Biden's Stance on Russia Leading to Cybercrime Crackdown?
Russia is fully capable of shutting down cybercrime

With internet blocks and high-profile arrests, Russia shows it can crack down on cybercrime when properly motivated. New analysis suggests the Biden administration's sanctions may be providing some motivation.

As a result of a flurry of ransomware attacks that impacted the United States infrastructure, the United States hit Russia in April 2021 with both sanctions and the expulsion of diplomatic/intelligence personnel from the United States, tying the diplomatic actions to the criminal actions in a clear and unambiguous signal: the tolerance of the United States was approaching its end point.

In June, at the summit referenced in Insikt Group's analysis and then again in July 2021 when Biden held a telephone conference call with Putin, a similar message was delivered, unambiguously, by Biden. Biden commented to reporters, "I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is."

It isn't as if Russia can't control their internet gateways across which these cyber crimes are being committed. To wit: On September 2, 2021, with the Russian election fast approaching and the efforts of Putin to silence dissent in overdrive, Roskomnadzor blocked six providers of virtual private networks to the Russian market (Hola! VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, IPVanish VPN); the organization had previously excluded two others, VyprVPN and OperaVPN. Roskomnadzor claims they blocked the VPN services due to "illegal activities, including those related to the distribution of drugs, child pornography, extremism and suicidal tendencies."

Russia is fully capable of arresting and prosecuting cyber criminals operating within their geographic and virtual internet footprint. The bar is high for instances of cybercrime that will cause the Russian government to take action. But clearly, two officers facilitating the West's investigation into Russian cybercriminals off the record and allegedly for millions of dollars, met that bar.

Time will tell if the relationship between Russian cybercriminals and the Russian Federation cyber entities will evolve in a manner that quiets the former and their criminal activities. If not, the potential for action by U.S. government entities should be expected. csoonline.com

Cybercriminals in Lockstep March With You to the Cloud
How Attackers Invest in Cloud-Focused Cybercrime

Study reveals active underground market for access credentials to tens of thousands of cloud accounts & resources.

For cybercriminals, the cloud is an environment abundant with poorly secured enterprise data, applications, and other online assets.

IBM's X-Force threat intelligence team analyzed the cloud threat landscape for a yearlong period starting in the second quarter of 2020. The team's research shows attackers have sharply increased their focus on cloud targets as enterprises accelerated their adoption of SaaS, IaaS, and PaaS over the past year.

IBM X-Force discovered some 30,000 cloud credentials potentially available for sale on Dark Web forums. More than 70% of credentials advertised for sale offered Remote Desktop Protocol (RDP) access to cloud resources. Prices for these credentials ranged from a few dollars to more than $15,000 per credential.

The factors influencing prices for cloud access credentials include the level of access a credential potentially offers - privileged access credentials were pricier than those offering less privileged access - and the amount of credit associated with an account.

Two-thirds of cloud breaches investigated were caused by poorly configured APIs. IBM incident responders also uncovered virtual machines and other cloud resources deployed with default security settings, or with misconfigurations that left them vulnerable to exploits and abuse. darkreading.com

'Follow the Money' - It's Getting Harder
Understanding the Cryptocurrency-Ransomware Connection

According to Fortinet, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day.

Ransomware was widespread long before cryptocurrency came along, but in recent years, both have skyrocketed in tandem. Because cryptocurrency is difficult to trace, cybercriminals have rapidly switched to it as their preferred method for ransom payments. In fact, DarkSide, the group behind the high-profile attack on Colonial Pipeline, purportedly raked in $90 million in Bitcoin ransom payments before shutting down in May.

So, why is this happening? And what do you need to know? Read on. - The appeal of cryptocurrency

For bad actors extorting money from victim organizations via ransomware, they typically had to rely in the past on wire transfer services or other forms of payment using regular currency. While these got the job done, they also came with a paper trail - a very traceable paper trail, in most cases. And that made it easy for the FBI to track the bad actors down.

These days, almost all ransomware attackers demand payments via some form of cryptocurrency, which makes it a lot harder to identify who the actual person behind the keyboard is and it doesn't leave the same kind of paper trail. It's also faster - payments can be made almost instantly. For bad actors, this kind of convenience is a no-brainer.

Cryptocurrency also makes it easier to diversify across payment platforms and demand payments in several smaller amounts paid out to different digital wallets, which again all goes back to making it hard for law enforcement to trace. They can also diversify in terms of the coins and platforms they're using.

More options, more bad actors - Putting the brakes on crypto-tied ransomware plots - Get involved securityweek.com

Is Your Company Safe from Cyberattacks?
Three ways to keep your organization safe from cyberattacks
Let's examine three cybersecurity challenges that are seemingly unrelated, but deeply intertwined below the surface. In each case, the underlying problems would greatly benefit from a policy of improved communication.

First, we must understand our technology stacks. This is the collection of IT infrastructure that includes everything from operating systems and programming languages to servers, data storage, application monitoring tools, business intelligence solutions, and more. For CISOs, juggling the vast scale of a tech stack and the attackers using increasingly sophisticated techniques calls for a new approach to security to keep systems, data, and devices safe.

Second, we need a new approach to the firehose of information hurtling toward us. We've all heard the saying that if everything is an emergency, nothing is. We get alerts from our development platforms, the Continuous Integration system, the security monitoring tools, even our watches. Somewhat paradoxically, this world of constant notifications has conditioned us to ignore alerts. Addressing this issue seems simple-prioritize the notifications that matter-but the sheer number of alerts and their associated false alarms means thousands of warnings go unacknowledged, and many companies aren't as secure as they think they are. Responding to alerts must become automated, and for that to happen, we must put systems in place that can scale with the people monitoring for those alerts.

Third, we need to create a culture of follow-through to ensure issues are resolved. As we saw in the major breaches this year, seemingly innocuous alerts have the power to start a chain of events, leading to massive cyberattacks. The attackers who developed the Sunburst malware spent more than a year inside their target organization before being identified, highlighting the importance of cooperation and attention to a proactive cybersecurity program. helpnetsecurity.com
 

$31M Coupon Fraud Scheme
DOJ: Virginia Beach Couple Sentenced for $31 Million Coupon Fraud Scheme
A Virginia Beach woman was sentenced today to 12 years in prison, following last month's sentencing of her husband to over 7 years in prison, for perpetrating a counterfeit coupon fraud scheme that cost retailers and manufacturers over $31 million in losses.

From approximately April 2017 through May 2020, Lori Ann Talens, 41, operated a complex scheme using social media sites and apps such as Facebook and Telegram to find groups of coupon enthusiasts and sell them counterfeit coupons. Lori Ann Talens, who operated online under the moniker "MasterChef," used a computer to design, create, and produce a wide variety of counterfeit coupons in her Virginia Beach home. These counterfeit coupons were virtually indistinguishable from authentic coupons and were often created with inflated values, far in excess of what an authentic coupon would offer, in order to receive items from retail for free or for a greatly reduced price.

As part of the scheme, Lori Ann Talens would ship the counterfeit coupons throughout the United States using the U.S. Postal Service and other commercial parcel delivery services. She accepted payment for the counterfeit coupons through a variety of online payment methods, including Bitcoin and Paypal. Lori Ann's husband, Pacifico Talens, 43, was aware of the counterfeit coupon scheme, profited from it, and assisted in the operation by shipping packages of counterfeit coupons and performing other administrative tasks at the direction of his wife.

The scheme was discovered when one of the Talens's customers reported them to the Coupon Information Center (CIC).

Federal law enforcement executed a search warrant on their residence. During the search, agents seized nearly $1 million worth of counterfeit coupons from the residence. Furthermore, a review of the Talens's computer revealed images for over 13,000 separate and distinct counterfeit coupon designs. The CIC reviewed these images and compared them to the known counterfeit coupons in circulation. The analysis concluded that coupon redemptions using the 13,000 counterfeit designs on the couple's computer had caused approximately $31,817,997 million in losses to retailers and manufacturers. justice.gov

$4M Gift Card Scam
Colleyville, TX: $4 million gift card scam started in Colleyville, ends in woman's arrest

The woman allegedly redeemed cards totaling more than $1.2 million over the summer.

A 28-year-old woman is under arrest after her alleged role in a $4 million gift card scam whose first victim was a Colleyville man. Lin Qiu, a Chinese national who was living in Plano, was part of an organized crime ring that conned elderly victims into buying an estimated $4 million in gift cards that were then redeemed by the criminals, prosecutors told KXAS-TV (NBC5).

The case began in Colleyville, when a 78-year-old man responded to a fraudulent email from Apple. He called a toll-free number on the email and the person on the phone accessed the man's phone and computer remotely, according to the station, and was scammed out of $400.

Walmart fraud investigators also got involved, telling police they detected a "very large suspected fraud and money laundering case" in Collin, Dallas, Denton and Tarrant counties, according to the station. The company was "alarmed" that thousands of cards that were purchased from across the country were all being redeemed in North Texas, often soon after they were bought, NBC5 reported.

Court documents show Qiu personally redeemed 2,000 Walmart shopping and gift cards over the summer, according to NBC5, with a value of over $1.2 million.

Qiu was arrested on charges of engaging in organized crime, theft, money laundering and exploitation of the elderly, according to the station, and is being held on a $500,000 bond. dallasnews.com

Serial BB Gun Robber Gets 72 Months Fed Prison
DOJ: San Bernardino Man Who Robbed 28 Food and Retail Stores During Five-Month Crime Spree Sentenced to 6 Years in Federal Prison
A San Bernardino man who robbed more than two dozen retail and fast-food stores during a five-month span in Los Angeles and San Bernardino counties was sentenced today to 72 months in federal prison. David Sanchez, 41, pleaded guilty on June 21 to two counts of interference with commerce by robbery.

From November 2020 to April 2021, Sanchez robbed 28 fast food restaurants and retail stores. In each robbery, he brandished what appeared to be a firearm - but was in fact a BB gun - and demanded money from the cash registers. The robberies netted a total of at least $3,853.

Sanchez admitted in his plea agreement to robbing stores and food shops in Lynwood, Long Beach, South Gate, San Bernardino, Palmdale, Compton, Whittier, Fontana and Bellflower. The robberies targeted Walgreens, Circle K, Little Caesar's Pizza, Subway, El Rey Supermarket, Lynwood Farmer's Market, Family Dollar Store, Starbucks, Domino's Pizza and Dollar Tree outlets. justice.gov

Update: Queens, NY: JFK Chanel, Gucci heist accomplice pleads guilty
A man pleaded guilty to charges for his involvement in a designer clothing cargo heist at John F. Kennedy Airport last year, Queens District Attorney Malinda Katz announced this week. Manhattan resident David Lacarriere, 34, was charged with criminal possession of stolen property in the first degree after being caught with thousands of Gucci and Chanel items worth $2.5 million - only a portion of the more than $4 million in gear taken from a warehouse at the airport. "Our airports must be safe for travelers. JFK Airport, an international trade hub, must also be secure for companies that transport vital air cargo to our region - especially during the height of this healthcare pandemic - when our City relied on air cargo for food and medical supplies," Katz said.

Lacarriere was allegedly part of a crew that gained access to the warehouse in May of 2020 using forged air cargo shipment receipts and impersonating a truck driver to get onto the grounds. Designer jewelry, bags, clothing, sneakers and other accessories in the shipment were carted off site. Port Authority police found the container in Maspeth more than a week later, which contained only shipping pallets, wrapping material and display cases doused in bleach. Police recovered more than 3,000 authentic Gucci items and 1,000 Chanel items from Lacarriere's home after executing a search warrant. He returns to court for sentencing on Oct. 26 and faces 5 and a half to 11 years in prison. He had previously pleaded not guilty. After the breach, the Port Authority and the Transportation Security Administration worked to update security including barriers limiting access of unauthorized individuals at JFK. queenseagle.com

Stafford Township, NJ: Police arrest 2 serial Shoplifters hitting Home Depot, Target and Kohl's; $2500 of merchandise recovered

DuBois, PA: Man accused of stealing more than $1,700 worth of items from Walmart

Houston, TX: 6 pairs of $200 jeans walked out of west Houston western wear store