Top | |
Newsletter 11/05/2022 |
Back to Contents |
It's Why It's Called the Dispatches From the Front:
Customer:
Waitress:
It has been reported that Business Email Compromise (BEC)
attacks
increased by 48% in the first half of 2022.
Topping the list of BEC attacks is
Credential phishing: a process of obtaining login information
from users. And it was into a very deep morass of a
concentrated and relentless BEC attack on a small business client of
mine where I found myself during the week beginning October 31, 2022.
The FBI maintains a
website devoted to these types of online scams.
A separate page at this site explains in simple language
what makes up BEC scams. A common example,
and what plagued my client, is when: "A vendor your company
regularly deals with sends an invoice with an updated mailing address."
(Ibid.) This type of spam campaign is not
new.
Stolen credentials of a third party vendor is what predicated
the attack on Target Stores in 2015.
The attack my client experienced employed all three of the attributes that were so successful in 2021, and noted above by the FBI. It did appear that my client's email Contact List of his Business Clients had been compromised — yet it also seemed that his Personal Contacts had been spared. Spearphishing emails flew hither and yon; but again only to and from Business Clients. And to complete the FBI's trifecta, my client's spams referenced email addresses using mailboxes that did not exist at his domain that does exist. Spoofing; Spearphishing; and Malware Induced Reconnaissance — my client had them all. And with all these actions and reactions came a great deal of FUD.
I have learned over these 20 plus years of this war of attrition against malware that little if anything is as it seems. Within each and every spam email going to and from my client's email server, there were references to emails emanating to and from a medical facility located in Florida. This led me to believe initially that the attack of last week inflicted upon my client was part of an ongoing campaign against CommonSpirit, the second largest nonprofit healthcare corporation in this US of A. This ransomware attack brought down systems at medical facilities from Chicago to Omaha, Nebraska, to Virginia. and beyond.
Seattle-based Virginia Mason Franciscan Health has begun the
process of restoring its IT systems that were taken offline during the
ransomware attack that impacted Chicago-based CommonSpirit Health
hospitals across the country. Virginia Mason providers are now
able to access their patients' EHRs, with MyChart functionality expected
to be available in the coming days, according to an Oct. 17 update from
the hospital.
This attack on medical facilities went global. While the
CommonSpirit attack was in full swing,
the UK
National Health Service suffered a ransomware attack.
In Australia, during the same time period, it was reported that
"Health insurance provider Medibank has
confirmed that a ransomware attack is responsible for last week's
cyberattack and disruption of online services". So,
here embedded in the ebb and flow of my client's spam messages, is a
reference to an unknown and unrelated healthcare firm, again in Florida,
while a world wide attack on healthcare was still in full swing.
There was, therefore, good reason to believe that my client and his
clients and vendors were all sucked into the worldwide cyber war on
healthcare. And, thus, I also had good reason to believe that my
client was not
USER ZERO in this particular spam phishing attack.
Then, at the end of the week, there were reports of another likely culprit affecting users worldwide, and my client and his business contacts. As BleepingComputer reported, November 2, 2022, after 4 months of inactivity: The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation. As the BleepingComputer article cited explains: From samples uploaded to VirusTotal, BleepingComputer has seen attachments targeted at users worldwide under various languages and file names, pretending to be invoices, scans, electronic forms, and other lures. Indeed. Emotet has plagued users for several years now. The group behind this Advanced Persistent Threat was disrupted in 2021 by law enforcement agencies around the globe working in tandem. It was considered quite a victory against global criminals at the time. The takedown was no small task: Authorities including Europol, the FBI, and the UK's National Crime Agency, along with agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine, teamed up to bring down one of the world's most prolific and dangerous botnets.
Whether it was the attack on healthcare worldwide, or the global return
of Emotet, that attacked my client in a sunny beach town south of LAX,
is less important than the simple fact the Global Cyberwar has come to
cities, towns, and neighborhoods near you and me. The threat that any one of us
computers users could be the next victim of this global threat is here
and now.
|
Gerald Reiff |
Back to Top | ← previous post | next post → |