image of breaking badness
Breaking Badness
Breaking Badness

42. Not Just Phishing For the Halibut with Allan Liska

Here are a few highlights from each article we discussed:

An Accrual World: Why 1040s are Particularly Taxing During a Pandemic

  • This is the evolution that we are seeing of the original Coronavirus scams. It was the natural thing that would happen as attackers take advantage of the situation. We are seeing the original scams for N95 masks and what not still dominating, but attackers are starting to hop on data mining for people desperate for these checks—especially since the government was not clear on its communication of how the money would be dispersed.
  • The same thing is happening with HMRC scams. Started seeing a lot of these domains come online and I am not sure exactly how the UK government is planning on distributing money to individuals dealing with being furloughed during the pandemic, but it looks like attackers are looking to leverage that.
  • In terms of infrastructure being spun up, it is all the usual stuff. Commercial phishing kits spun up to grab private information so that attackers can then grab your tax return or steal your identity.
  • I always tell people who are not technically savvy to not click anything in their email, but just to go to the website directly and find what you need to find there. You never know what cross site scripting vulnerability or opener redirect or something that attackers have found and can leverage even if it looks like the official website.
  • In terms of advice for organizations—Good old phishing education. There are plenty of free services to run a campaign against your own team. Security education goes far, but running a campaign now and again to keep people on their toes is paramount.
  • It is unfortunate that these people target those that are in need the most. The folks who are desperate for a check to get through the month, who haven’t worked in weeks. That is what makes me so mad about these. It is all the people getting targeted that can afford it the least.

Microsoft Attempts to Nurse Hospitals Back to Health

  • Microsoft has been alerting healthcare organizations that are potentially vulnerable to ransomware attacks during the COVID-19 pandemic.
  • Many healthcare providers have had to put together a newly remote workforce on a very short time frame, leaving these organizations especially vulnerable to a ransomware attack.
  • Ransomware actors have stepped up scanning for open Remote Desktop Protocol (RDP), Citrix, and vulnerable VPN connections with good reason, studies show a significant increase in the number of exposed RDP and VPN services.
  • Interpol reports that the threat actors behind Ryuk have actually increased attacks on hospitals during the pandemic. In addition, the Netwalker ransomware has hit a health department in Illinois and has launched attacks against hospitals in Spain.

Two Truths and a Lie

Introducing our newest segment on Breaking Badness. We are going to play a game you are all likely familiar with called two truths and a lie, with a fun twist. Each week, one us with come prepared with three article titles, two of which are real, and one is, you guessed it, A LIE.

You’ll have to tune in to find out!

Current Scoreboard

Breaking Badness Two Truths and a Lie

This Week’s Hoodie/Goodie Scale

An Accrual World: Why 1040s are Particularly Taxing During a Pandemic

[Chad]: 8/10 Hoodies
[Allan]: 8/10 Hoodies

Microsoft Attempts to Nurse Hospitals Back to Health

[Chad]: 8/10 Hoodies
[Allan]: 8.5/10 Hoodies

A special thank you to Allan Liska, Threat Intelligence Analyst at Recorded Future, for taking the time to have this discussion and help enabling my pun-menship (to Chad’s chagrin). Be sure to keep an eye out for Allan’s excellent blog posts!

That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.

*A special thanks to John Roderick for our incredible podcast music!