Shortly Business Email Compromise (BEC) remains a multibillion-dollar threat, but it’s evolving as the FBI and other federal agencies warn that cybercriminals have begun using fake emails to steal shipments of physical goods – in this case food – to steal.
Along with the Food and Drug Administration’s Office of Criminal Investigations and the US Department of Agriculture, the FBI said several US food manufacturers have already fallen victim to scams, many of which involved fake orders of a single item worth hundreds of thousands of dollars: powdered milk .
The FBI considers BEC attacks one of the most financially devastating crimes online, claiming they netted criminals nearly $2.4 billion in 2021 alone. The method involves a criminal compromising a legitimate account and traditionally using it to send fake bills to trick a busy business into paying for a service not rendered.
“In recent incidents, criminal actors have used BEC tactics to target physical goods rather than wire transfers. Businesses in all sectors – both buyers and suppliers – should consider taking steps to protect their brand and reputation,” the federal authorities said in their joint recommendation.
But why milk powder?
It appears to date back to the Chinese baby formula scare in 2008, in which powdered milk adulterated with melamine killed six children and hospitalized thousands more. Chinese parents are reportedly still suspicious of domestically made powdered milk, which has led to foreign brands being held in high esteem in China.
Rings of milk powder smugglers have been broken up before – like the Australian ring that was broken up in 2019 that stole milk powder from the shop and resold it overseas. Last but not least, the escalation from shoplifting to transport theft is black market capitalism in action.
In the joint recommendation, the FBI, FDA and USDA said one victim was left on the hook for $160,000 worth of stolen milk powder after responding to a fraudulent request, while another made multiple orders totaling nearly $600,000, not knowing anything was wrong until payment was not received.
Agency policies for avoiding a BEC attack that steals physical goods rather than cash are no different: watch out for typos and slight variations in spelling or company name, make sure hyperlinks in an email to redirect a legitimate URL and when in doubt, contact the company directly to verify the request.
The Learning Channel hacked, almost 1TB of data stolen
Cyber-extortion group Karakurt has added The Learning Channel (TLC) to its list of alleged victims and says it is willing to lose 931GB of the company’s “scripts, videos, internal documentation” and employee information if the company doesn’t pay by 23.12.
Karakurt, believed to be linked to the Conti ransomware group, has been on the radar of the FBI, CISA and the US Treasury Department since at least June last year, when authorities issued a joint alert about the virus being launched by the group issued threat.
It is believed that one of the ways the Karakurt gang gains access is by buying compromised credentials. The group reportedly harassed and bullied their victims’ employees and business partners in order to extort payment.
According to authorities, Karakurt is acting indiscriminately and has demanded payments ranging from $25,000 to $13 million in order not to disclose stolen data. Karakurt is not known for dealing in ransomware and is instead a pure blackmail operation.
TLC is a subsidiary of Discovery, which also operates HGTV, Cinemax, and other television channels. Karakurt’s claims of infiltrating the network are unconfirmed and his ransom demands are unknown. It doesn’t appear that Discovery has acknowledged the breach at the time of writing and we’ve reached out to find out more.
Cloudflare offers free Zero Trust for small businesses for critical infrastructure
Content delivery network Cloudflare is launching an initiative to protect small businesses operating in critical infrastructure sectors that make their Zero Trust platform available for free – if they qualify.
Dubbed “Project Safekeeping,” Cloudflare says the initiative is necessary because the volume of attacks facing organizations in critical infrastructure sectors like healthcare and energy is overwhelming for even the largest organizations.
“Smaller organizations typically don’t have the capacity to deal with relentless cyberattacks,” Cloudflare said.
The products Cloudflare is ready to offer will be free with no time limit, the company said, and will include real-time app user verification, traffic filtering, cloud application security, data loss prevention, email security, and remote browsing Isolation. DDoS protection and Cloudflare’s web app firewall are also included.
Unfortunately, the list of what is required to qualify is quite restrictive.
Only companies based in Australia, Japan, Germany, Portugal and the UK can apply, and applicants must also be active in a sector that their government has classified as “critical infrastructure”.
Those who meet this pair of criteria must face a final filter: No more than 50 employees and/or less than $10 million in annual revenue/balance sheet total. There’s no word on whether growth would result in a loss of access, but it’s safe to assume Cloudflare would want successful customers to start paying for it at some point. ®
https://www.theregister.com/2022/12/17/in_brief_security/ Email hijackers steal food, not just money from businesses • The Register