The Month of October in 5 Articles

Each Month Terbium Labs’ Research Team reviews the top news and information from the corners of the internet just for you! Articles, research, infographics, and more related to Infosecurity, cybercrime, payment card fraud, automation, and other popular topics have been summarized to provide insight for the Month of October in 5 Articles.

25 Million Credit Cards Rescued

BriansClub, a leading underground marketplace known for the sale of stolen credit card data has been hacked and 26 million payment cards have been rescued, including 7.6 million uploaded this year alone. 

WHY DO I CARE?

Many federal prosecutions involving stolen credit card data value each stolen credit card at $500. The database containing the 26 million cards that were rescued from the marketplace, therefore, is worth an astounding $414,000,000.  Additionally, Gemini Advisory, which monitors dark web carding shops for financial institutions, is tracking a total of 87 million stolen card records.  This “rescue” could represent almost ⅓ of the available credit card records being removed from the dark web.

THE GIST

This detailed post from Krebsonsecurity.com breaks down the “rescue” of 26 million stolen cards and gives insight to the potential impact this could have on other carding markets. 

The World Teams Up to Fight Child Abuse

Described as one of the largest child pornography operations encountered to date, this writer is ecstatic to share that “Welcome to Video,” a website specializing in the upload and viewing of some of the most despicable and heinous acts ever to take place involving children, has been shut down! Law enforcement agencies from 18 nations teamed up for the historic takedown.

WHY DO I CARE?

Well, first I think we can all agree that child abuse – particularly that kind of abuse – is evil and should be punished, come on. But furthermore, this case proves that it is possible to tackle the trade in child abuse imagery; without making the internet more dangerous through the subversion of encryption, which many political leaders have been pushing for – citing child abuse as a driving factor.

THE GIST

Finally something positive! The proprietor of a popular child abuse site and 337 of his users have been arrested and charged as a part of an international dark web bust without subverting encryption and putting everyone else at risk.

AvengerCon is A Thing and No You Can’t Go

About 500 military and government hackers and a select group of guests representing the Mid-Atlantic FEMA region descended on Columbia, Maryland this month. Their mission? Protect the 2020 election from Russia and everyone else.

WHY DO I CARE?

To consumers and security professionals alike, this could be seen as a step in the right direction concerning the U.S. Government and cybersecurity. The event also highlights a key convergence of U.S. Cyber-Command and the ethical hacking community which has been raising alarm about the U.S. voting system.  

THE GIST

This article takes a look at AvengerCon, a training meetup for government and military hackers that are protecting U.S. elections.

No Pain, No Gain

The Undersecretary of Defense for Acquisition and Sustainment is developing new cybersecurity standards for contractors. Drawing a line in the sand, the new undersecretary has made it clear that if you want to do business with the Pentagon, you had better have your information security prioritized. 

“This is a change of culture,”

Katie Arrington, chief information security officer of the Pentagon’s acquisition policy office

“It’s going to take time, it’s going to be painful, and it’s going to cost money.”

WHY DO I CARE?

“We all are going to get breached.”

– Kate Arrington

Last month officials unveiled a draft of the guidelines. They require all contractors of all sizes to have a baseline level of cybersecurity practices to prevent adversaries from exfiltrating sensitive data. If you are a government contractor, the final draft of the guidelines comes next month and defense agencies will begin to request information from you next year when they implement the guidelines. 

THE GIST

The Undersecretary for Defense is overhauling cybersecurity standards for contractors, an overdue and called for action. 

Fraudulent iPhone Application Harnesses Users For Money

Cisco’s Talos threat intelligence crew on Tuesday discovered a site impersonating checkra1n.com – a site that researches use to modify iPhone processes, that was downloading a slot machine game instead of the jailbreaking tool users had come for. The slot machine game is thought to pay the perpetrator of this scheme based on interaction with it.

WHY DO I CARE?

Typosquatting and domain spoofing does serious damage to brands. This article takes a look at one instance and how hackers are leveraging your customer’s trust in you to defraud them via impersonation of your brand. In this specific case, a mobile application.

THE GIST

Checkra1n.com, the popular site researchers use to modify iPhone processes, had been impersonated. This resulted in an unknown number of infected devices.

Thanks for reading The Month of October in 5 Articles! Enjoy this read? Check out our Monthly Top 5s or learn more about Matchlight our patented, all-in-one answer to digital risk protection.