[BreachExchange] How One Company’s Cybersecurity Problem Becomes Another's Fraud Problem
Destry Winant
destry at riskbasedsecurity.com
Fri Aug 31 04:13:31 EDT 2018
https://www.darkreading.com/endpoint/how-one-companys-cybersecurity-problem-becomes-anothers-fraud-problem-/a/d-id/1332669
Fraud isn't something new or something that only happens on the
Internet. Identity theft has been around for decades. What has changed
is how fraud is executed; not only are individuals targeted, but now
entire companies can become targets for fraud. For example, what are
phishing sites masquerading as legit websites if not attempts at
counterfeiting the identity of that company?
Cloud service providers and blue-chip software companies are
especially desirable targets for fraud. Bad actors infiltrate
corporate networks not to hack the corporations themselves but to
co-opt their infrastructure. Hackers use stolen credentials to hide
behind IP addresses, servers, and domain addresses to wage covert
cyberattacks, misleading investigators and compromising corporate
infrastructure in the process.
In my research, I've uncovered the three most common scenarios of what
my team calls "cyber-enabled fraud," which we define as fraud that is
facilitated though the use of malware exploits, social engineering,
and/or lateral movement through a compromised website, network, or
account. Note that all there of these can be, and many times are, used
in conjunction with one another.
Phishing: Bad actors send a phishing email to steal your credentials,
usually by having you click on a masked hyperlink directing you to a
well-done spoof of a legitimate website. There you are asked to list
information like usernames, passwords, Social Security numbers,
birthdates, or financial information. These phishing emails can also
be designed to install ransomware when you follow their directives.
Social Engineering: When you spoof the email of the company's CEO
directed to the CFO or someone else in finance to see if he or she
will wire money to an account controlled by the bad guys. Social
engineering can also accomplish some of the goals of phishing, such as
gaining sensitive information or getting credentials, over the phone
or, on occasion, in person. You aren't being asked to do something,
like click on a link, but you are asked directly to provide sensitive
information.
Lateral Movement/Resource Sabotage: Once bad actors have gained access
through phishing or a vulnerability exploit, there is further fraud
that can be committed: They can use that access to compromise other
machines or servers in a company, often with the help of any
fraudulent credentials they've managed to obtain, and they can use
these compromised systems to send out malware and malicious spam, or
use bandwidth and resources for crypto mining,
All of these actions result in infrastructure becoming compromised in
some way. But the larger end result is that my cyber problem has just
become everybody else's fraud problem because my infected system is
now set up to attack other systems.
Here's an example of cyber-enabled fraud in action. There are two
cloud service providers, Cloud A and Cloud B. Bad guys use prepaid or
stolen credit cards to purchase a virtual server account with Cloud A
and, through that server, send out malware that is using the server
for fraudulent purposes.
When they are finally caught — which can take months — and the account
is shut down, the bad guys immediately open up an account using the
samecredentials with Cloud B. If Cloud A and Cloud B are willing to
work together and exchange threat intelligence information, with Cloud
A flagging that account as fraudulent, they can stop the cyber-enabled
fraud much faster. This drastically changes the economics for the
fraudster.
Cyber-enabled fraud is part of a vicious virtual cycle. The good news
is we can break this cycle by using best practices in cybersecurity
that protects our own identities and assets as well as the larger
cyber ecosystem. It's taking the concept of "when you see something,
say something" into cyberspace. Communicating about the cyber
incidents you experience to others will help them better detect
potential acts of cyber-enabled fraud. When you take care to protect
yourself, you are helping your virtual community fight off
cyberattacks.
More information about the BreachExchange
mailing list