ARTICLES & INSIGHTS
The Week In Review 11/01 – 15/01
2020 was a good year for SaaS, but perhaps not the SaaS you are thinking of. A Scam-as-a-Service operation, codenamed Classiscam, uncovered in Russia has been helping classified ads scammers take more than $6.5m from buyers across multiple continents. The scammers used an organised model, deployed across various sites listing items such as consoles and appliances. They would then interact with interested buyers through sophisticated telegram bots directing them to fake sites to make payment. Cyber security company Group-IB estimates that there were 5000+ scammers across 40 telegram chats at the end of 2020, with each group turning over $60,000 monthly. This is not the only instance of fraud catching headlines this week. A data leak of sensitive documents of over 12,000 construction workers was reported, including passport scans, national ID’s, birth certificates, tax returns and more. The target company was international staffing agency Nohow, who stored this sensitive information on an unsecured Microsoft Azure Blob, which has since been secured. With so many personally identifiable details being leaked of individuals there is serious concern about further scams involving identify theft, with passport or ID scan typically fetching about $15 on the dark web. A leak of 12,000 individuals can, therefore, be both seriously damaging and lucrative.
President of Microsoft, Brad Smith, has said this week that it is important that the cyber security and technology community, as a whole, work together to safeguard the assets and supply chain that “we are all responsible for protecting.” Speaking at CES2021, Smith reinforced his view that private companies should collaborate and partner to guide governments in terms of cyber security approach, policy, and adoption so that nation states, or indeed companies, cannot pursue supply chain disruption on the scale we saw in 2020. This vision of collaboration was at the core of his keynote, saying that “the only way to protect the future is to understand the threats of the present and that requires us to share data in new ways.” He explains that with so much data and threat intelligence existing in silos, it makes it almost impossible to detect threats such as the SolarWinds hack early. This speech comes at a time when the cyber security industry has faced higher levels of pressure through a significant increase in attacks amidst the COVID-19 pandemic. A study conducted by the Ponemon Institute found that the pandemic has increased hours and workloads in a profession that was already highly demanding, as a result many of the information security personnel surveyed indicate they are close to burn out. In addition to this, the remote aspect of working is seemingly straining cyber security outfits with more than half of SOC based employees saying it has had an impact on operations. In an industry already rife with skill gaps, analysts experiencing burnout are beginning to leave their roles in droves as companies are fighting to both retain and attract talent into the organisation.
A newly launched website launched website claims to be selling data stolen in the SolarWinds hack, marking a new milestone in the saga. Aptly named SolarLeaks, displays listings of items such as “Microsoft Windows (partial) source code” for $600,000. Prominent members of the cyber security community have differing opinions on whether this is legitimate with some suggesting it could be a misdirection to prevent attribution of the attack to any one group.
Ensure your company is equipped to deal quickly and effectively with any breach. Dionach provide industry leading Cyber Security Incident Response (CSIR) for organisations globally.
Read about all of this and more below:
Cyber security teams are struggling with burnout
12,000+ workers have sensitive information leaked
SolarLeaks site springs up
Brad Smith calls for more collaboration and data sharing
IoT chastity belt victim of ransomware
Scam-as-a-Service brings in $6.5m
Bitdefender release free DarkSide ransomware decrypter