CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN)

CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

https://us-cert.cisa.gov/ncas/current-activity/2022/06/01/karakurt-data-extortion-group

Texas Attorney General Announces Arrests In Fraudulent Mail-In Ballot Scheme In Democrat Primary

Texas Attorney General Ken Paxton announced on Thursday that law enforcement officials had arrested four individuals for their alleged involvement in an illegal ballot harvesting scheme in the state’s 2018 Democrat primary election. One of the people who was arrested was the Democrat who won the primary race. For more information visit; dailywire.com

#voterfraud

Attacks and Scans

I see way to many of these lately so I am going to start posting the reoccurring ones for other engineers to reference by on attack type and if they just want to start blocking these IP's for there own firewalls/routers.

-Gary

IC3 Releases Alert on Web Site Defacements

The Internet Crime Complaint Center (IC3) has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). However, FBI assesses that the perpetrators are not actually associated with this group. The perpetrators exploit WordPress content management system (CMS) vulnerabilities, leading to disruptive and costly effects.

Users and administrators are encouraged to review the IC3 Alert for details and refer to the US-CERT Alert TA13-024Afor information on CMS security.

https://www.us-cert.gov/ncas/current-activity/2015/04/07/IC3-Releases-Alert-Web-Site-Defacements

IC3 Issues Alert for Fake Government Websites

The Internet Crime Complaint Center (IC3) has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones. Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information (PII) and collect fees for services that are never delivered.

US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

https://www.us-cert.gov/ncas/current-activity/2015/04/07/IC3-Issues-Alert-Fake-Government-Websites

IBM unearths sophisticated bank transfer cyber scam

The IBM (NASDAQ:IBM) Security group has unearthed a sophisticated bank transfer cyber scam, involving a well-funded Eastern European gang. The gang had used the Dyre malware, along with phishing and phone calls to withdraw funds between $500,000 to $1 million.

Source and Full Story Here; http://thenextdigit.com/19506/ibm-unearths-sophisticated-bank-transfer-cyber-scam/

How to Fight the Next $1 Billion Bank Hack

Good news! A major hack you don’t have to worry about! Unless, that is, you happen to be an executive or security employee at one of the hundreds of banks targeted by the group that’s come to be known as Carbanak or Anunak. If you are, then you have a problem, because these hackers, and no doubt others to come, aren’t targeting banking consumers but the very internals of banks, silently monitoring their systems and subtly defrauding them. Unlike most cybercrime, this wasn't a holdup, but a bank heist—the kind that could ultimately affect both consumers and governments. And that’s why we should all be paying attention.

Source and Full Story Here; http://www.slate.com/articles/technology/safety_net/2015/02/_1_billion_bank_hack_how_to_fight_the_next_one.html

Fraud alert: What TurboTax users need to know now

Earlier this month, just as tax season was nearing its peak, 19 states and Intuit — the maker of TurboTax software — noticed a surge of fraudulent state-tax filings prepared with TurboTax. The company responded by suspending electronic transmission of state returns for about 24 hours on Feb. 5 and 6.

The Federal Bureau of Investigation is working to determine who was behind the filings, and if they used illegally obtained personal data to secure bogus refunds. There are signs the fraud also may involve federal returns, say experts and some taxpayers.

In some cases, the fraudulent state and federal filings include data apparently taken from TurboTax clients’ 2013 tax returns, according to state tax officials and taxpayers.

Full Story and Source; http://www.marketwatch.com/story/fraud-alert-what-turbotax-users-need-to-know-now-2015-02-16

Hackers Steal $1 Billion in Massive, Worldwide Breach (Time)

A prominent cybersecurity firm says that thieves have infiltrated more than 100 banks in 30 countries over the past two years

Hackers have stolen as much as $1 billion from banks around the world, according to a prominent cybersecurity firm. In a report scheduled to be delivered Monday, Russian security company Kaspersky Lab claims that a hacking ring has infiltrated more than 100 banks in 30 countries over the past two years.

Kaspersky says digital thieves gained access to banks’ computer systems through phishing schemes and other confidence scams. Hackers then lurked in the institutions’ systems, taking screen shots or even video of employees at work. Once familiar with the banks’ operations, the hackers could steal funds without raising alarms, programming ATMs to dispense money at specific times for instance or transferring funds to fraudulent accounts. First outlined by the New York Times, the report will be presented Monday at a security conference in Mexico.

Source and Full Story Here; http://time.com/3710529/hackers-1-billion-bank-breach/

US Cert IRS and US-CERT Caution Users: Prepare for Heightened Phishing Risk This Tax Season

Overview

Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ sophisticated phishing campaigns to lure users to malicious sites or entice them to activate malware in infected email attachments. To protect sensitive data, credentials, and payment information, US-CERT and the IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.
Remain alert

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. In many successful incidents, recipients are fooled into believing the phishing communication is from someone they trust. An actor may take advantage of knowledge gained from research and earlier attempts to masquerade as a legitimate source, including the look and feel of authentic communications. These targeted messages can trick any user into taking action that may compromise enterprise security.
Spot common elements of the phishing lifecycle

A Lure: enticing email content.
Example 1 of actual phishing email
Example 2 of actual phishing email
A Hook: an email-based exploit.

Email with embedded malicious content that is executed as a side effect of opening the email
Email with malicious attachments that are activated as a side effect of opening an attachment
Email with “clickable” URLs: the body of the email includes a link, which displays as a recognized, legitimate website, though the actual URL redirects the user to malicious content.
A Catch: a transaction conducted by an actor following a successful attempt.
Unexplainable charges
Unexplainable password changes
Understand how the IRS communicates electronically with taxpayers

The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
The official website of the IRS is www.irs.gov.
Take action to avoid becoming a victim

If you believe you might have revealed sensitive information about your organization or access credentials, report it to the appropriate contacts within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

Watch for any unexplainable charges to your financial accounts. If you believe your accounts may be compromised, contact your financial institution immediately and close those accounts.

If you believe you might have revealed sensitive account information, immediately change the passwords you might have revealed. If you used the same password for multiple accounts, make sure to change the password for each account and do not use that password in the future.
Report suspicious phishing communications
Email: If you read an email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to phishing@irs.gov(link sends e-mail), then delete the original email.
Website: If you find a website that claims to be the IRS and suspect it is fraudulent, send the URL of the suspicious site to phishing@irs.gov(link sends e-mail) with subject line, “Suspicious website”.
Text Message: If you receive a suspicious text message, do not reply or click on attachments and/or links. Forward the text as-is to 202-552-1226(standard text rates apply), and then delete the original message (if you clicked on links in SMS and entered confidential information, visit the IRS’ identity protection page).

If you are a victim of any of the above scams involving IRS impersonation, please report to phishing@irs.gov(link sends e-mail), file a report with the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC), and the police.
Additional Resources

For more information on phishing, other suspicious IRS-related communications including phone or fax scams, or additional guidance released by Treasury/IRS and DHS/US-CERT, visit:
Avoiding Social Engineering and Phishing Attacks
Recognizing and Avoiding Email Scams
Phishing and Other Schemes Using the IRS Name
IRS Repeats Warning about Phone Scams
Report Phishing and Online Scams
Tips for Taxpayers, Victims about Identity Theft and Tax Returns

To report a cybersecurity incident, vulnerability, or phishing attempt, visit US-CERT.gov/report.


Author US-CERT and IRS

Credit card holders warned of major fraud ring in NC

What authorities are describing as a "Major credit card fraud ring" is sweeping across North Carolina, already tallying almost half a million dollars in purchases.

"They are mostly hitting places along the Interstate 40 corridor from Wilmington all the way to Morganton," said Morganton Public Safety Investigator Roger Tate.

Surveillance video was released on Thursday showing several people who used the fraudulent credit cards.

Tate says cards are not being stolen, instead, the card numbers are taken. They believe they were retrieved from legitimate processing centers and new, fraudulent cards, were made overseas.

Full Story and Source; http://www.wbtv.com/story/27978329/credit-card-holders-warned-of-major-fraud-ring-in-nc

30 days' notice is not enough!

President Obama recently proposed a law requiring that companies inform customers within 30 days when personal information, such as Social Security numbers, is exposed. Forty-seven states have data breach notification laws, which vary widely.

Pennsylvania requires that companies notify customers “without unreasonable delay” but the government isn't notified. How does one define “unreasonable delay”? Also, only information in electronic format is covered. Writing your Social Security number on a paper form that isn't shredded could result in your being exposed and you wouldn't be notified.

A recent Pew Poll noted that 91 percent of Americans feel they've lost control of their personal information. Once you share information, will company employees be diligent in guarding your information? According to Experian's Data Breach Resolution group, 80 percent of data breaches are rooted in employee negligence/error.



Read more: http://triblive.com/opinion/featuredcommentary/7641763-74/credit-data-information#ixzz3QEykyQBl
Follow us: @triblive on Twitter | triblive on Facebook

Green Dot Fraud

Bradley County Sheriff Eric Watson has issued an alert concerning attempted fraud.

The Sheriff says law enforcement agencies have received numerous calls about “Green Dot” card swindle.

There have been several other scams of this type in Southeast Tennessee and nationwide recently. Complainants report they receive a phone call from a male identifying himself as an officer with the Bradley County Sheriff’s Office.

The caller advises there is an arrest warrant on file for the citizen; however, that citizen could pay a fee to resolve the issue.

The “Scam Officer” directs the citizen to go to a Wal-Mart to purchase a Green Dot money card for a specific amount of money, and then call the “scammers” back at the telephone number provided.

One issue that is more serious is that now the criminals involved in the incidents use actual names of Bradley County officers, while calling from this area’s 423 area code and local pre-fix numbers such as 650, 284, 605, 715, 716 or others.

Full Story and Source Here; http://www.newschannel9.com/news/top-stories/stories/green-dot-fraud-alert-14978.shtml

#LizardSquad takes credit for Facebook, Tinder, and Instagram Outage....but

It looks like the downtime was a result of a system failure. It was a configuration issue. Facebook recently released the cause of the downtime was from a bad configuration.

http://www.forbes.com/sites/thomasbrewster/2015/01/27/lizard-squad-didnt-down-facebook-with-ddos/

#LizardSquad takes credit for Facebook, Tinder, and Instagram Outage....but

It looks like the downtime was a result of a system failure. It was a configuration issue. Facebook recently released the cause of the downtime was from a bad configuration.

http://www.forbes.com/sites/thomasbrewster/2015/01/27/lizard-squad-didnt-down-facebook-with-ddos/

When You Could possibly Not Want a Safety Freeze on Your Credit Report

A security freeze is a really hard lock on your credit. If you've been a victim of identity theft or recent retailer breaches, your initial believed may well be to go ahead with the lock. In some circumstances, even though, you might be far better off leaving...

http://www.uniongazette.com/technology/when-you-could-possibly-not-want-a-safety-freeze-on-your-credit-report-h13048.html

When You Could possibly Not Want a Safety Freeze on Your Credit Report

A security freeze is a really hard lock on your credit. If you've been a victim of identity theft or recent retailer breaches, your initial believed may well be to go ahead with the lock. In some circumstances, even though, you might be far better off leaving...

http://www.uniongazette.com/technology/when-you-could-possibly-not-want-a-safety-freeze-on-your-credit-report-h13048.html

US Cert IC3 Releases Alert for a Scam Targeting Businesses

The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.

Users are encouraged to review the IC3 Scam Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

US Cert IC3 Releases Alert for a Scam Targeting Businesses

The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.

Users are encouraged to review the IC3 Scam Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

Five ways online advertisers can protect themselves from sly post-holiday fraud

Online ad prices fall after the holidays, make it easier for criminals to defraud unwary online advertisers. Here’s what to watch out for.

Holiday 2014 has come and gone, and we’re settling into the New Year. Those inflated holiday ad prices feel like a thing of the past, and marketers everywhere can rejoice in the increase of available ad inventory and the decrease of bid rates. Getting a lot of inventory for cheap is great, right? What could go wrong?

Turns out, a lot if you’re not careful. The price transition on ad inventory between holiday and the New Year is one of the easiest times for fraudsters to sneak in fraudulent inventory – like ad stacking (placing multiple ads on top of each other in a single ad placement, where only the top ad is seen, but all are loaded and charged to the advertiser as impressions, allowing the fraudster to collect publisher fees) and fake URLs (a URL that has little to no real consumer traffic, but collects publisher fees for impressions, and often houses malware generating fraudulent clicks) - without being detected. One reason is that fraudulent inventory is normally priced very low, which blends right in with those low January bid rates. Another reason is that advertisers become less vigilant as their display costs decrease from the pricey, holiday months.

Source and Full Story Here; https://www.internetretailer.com/commentary/2015/01/22/how-online-advertisers-can-deter-post-holiday-fraud