Modern cybercriminals have no limits concerning who, when, or what they target. If there is an opportunity to commit fraud for financial gain, it will be exploited. Common forms of fraud such as data breaches, ransomware, and scams continue to occur, but right alongside these exists a growing number of incidents that veer away from the norm and approach the classification of weird. These eye-catching attempts to defraud businesses and other entities are worth understanding to show just how far threat actors will go to pursue their nefarious objectives. These strange attempts also demonstrate a necessity for organizations of all sizes to have security plans and fraud restoration services in place to deal with potential risks constantly incoming from all angles.
Deepfake Technology Advances
Deepfake scams have been growing in frequency and effectiveness in recent years, posing an alarming trend for many businesses. Advances in deepfake technology have allowed criminals to effectively fake audio and video to an extent where it is often considered authentic even by people familiar with the person being spoofed. One extreme example of the growing success of deepfake tech, and the scams it enables, involves a $35 million bank heist. Criminals used spoofed audio to imitate a lawyer that bank personnel were familiar with, requesting the initiation of transfers for huge sums that were sent to other accounts all over the world. This stands as one of the most successful, in terms of sheer financial gain, deepfake scams to date.
On a smaller scale, deepfake scams are appearing with more frequency within small and medium-sized businesses. Threat actors can spoof the voice, or even a video feed, of a CEO or manager and then attempt to direct an employee to make a bank transfer or purchase. Most employees won’t question this as the direction is coming from the boss, which plays right into the hands of the criminals. These scams often appear as part of business email compromise (BEC) attacks and have resulted in billions of losses in recent years.
Ransomware Attacks on Farmers
Another trend that again shows the ever-obvious lack of morals that cybercriminals possess is a growing risk of ransomware attacks targeting farmers. Supply chain attacks have become more frequent in recent years, and this is yet another example of threat actors aiming for a critical part of the infrastructure in the US. The FBI released an alert in April informing those in the Food and Agriculture sector that ransomware attacks are on the rise, with hackers specifically looking to implement ransomware during the planting and harvesting seasons. The goal of the attacks is to disrupt operations, cause monetary loss, and negatively impact the food supply chain.
Six different grain cooperatives were targeted during the harvest season in the fall of 2021, with another two occurring in early 2022. The FBI expects the trend to continue through the remainder of 2022 and notes that these attacks are not specific to grain producers, with any type of farm or cooperative potentially being a target. The FBI has come up with a list of recommendations to help limit the threat of ransomware and the ongoing risks it poses, including the following actions:
- Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
- Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary to do so.
Bizarre Nation-State Hacking Involving North Korea
Nation-state hacking attacks are nothing new, but some of the latest news surrounding North Korean cybercrime exploits is pretty bizarre. While other major players in the global game of nation-backed hackers (think Russia, the US, and China) often involve attempts to glean critical defense or technical data, North Korea has its sights on other plunder. North Korean hackers were recently linked to a cryptocurrency theft worth nearly $620 billion. And the stolen crypto wasn’t taken from another government but from a company associated with a popular video game called Axie Infinity. North Korea has conducted other out of the ordinary cybercrime attacks in the past, including the notorious 2014 hack of Sony Pictures Entertainment after Kim John Un reportedly was upset with his portrayal in the movie, The Interview.
Cybercrime for Hire Incident Shows Criminal Ingenuity
A recent incident involving an Illinois man who set up and ran a subscription-based computer attack platform shows how creative criminals are becoming in their attempts to defraud. The man was recently sentenced to 2 years in federal prison for his scheme that used a number of websites to allow paying users to launch DDoS attacks. An FBI release noted that the man “ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of customers,” and that he “provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks.”
This ingenuity highlights a growing concern not only for new types of attacks but also that cybercrime is becoming commoditized by criminals themselves. A subscription service for threat actors sounds like a bad comedy sketch, but this incident shows how even improbable attempts at fraud are now commonplace.
Final Thoughts
A key takeaway from all of the incidents described above is that you can’t predict how new threats will appear, and you need to be on the lookout for just about anything. Cybercrime is here to stay, and the best ways to deal with the ongoing risks to your business or personal life is education and awareness alongside reliable tools and services that can assist you in case of data breach or identity fraud. You can’t predict how weird and wild things can get, but you can prepare yourself as best as possible.
LibertyID provides full service, fully managed identity fraud restoration to its subscribers. With a 100% success rate in resolving all 31+ forms of identity fraud. LibertyID Business Solutions
provides Business fraud remediation, full pre-breach preparation with custom WISP protocols, post breach regulatory response, customer, and employee identity fraud restoration management, advanced employee training, and third-party vendor management tools.