Corporate Security News: Employees Offered $$$ for Planting Ransomware

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network. more

Security Management: Which Type of Employee Do You Inspire

Engineer admits he wiped 456 Cisco WebEx VMs after leaving the biz, derailed 16,000 Teams accounts.  

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. 

He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more

OR...

Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.

According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. 

After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...

The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more

Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin

Leaked Phone Call Uncovers Possibly Moldy Marijuana | Fact or Business Espionage Trick?

An audio recording of a detailed phone conversation between two people in the Alaska marijuana industry surfaced on YouTube this week, posted by an account that goes by the name of “Bobb Dogg.”

The conversation cannot be confirmed as legitimate, and could even be business espionage...

In the audio, a person who appears to be a manager of one of Anchorage’s largest marijuana stores admits that his company sold 100 pounds of possibly moldy marijuana, and that CBD oil that was supposed to have a low psychoactive level of THC was found to, in fact, contain high amounts...

The video can be viewed by searching for Bobb Dogg on YouTube. The audio is labeled “Weedileaks.” more

Dissinformation as a Service (DaaS)

While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms.

It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...

“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more

As Technical Information Security Consultants, this caught our attention. 

The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth. 

So, where will the best correct information come from? Inside, of course.

Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.

Ultrasound Talk Gives a Whole New Meaning to Defcon

Researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized...

Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.

And while it is still unclear whether acoustic weapons played a role in the attack on United States diplomats in Cuba, there are certainly other devices that intentionally use loud or intense acoustic emanations as a deterrent weapon... more

Tesla's Sabotage / Espionage Wake-Up Call

Tesla has routed out a saboteur who changed code on internal products and exfiltrated data to outsiders, damaging company operations and possibly causing a fire, CEO Elon Musk told employees in an email...

Musk wrote in an email obtained by CNBC. “This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”

While Musk said Tesla doesn't know the full extent of the employee's actions, “what he has admitted to so far is pretty bad,”...

“Trusted users always pose the highest risk as they have the means and only lack the motivation. In this instance, the motivation sounds personal, and that is quite often the case in corporate sabotage,” said Chris Morales, head of security analytics at Vectra. “It is not clear how this event was detected, but it sounds like it was discovered after the damage already occurred and there is still work to uncover the extent of that damage.”

Whether addressing a rogue insider or an outsider who has gained access to employee credentials, he said, “enterprises benefit from internal monitoring that can detect suspicious behavior in order to prevent damage,” more

Drones: For Criminals and Corporate Spies, the Sky’s the Limit

Switzerland - A rogue drone found on Credit Suisse HQ’s roof; fears of acid drops into data centres: drones are the latest security threat for businesses...

Besides carrying missiles or capturing images on powerful cameras, drones are now known to carry sophisticated computers too. These can be used to hack into mobile devices – and wi-fi networks...
Up in Zurich, alarms were raised at Credit Suisse’s HQ because of a rogue drone that was found lying on the office’s rooftop 12 months ago, a source tells Spear’s. The episode was presented as a potential security breach in a confidential conference at the bank, when the drone’s hacking abilities were revealed to some of its employees worldwide. The Swiss multinational declined to comment.


As well as stealing data potentially worth millions, these drones can drop acid into data centres to achieve a complete system shutdown... more

War-Flying Drone - WiFi Hacking video

Social Meddling on Social Media

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. 

...a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

The ads clearly show how Russia weaponized social media, the senior Democrat on the panel investigating Moscow’s interference in the presidential election said. more

Anti-Surveillance Sunglasses – Q Would Be Proud

via... digitaltrends.com
...there’s a new set of spectacles on Kickstarter that might help you bamboozle even the most sophisticated facial recognition tech.

The Eko shades, as they’re called, are rimmed with a type of retro-reflective material that bounces light back to exactly where it came from. Most surfaces reflect light by diffusing or scattering it in all directions, but this material is specially designed to reflect light back at the exact same angle as it arrived.

If caught in flash photography, retro-reflective material will send most of the light back to the camera’s sensor. This will put the dynamic range of the camera’s sensor to the test, and likely result in an image that’s underexposed for everything but the rims of your glasses.

Of course, this won’t help much for any camera that doesn’t require a flash, but it’s still a pretty interesting concept. more

...and the DIY hat to go with them!
1937 prototype anti-mind control device.
(Ok, who said, "Too late. She has already lost hers.")

Revenge of the IT Guy (Case #254)

A sacked system administrator has been jailed...

after hacking the control systems of his ex-employer – and causing over a million dollars in damage. 

Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine's Day 2014 he was let go.

He didn't take that lying down, and spent the next two weeks rifling through the firm's systems and wreaking havoc from his home. 

Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated.

Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems.

Artist's conception.

His target was the firm's Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production. more

Mr. Johnson's emotions imagined as music inside his head.

Security Director Alert: USB Killer Stick II

Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? (See the Security Scrapbook warning about it from last September.)

Well, now the company has released a new version that is even more lethal! And you can also buy an adapter pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports.

Further Reading: USB Killer, yours for £50, lets you easily fry almost every device

If you haven't heard of the USB Killer before, it's essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing...

The new USB Killer V3, which costs about £50/$50, is apparently 1.5 times more powerful than its predecessor, is more lethal (it pumps out eight to 12 surges per second), and is itself more resistant to setups that might cause the USB Killer to fry itself. more

Spybusters Tip #783 - Block your USB ports with a USB lock and security tape. Aside from Killer Stick sabotage, USB ports are virus injection portals.