SecurityBeat: BEC Scams, Ransomware in the Air, and More

DOJ Prosecutes Individuals Scamming Federal Funding

Ten people have been charged by the U.S. Department of Justice (DOJ) for their alleged roles in business email compromise (BEC) scams. These scams were aimed at a wide range of victims, including federal funding programs like Medicare and Medicaid.

More than $11.1 million was lost as a result of these attacks, with the money stolen by fooling victims into diverting bank transfers to the scammers’ accounts.

Security Beat December 2022

Daixin Team Behind Ransomware Attack on AirAsia

A cybercrime group known as Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal.  The threat actors claim that they have access to the personal information of all of the company’s employees and five million passengers. The samples uploaded to the leak site include employee personal information, passenger information, and booking IDs.

The U.S. cybersecurity and intelligence agencies recently issued an advisory about Daixin Team, warning of attacks primarily targeted at the healthcare industry.

Increasing Cyber Risk in the Transportation Industry

Ransomware activity continues to increase globally despite efforts by businesses to boost their cybersecurity. While some industries have doubled or tripled their protection, others are still vulnerable and are finding themselves being targeted by cybercriminals.

According to The Threat Report: Fall 2022 from Trellix, the third quarter of 2022 has seen ransomware activity double in the transportation and shipping industry. The report includes evidence of malicious activity linked to ransomware and nation-state-backed advanced persistent threat (APT) actors. It examines malicious cyber activity including threats to email.

USA and China cooperation concept. US America and China flags on chess pawns soldiers on a chessboard. 3d illustration

China 10x U.S. in Cyber Command Staffing

China’s focus on enhancing its cyber capabilities over the past decade “poses a formidable threat to the United States in cyberspace today,” according to a report released by a congressional advisory commission.  The U.S.-China Economic and Security Review Commission’s 2022 Annual Report to Congress assessed a range of threats to the U.S. economy and national security, including Beijing’s cyber warfare and espionage capabilities.

Rackspace’s Hosted Exchange Environment Held Ransome

Four days passed from the time Rackspace disclosed that its customers were experiencing difficulties with the company’s hosted exchange environments until advising that the incident was in fact a ransomware attack. The impairment was promoted to a security incident on day 2 with in-place recovery being so difficult that the company reluctantly notified customers that their email services were migrating to Microsoft 365 on day 4.

DNS Spying

Who is Monitoring Your DNS Communications?

For nearly forty years, we stopped manually sharing host information and began relying on the Domain Name Service (DNS) to get the address of the system we need to communicate with.  DNS is one of the few protocols we allow to communicate freely without restriction. Why would we need to protect our systems query of the network’s address book?

In a recent report published by Pentera, we find that attackers can use DNS tunneling to communicate with air-gapped networks. Organizations often use air-gapped networks to isolate their sensitive assets.

The takeaway is twofold.

  • First, completely air-gap your sensitive assets by disabling DNS and using hostname tables.
  • Second, consider using special monitoring solutions to inspect and prevent suspicious DNS traffic from traversing your network.