Last month, our cybersecurity team gave a presentation for the Tallahassee Chamber of Commerce’s “Beyond the Basics” program.
We have given this presentation to clients and local organizations for several years, and each time, we update the slides with the latest headlines about cybercrimes and new threats.
Now that the election is over, we can move on from campaign and election-themed hacking attempts and review two of the new ones.
This time, we added “Pig Butchering” for the first time, and during the Q&A, this topic generated many questions.
This kind of cybercrime usually starts with a text message from an individual that references something pretty normal, like “Hey Bob, sorry to miss the flight. Something came up.” The recipient is not named Bob, and if they reply, an attempt to steal your money has begun.
The criminal at the other end of the text is hoping for a reply, and they will do anything to eventually get you to send them money.
The hacker starts by sending pictures and sharing stories of where they are from. I heard of one exchange going on for a year before the hacker asked them to invest in digital currency. First, a small amount, showing a large return, then the big ask, and that’s when they wipe out the victim’s accounts.
Lives are being ruined and lost in this ruthless scheme that is taking people, in some cases, for every dime they have. If you don’t know about it, read up on it and tell your loved ones about it. Especially the elderly and those living alone as hackers target them often and appear to provide a friend before robbing them.
I have seen this happen to people here in Florida; it is as bad as it gets.
The other topics we discussed during the presentation are the ones we are all getting used to hearing about gift card schemes, phishing attempts, and ransomware. Ransomware can bring an organization to a standstill with the click of a button.
You know the drill by now to avoid these threats. Make sure you are going through cyber training, email attack simulations, deploying advanced threat protections, robust passwords, an enterprise-level firewall, two-factor authentication, and having redundant backups ready if all else fails.
That’s it, right? Nothing else to fear? Not so fast as what happens when you accidentally hire a hacker? The world of remote work and work from home has turned many of our companies into an army of pajama-wearing Zoomers.
While this has some upsides, it has opened the door to a new cybersecurity concern.
In Florida, a security company called KnowB4 allegedly hired a hacker from N. Korea who applied for a job there. They shared the experience completely transparently so others could stop it from happening to them. In our world of smoke and mirrors and blaming others, this direct information sharing is beyond refreshing.
They recount the story on their website.
The crime began with the hacker going through the interview process, using AI to alter his picture and providing fake references with Gmail addresses (vs. company domains). Everything was done remotely. Next, the person was hired to work remotely, and once hired, the company laptop was shipped to an address in the U.S. The address differed from where this person said they lived, so red flags started there. This is where the dark world of a “Laptop Farm” comes into the story.
A Laptop Farm is a sketchy and deceptive service that can give people outside the U.S. the appearance of working in the U.S. or, in other ways, be used for money laundering and data theft. Law enforcement is starting to play catch-up to this type of crime, as recent busts show how far-reaching it is.
For example, the farm in question could be in someone’s basement, and the person who runs it would set up a group of laptops that would all be accessed by people from another country.
This means the hacker might be in Spain or China, but they would sign into a leased laptop in Tennessee or Virginia and access it remotely, giving it the appearance of being U.S.-based.
The FBI recently raided one such farm, and it would appear that not everyone is being as transparent as Knowb4, as hundreds of businesses may have been successfully infiltrated so far.
The KnowB4 employee appears to have been using a farm like this, and his career there lasted all but 25 minutes as it was immediately detected that they were attempting to download malware and cut off from the company’s network. The company did its background checks and even a drug test, but the hacker could complete all these tasks without scrutiny.
The bottom line is clear: this is a state-sponsored, large-scale, highly sophisticated effort to undermine our nation’s security, steal information, and further their agendas, including spy-craft.
This means adding two new worries to our “I can’t sleep at night” list for you and me. These threats sound as bad as Superman III. Remember the one about hacking?
Yeah, me neither.
However, Pig Butchering and Fake IT workers are as real as it gets and terrifying in scope.
Talk to your family and co-workers about both; you might stop a massive problem. The last item to protect yourself on today’s list, I offer you two simple steps: Don’t respond to texts from strangers, and if you want to hire someone, interview them in person.
One comment
Just a nobody that don't like anybody
November 12, 2024 at 2:48 pm
We all know McAfee was on Russia’s side of the coin.