Risky Business #504 -- Latest email frauds and changes to money muling

A chat with Australia's very own "huggable (former) fed" Alex Tilley...
20 Jun 2018 » Risky Business

On this week’s show we’re chatting with Alex Tilley. He’s with Secureworks in Australia these days, but before that he spent a big chunk of his career with the Australian Federal Police.

He did a presentation a few weeks back at the AusCERT conference all about what fraud crews are up to these days. He’ll be joining us to walk through how much damage West African crime groups are doing with compromised office 365 accounts. We also talk a bit about trends in money muling, because that game has really changed.

This week’s show is brought to you by Cylance, and in this week’s sponsor interview we’ll be chatting with Cylance’s very own Jim Walter about how ransomware hasn’t really gone anywhere, despite most of the tech press getting sick of writing about it.

Adam Boileau, as usual, joins us to talk about the week’s news, including:

  • The Vault7 guy is totally screwed
  • US Senate scuttles Trump’s plan to save ZTE
  • Chinese pwning satellite comms, telcos
  • Olympic Destroyer crew is back

Links to everything are below and you can follow Patrick and Adam on Twitter if that’s your thing.

Show notes

Ex-CIA employee charged in major leak of agency hacking tools - The Washington Post
Ryan Duff on Twitter: "The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out. A lot more tradecraft here than your average leaker… https://t.co/vIy0JL2f63"
WikiLeaks Shares Alleged Diaries of Accused CIA Leaker Joshua Schulte - Motherboard
Senate rejects Trump’s plan to lift ZTE export ban | Ars Technica
China-based campaign breached satellite, defense companies: Symantec | Reuters
Senate bill hopes to sort out supply-chain cybersecurity risks, prevent next Kaspersky drama
Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote
North Korea to blame for string of Latin America bank hacks, insiders say
After Trump courts Kim, U.S. issues warning on North Korean malware
The Olympic Destroyer Hackers May Have Returned For More | WIRED
Patrick Gray on Twitter: "And there it is. The circle is complete. The whole point of Olympic Destroyer was to cast doubt on attribution generally, even though nobody who matters ever made attribution claims based on a few “vectors”.… https://t.co/RFXQYGr7sl"
Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke • The Register
Iran’s Telegram Ban Has Impacted All Corners of the Country | WIRED
FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry | Ars Technica
Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica
Verizon and AT&T will stop selling your phone’s location to data brokers | Ars Technica
Google to Fix Location Data Leak in Google Home, Chromecast — Krebs on Security
17 Backdoored Docker Images Removed From Docker Hub
Cortana Hack Lets You Change Passwords on Locked PCs
ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters
Hacker Breaches Syscoin GitHub Account and Poisons Official Client
Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs
Chris Vickery on Twitter: "Holy shit. This guy, George Cottrell, was advertising money laundering services on the dark web. He was caught red-handed in a FBI sting. Guy is (was) top aide to the Brexit campaign leader, Nigel Farage. His super secret dark web username was "Banker". https://t.co/unEM4CnYVj"
InstaCyber on Twitter: "It begins. THANKS #GDPR https://t.co/JH9CyWGWcO"
Bitcoin’s Price Was Artificially Inflated, Fueling Skyrocketing Value, Researchers Say - The New York Times
Man Gets 20 Years In Jail For Trying To Steal A Domain Name At Gunpoint | Gizmodo Australia
Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature - Motherboard
cylance spear team - Google Search