close
close

Association-anemone

Bite-sized brilliance in every update

Help Wanted — “Pig Slaughter” and Laptop Farms
asane

Help Wanted — “Pig Slaughter” and Laptop Farms

Last month, our cybersecurity team gave a presentation for the Tallahassee Chamber of Commerce’s “Beyond the Basics” program.

We’ve been offering this presentation to clients and local organizations for several years, and each time we update the slides with the latest cybercrime headlines and new threats.

Now that the election is over, we can move on from the campaign and election-themed hacking attempts and review two of the new ones.

This time, we added “Pig Slaughter” for the first time, and during the Q&A, this topic generated many questions.

This type of cybercrime usually starts with a text message from a person that makes reference to something fairly normal, such as “Hey Bob, I’m sorry I’m going to miss your flight. Something came up.” The recipient is not named Bob, and if he answers, he has started an attempt to steal your money.

The Aegis team – Blake Tracy and Keith – prepare for the security event in Tallahassee. Image via Blake Dowling.

The criminal on the other end of the text is hoping for a response and will do anything to finally get you to send them money.

The hacker starts by sending pictures and sharing stories about where they are. I heard of an exchange that was going on for a year before the hacker asked them to invest in the digital currency. First, a small amount, which shows a big profit, then the big demand, and then they delete the victim’s accounts.

Lives are destroyed and lost in this ruthless scheme that takes people, in some cases, for every penny they have. If you don’t know about it, read it and tell your loved ones about it. Especially the elderly and those who live alone as hackers often target them and seem to offer a friend before robbing them.

I have seen this happen to people here in Florida; it’s as bad as it gets.

The other topics we discussed during the presentation are the ones we are all used to hearing about gift card schemes, phishing attempts and ransomware. Ransomware can shut down an organization with the click of a button.

You already know the drill to avoid these threats. Make sure you take cyber training, email attack simulations, implement advanced threat protections, strong passwords, an enterprise-level firewall, two-factor authentication, and have redundant backups ready if all else I don’t succeed.

Florida Blue, Tallahassee Chamber, Aegis and TC Federal Team at Security Event.

That’s it, right? Nothing else to fear? Not so fast as what happens when you accidentally hire a hacker? The world of remote working and working from home has turned many of our companies into an army of pajama-wearing Zoomers.

While this has some advantages, it has opened the door to a new cybersecurity problem.

In Florida, a security company called KnowB4 allegedly hired a North Korean hacker who applied for a job there. They shared the experience completely transparently so that others could prevent it from happening to them. In our world of smoke and mirrors and blaming others, this direct sharing of information is beyond refreshing.

They tell the story on their website.

The crime started with the hacker going through the interview process, using AI to alter his image and providing fake references with Gmail addresses (versus company domains). Everything was done remotely. Next, the person was hired to work remotely, and once hired, the company’s laptop was shipped to a US address. The address was different from where this person said they lived, so that’s where the red flags started. This is where the dark world of a “laptop farm” comes into play.

A laptop farm is a sketchy and deceptive service that can give people outside the US the appearance of working in the US, or otherwise be used for money laundering and data theft. Law enforcement is starting to crack down on this type of crime as recent busts show how widespread it is.

For example, the farm in question could be in someone’s basement, and the person running it would set up a pool of laptops that would all be accessed by people from another country.

This means the hacker could be in Spain or China, but connect to a rented laptop in Tennessee or Virginia and access it remotely, making it look like they are in the US.

The FBI recently attacked such a farmand it would appear that not everyone is as transparent as Knowb4, as hundreds of businesses may have been successfully infiltrated by now.

Employee KnowB4 seems to have used a farm like this, and his career there lasted about 25 minutes, except that it was immediately detected that they were trying to download malware and exit the company network. The company did background checks and even a drug test, but the hacker was able to complete all of these tasks unchecked.

The bottom line is clear: this is a large-scale, highly sophisticated, state-sponsored effort to undermine our nation’s security, steal information, and advance their agendas, including espionage.

This means adding two new worries to our “Can’t sleep at night” list for you and me. These threats sound as bad as Superman III. Remember the one about hacking?

Yeah, me neither.

However, Pig Butchering and Fake IT workers are as real and frightening as they come.

Talk to family and co-workers about both; you could stop a massive problem. The last item to protect yourself on today’s list, I suggest two simple steps: Don’t respond to strangers’ messages, and if you want to hire someone, interview them in person.


Post Views: 0