been successfully taking down dark web marketplaces that facilitate the sale of drugs and stolen information for use in fraud schemes.

WHY DO I CARE?

The problem is, these marketplaces are being rebuilt immediately and in other forms by the dark web marketplace community of vendors, buyers, and site operators. Besides, the takedown of these marketplaces generally has a minimal effect on the fraud trade. The fraud economy does not rely on physical goods and is more resilient than the drug trade.

As law enforcement continues to see the fight against dark web marketplaces as necessary, it is clear that these disruptions will only make it incrementally harder for users to purchase drugs and stolen data. The marketplace may fall, but its vendors and purchasers will remain and rebuild somewhere else.

THE GIST

This article looks at what appears to be a never-ending war against drug sales in dark web marketplaces and the market community that is already rebuilding.

A CISCO ROUTER BUG HAS MASSIVE GLOBAL IMPLICATIONS

Security researchers have exploited two vulnerabilities across some of the most essential Cisco products, like the Cisco 10000-X series router, which provides connectivity at places like stock exchanges and hospitals.

WHY DO I CARE?

One of the vulnerabilities is a bug that allows a hacker to obtain root access to Cisco devices remotely but can be fixed relatively easily via a software patch. The second is a nightmare and allows the hacker to bypass the routers’ fundamental security protection, the Trust Anchor, and fully compromise the networks these devices are on. This, unfortunately, is a shining example of widespread third-party risk, as Cisco devices can be the entry point for bad actors.

“We’ve shown that we can quietly and persistently disable the Trust Anchor,” says Ang Cui, the founder, and CEO of Red Balloon, who has a history of revealing significant Cisco vulnerabilities. “That means we can make arbitrary changes to a Cisco router, and the Trust Anchor will still report that the device is trustworthy, which is scary and bad, because this is in every important Cisco product. Everything.”

THE GIST

This article looks at a vulnerability across Cisco hardware that allows hackers to compromise the networks the devices are on fully.

FINANCIAL CRIME OUTPACES ESPIONAGE AS TOP MOTIVATION FOR DATA BREACHES, VERIZON REPORT FINDS

71% of data breaches last year were financially motivated; financial organizations, for the first time last year, experienced more card-not-present fraud than fraud involving a physical card.

WHY DO I CARE?

This seems to follow the evolution of fraud security professionals anticipated after the adoption of EMV technology, signaling a shift in fraud tactics. The financial sector also experienced a very sharp uptick in social engineering.

Other insights from the 78-page Verizon report include points on crypto mining, espionage, and compromised point-of-sale systems.

“While there’s been an uptick in espionage targeting the manufacturing sector, the overwhelming majority of cybercrime still is carried out by hackers primarily interested in making a buck.” – VDBIR 2019

THE GIST

This article looks at the trends presented in the Verizon Data Breach Investigations Report as they relate to financially motivated cybercrime.

BALTIMORE SLAMMED WITH 2ND RANSOMWARE ATTACK IN A YEAR

Baltimore was hit with another ransomware attack a little over a year from the last.

WHY DO I CARE?

The first ransomware attack in 2018 was against the Computer Aided Dispatch (CAD) system that supports the city’s 911 operations and kept the CAD system offline for 17 hours. This time the city fell victim to the” Robinhood” virus, which infected approximately 10,000 machines, locking up and encrypting files rendering them inaccessible and useless.

The hackers gave officials four days to pay, or they would increase the price, and after ten days, the data would be irretrievable.

The attack is one of several within the last two years on “vulnerable” government systems. Local gover