In Case You Missed It

Auror named Microsoft Growth Partner of the Year

Auror has been named the 2021 Microsoft Growth Partner of the Year, reflecting the tremendous growth they have achieved in their quest to reduce loss, crime, and harm in retail stores. Their growing global community includes some of the largest retailers in the United States, Canada, Australia and New Zealand. Those organizations are also supported by over 500 law enforcement agencies using intelligence to protect the wider community from crime and harm.

Starting in New Zealand in 2014 with just four stores, Auror has expanded to serve more than 10,000 stores in less than a decade. They are an innovative company doing phenomenally well on the world stage to protect companies from the $100B of crime-related losses that happen every year. The speed of their success is a testament to the power of their innovative incident reporting and retail case management software solutions.

To see more details about their journey, from concept to global movement, see here.

30 Nations & the EU Meet With NSC on Ransomware
White House international ransomware initiative outlines hopes and challenges
The White House's Counter-Ransomware Initiative event, facilitated by the National Security Council (NSC), concluded two days of public-facing and closed-door sessions. Present were ministers and representatives from more than 30 countries and the European Union.

Interestingly, Russia, the country where cybercriminals apparently enjoy safe harbor from which to launch malware, including ransomware attacks against non-Russian targets, was excluded from the meeting. The White House noted it fully expects Russia to "address ransomware criminal activity coming from actors within Russia" and that the Experts Group has had "frank and professional exchanges" and "We (United States) have shared information with Russia regarding criminal ransomware activity being conducted from its territory."

That is not to say that Russia isn't trying to get a seat at the table of global discussion on cybersecurity. Russia is attempting to shape the global discussion and is leading the effort within the United Nations to organize a cybercrime treaty, pushing through a resolution in May 2021 calling for the Ad Hoc Committee to organize six ten-day sessions on the topic to begin in January 2022.

The two-day meeting, which was announced by President Joe Biden within his statement on Cybersecurity Awareness Month, highlighted the importance of "bringing the full strength of our capabilities to disrupt malicious cyber activity." Of particular note, especially for CISOs, was the purpose of international engagement, designed to accelerate "cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity."
csoonline.com

DHS Setting an Example & The Huawei Impact
House Passes Bills on Both Supply Chain, Telecom Security

Legislation Targets DHS SBOM, Further Chinese Telecom Restrictions

'DHS Must Set an Example'
The Department of Homeland Security Software Supply Chain Risk Management Act of 2021,
requires DHS' undersecretary for management to issue departmental guidance requiring DHS contractors to submit software bills of materials, or SBOMs, that identify the origins of each component of the software furnished to DHS.

Telecom Focus - The Huawei Impact
The House also passed a bipartisan bill that would prohibit the Federal Communications Commission from reviewing or issuing new equipment licenses to companies on the FCC's "Covered Equipment or Services List" - that allegedly pose a national security threat. The measure passed by a vote of 420-4.

The Secure Equipment Act would prevent equipment manufactured by Chinese firms such as Huawei, ZTE, Hytera, Hikvision and Dahua from being further utilized and marketed in the U.S. govinfosecurity.com

NSA is surging its collaboration with the private sector
Over 100 Companies Now Huddling with National Security Agency on Cybersecurity
The private sector members of NSA's Cybersecurity Collaboration Center - which launched earlier this year - are working together on numerous large-scale projects, said Rob Joyce, director of NSA's Cybersecurity Directorate, in a wide-ranging interview. He declined to name specific members of the center, but said they include defense contractors, cloud computing and telecom companies, and cybersecurity firms.

The new center is part of a government-wide effort to more actively help companies respond to a barrage of damaging cyberattacks from adversary governments and cybercriminals. But the NSA effort is particularly notable because the organization - once playfully dubbed No Such Agency - spent decades avoiding such public efforts.

Getting proactive & Gaining Access

Why the big change? For the NSA, it was largely driven by the overwhelming pace and scale of cyberattacks and a realization the agency must get better at stopping attacks before they happen. That's a lot easier when it can glean information about hacking efforts from U.S. company networks, to which it normally doesn't have access.

The Other Benefits - Speeding Up Critical Info Sharing

Working with the companies has helped the NSA speed up its processes for translating intelligence about cyber threats into unclassified forms that can be shared with industry officials that lack government clearances, Joyce said. Companies have long complained that such information comes too slowly and, after it's been stripped of classified information it's too generic to be useful.

Information shared within the collaboration center is automatically sent to the Cybersecurity and Infrastructure Security Agency, which can share it among a broader swath of companies. washingtonpost.com

Gangs Shift to Smaller Targets
Average Ransom Payment Stays Steady at $140K But Median Up 50%

Big Game Hunting Is Out and 'Mid Game Hunting' Is In, Coveware Warns

When a business, government agency or any other organization gets hit by ransomware and opts to pay a ransom to its attacker in exchange for a decryption key or some other promise, on average it pays $140,000.

In a new report detailing Q3 trends, Coveware says that the average ransom payment remained largely steady, compared to Q2, while the median increased by more than 50%. govinfosecurity.com

Ransomware Gangs Update - Running Scared
The Cat & Mouse Games Between Ransomware Gangs & Law Enforcement

Law Enforcement Coming to the Rescue Two Times?

After this summers three high-profile attacks, DarkSide disrupting U.S.-based Colonial Pipeline, causing consumers to panic-buy fuel. REvil - aka Sodinokibi - attacked meat processing giant JBS, and over the July Fourth holiday weekend, it hit remote management software firm Kaseya's software, used by managed service providers, to encrypt and hold to ransom systems used by more than 1,500 of those MSPs' customers.

The attacks sparked a furious political response from the Biden administration and other governments, galvanizing international efforts to target ransomware attackers via law enforcement means, disrupt cryptocurrency flows to eat away at profits, and focus on improving the cybersecurity resilience of domestic businesses. The White House has also been increasing diplomatic pressure on Moscow to crack down on cybercriminals operating from inside Russia's borders.

Seemingly in response to the fallout, DarkSide ceased operations, rebranding as BlackMatter. REvil went offline in July for unexplained reasons, before resurfacing in September. The same month, security firm Bitdefender received from law enforcement officials the keys that enabled it to build and release a free decryptor for almost all REvil infections dating from July and before. This month, REvil's infrastructure went offline again, with an administrator claiming operators pulled the plug after someone hijacked REvil's Tor-based data leak and payment portal sites.

Editor's Note: Wonder who that "someone" was? Especially shortly after Law Enforcement came to the rescue with free decryptor keys. It's about time.

'Mid Game Hunting' - Focusing on Smaller Targets

Meanwhile, the ransomware attack landscape has continued to shift in other ways too. "Ever since the pipeline attacks this spring, we have seen statistical evidence and intelligence showing that ransomware actors are trying to avoid larger targets that may evoke a national political or law enforcement response," Coveware says. "This shift from 'big game hunting' to 'mid game hunting' is personified in both the ransom amount statistics but also the victim size demographics from the quarter." govinfosecurity.com

It's About Time That Gang Was Taken OUT
REvil ransomware group hacked by multiple governments - reports
Multiple governments coordinated to take the ransomware group REvil offline months after its system-locking malware was used in crippling cyberattacks against meat supplier JBS Food and IT vendor Kaseya, according to reports.

Four people in the US with direct knowledge of the multi-government operation told Reuters that law enforcement moved to prevent REvil from causing further harm.

"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups," Tom Kellermann, an adviser to the US Secret Service on cybercrime investigations and head of cybersecurity strategy at VMWare told Reuters. "REvil was top of the list." verdict.co.uk

Number of Cyber Ins. Policies Up 60% Since 2016
Cyberattacks spurring demand for cyber insurance: Moody's
Demand for cyber insurance has surged as companies respond to high-profile cyber attacks, increased regulatory scrutiny, mounting reputational risk and the need for protection against vulnerabilities among supply-chain counterparties, according to Moody's Investors Service. "Cyber insurance has become an important component of companies' risk management programs."

At one large insurance broker, the "take-up rate" - or proportion of eligible organizations buying cyber insurance - rose to 47% in 2020 from 26% in 2016, Moody's said in a report, quoting data from Marsh McLennan. Cybercrime costs worldwide will likely total $6 trillion this year and annually rise 15% during the next five years, Moody's said, quoting Cybersecurity Ventures estimates.

The Securities and Exchange Commission (SEC) this year has intensified its focus on cyber risk, pursuing several enforcement actions and adding "cybersecurity risk governance" to its rulemaking agenda.

The cyber insurance market is booming. Cyber insurance premiums rose to $2.5 billion last year, a 103% increase compared with 2016, Moody's said, citing data from U.S. regulators. It estimated that worldwide premiums total around $10 billion. cfodive.com

Hackers somehow got their rootkit a Microsoft-issued digital signature
 

RH-ISAC's Security Awareness Symposium

Tue, October 26 | 10:00 AM EST

The Security Awareness Symposium is a one-day, online event that is designed to provide security awareness training to employees within all departments of retail, hospitality, and travel organizations. The event celebrates the RH-ISAC's commitment to Cybersecurity Awareness Month and provides both members and non-members an opportunity to provide education and training to their employees.

Click here to register and learn more

Amazon Pretenders/Scammers Up 500%
FTC: Scammers Stole $27M From Amazon Customers
Scammers stole about $27 million from Amazon customers between July 2020 and June 2021 through about 96,000 incidents reported to the Federal Trade Commission, according to a blog post on the FTC's website.

The FTC said reports about companies pretending to be Amazon increased fivefold during that year, and about 6,000 people who reported an Amazon-related scam said they lost money in the scheme, with an average median loss of $1,000.

Apple is the second-most frequent company used in these fraud incidents, with victims giving the person access to their iCloud accounts or thinking they've won free iPads. pymnts.com

FTC Data Spotlight on scammers impersonating Amazon: How businesses can reduce injury to consumers
The Data Spotlight explains numerous ways scammers are taking advantage of Amazon's name and ubiquity, but it often involves an unexpected message from "Amazon," warning that there's been suspicious activity or unauthorized purchases on the person's Amazon account.

Another option for large, frequently impersonated institutions - public or private - is to develop consistent policies about how they communicate with consumers. For example, some entities have a general policy of not calling consumers out of the blue. Instead, they may respond by phone to in-bound consumer inquiries or may follow up after sending a consumer a letter in the mail. When institutions share these policies with the public and apply them consistently, consumers may more easily identify when an unsolicited message is a phony. ftc.gov

Facebook Integrity Team Member Blows the 2nd Whistle
New whistleblower claims Facebook allowed hate, illegal activity to go unchecked
Latest complaint to the SEC blames top leadership for failing to warn investors about serious problems at the company

A new whistleblower affidavit submitted by a former Facebook employee Friday alleges that the company prizes growth and profits over combating hate speech, misinformation and other threats to the public, according to a copy of the document obtained by The Washington Post.

The whistleblower's allegations, which were declared under penalty of perjury and shared with The Post on the condition of anonymity, echoed many of those made by Frances Haugen, another former Facebook employee whose scathing testimony before Congress this month intensified bipartisan calls for federal action against the company. Haugen, like the new whistleblower, also made allegations to the Securities and Exchange Commission, which oversees publicly traded companies.

The new whistleblower is a former member of Facebook's Integrity team whose identity is known to The Post and who agreed to be interviewed about the issues raised in the legal filing. Perhaps the most vivid moment in the affidavit comes in a direct quote the whistleblower reported hearing from a top Facebook communications official during the controversy following Russian interference in the 2016 presidential election. The whistleblower's name is redacted in the affidavit.

As the company sought to quell the political controversy during a critical period in 2017, Facebook communications official Tucker Bounds allegedly said, according to the affidavit, "It will be a flash in the pan. Some legislators will get pissy. And then in a few weeks they will move onto something else. Meanwhile we are printing money in the basement, and we are fine."

Bounds, now a vice president of communications, said in a statement to The Post, "Being asked about a purported one-on-one conversation four years ago with a faceless person, with no other sourcing than the empty accusation itself, is a first for me."

Friday's filing is the latest in a series since 2017 spearheaded by former journalist Gretchen Peters and a group she leads, the Alliance to Counter Crime Online. Taken together, the filings argue that Facebook has failed to adequately address dangerous and criminal behavior on its platforms, including Instagram, WhatsApp and Messenger. The alleged failings include permitting terrorist content, drug sales, hate speech and misinformation to flourish, while also failing to adequately warn investors about the potential risks when such problems surface, as some have in news reports over the years. washingtonpost.com

Security Causing Cart Abandonment?
Consumers prefer biometrics to passwords, think less of brands with bad authentication
The 'Authentication Frustration. How Companies Lose Customers in The Digital Age' report shows that biometrics are considered an easier and better method of authentication than alternatives by 44 percent of consumers, 34 percent say they would prefer to use biometrics so long as the system is secure, and only 10 percent would prefer passwords or other forms of authentication over biometrics.

The BPI Network and CMO Council surveyed 2,000 consumers for the report, which is part of the 'Unify How You Verify' initiative conducted in partnership with Daon.

Password problems are reported by 68 percent of those surveyed, and respondents show a strong preference for physical biometrics like facial and fingerprint recognition.

In addition to the 60 percent of consumers who say they have abandoned a business transaction due to frustration with the authentication process, 81 percent prefer to interact with companies that verify their identity "simply, quickly, and safely." biometricupdate.com

DOJ: Miami Man Pleads Guilty - Access Device Fraud & Money Laundering Conspiracies in Nationwide Gas Station Skimming Scheme
ALBANY, NEW YORK - Hugo Hernandez, age 34, of Miami Lakes, Florida, pled guilty for his roles in a nationwide gas station skimming scheme that involved stealing banking and personal information of residents in and around the Northern District of New York, as well as multiple other parts of the country, who used the "pay at the pump" feature to make gasoline purchases.

Hernandez admitted that between December 2015 and July 2019, he conspired with others to commit access device fraud by building skimming devices designed to steal gas station customer information, installing those devices inside gas pumps in Albany, Broome, and Montgomery Counties, and elsewhere, and then using the information collected by those devices to create fake credit and debit cards. The fake cards were used to obtain money orders, gift cards, cash, and other things of value.

Hernandez also admitted to being part of a conspiracy to launder funds obtained through the access device fraud conspiracy, and, in facilitating that conspiracy, causing at least 162 money orders, worth $173,257, to be deposited into a bank account he controlled. As part of his plea agreement, Hernandez agreed to be subject to a forfeiture money judgment in the amount of $173,257.

Hernandez faces up to 20 years in prison; a fine of up to $500,000 or twice the value of the property involved in the transaction, whichever is greater; and up to 3 years of supervised release. justice.gov

DOJ: Fresno Woman Pleads Guilty to Committing $100,000 in Credit Card Fraud
Alena Nicole George, 43, of Fresno, pleaded guilty today to access device fraud. According to court documents, from February through April 2019, George used a credit card that was fraudulently opened in the identity of a victim with a name similar to her own name to make $100,000 in purchases at national retailers and cash advances at a national bank. George faces a maximum statutory penalty of 10 years in prison and a $250,000 fine. justice.gov

Grovetown, GA: Man gets away with $2,244 in earbuds from Walmart

East Longmeadow, MA: Four charged with shoplifting at Big Y; loaded gun recovered

Manitowoc, WI: Repeat Offended caught stealing Lego set from Walmart, twice in 1 day

Leesburg, VA: Repeat offender busted at Walmart; 3 priors