Cyber Security Headlines: Suspects charged in DEA hack, Americans lose billions to scams, TikTok divestment

Two charged in DEA portal hack

Prosecutors charged two US men with illegally accessing an online portal for the US Drug Enforcement Agency. This portal connected into over a dozen other federal law enforcement databases. Prosecutors allege the men operated as part of the larger ViLE criminal organization that uses faked emergency data requests to dox victims. Once ViLE operators receive information from these requests, they post it on illicit forums, and extort victims to have it removed. Sometimes this entails giving the attacks access to social network accounts. 

(Krebs on Security)

Americans lose billions in scams

According to figures released by the US Federal Bureau of Investigation, American citizens lost over $10 billion to online scammers in 2022. This increased 49% on the year to the highest level on record. Overall the FBI’s Internet Crime Complaint Center recorded over 800,000 scam complaints in the year. Phishing activity received the most complaints, about 37.5%. Crypto investment fraud saw a massive increase in volume, up 185% on the year to $2.57 billion. 30% of all fraud losses came from Americans aged 60 and older. Ransomware complaints received by IC3 actually fell on the year to 2,385, accounting for $34.3 million in losses. 

(WSJ)

TikTok considering divestment

Bloomberg’s sources say the social app discussed divesting itself from its parent company ByteDance. But only as a last resort to address US national security concerns. This could result in either a sale of TikTok’s US operations or an initial public offering. Bloomberg reports a spunout TikTok could receive up to a $50 billion valuation. This would only occur if TikTok’s existing proposals don’t pass a national security review by CFIUS. Sources say any divestment would require approval by the Chinese government. Given current political tensions, that approval remains a very open question.

(Bloomberg)

Humans beat AI… in phishing

A new research paper from HoxHunt looked at the phishing click rate of a professional red team compared to using messages generated with ChatGPT. It found the human outperformed the AI, with a 4.2% click rate versus 2.9% for the AI. Interestingly the results showed significant regional variability. ChatGPT proved the most clicks from US respondents, while Sweden showed the biggest edge to humans. The win for humanity may be short lived. The researchers cautioned that it carried out its test before the release of OpenAI’s GPT-4 model, which could offer substantial improvement in effectiveness.  

(InfoSecurity Magazine)

US Marshals Service data for sale

A threat actor listed hundreds of gigabyte of data for sale on a Russian-speaking forum, allegedly stolen from the US Marshals Service. The dataset claims to hold  “documents from file servers and work computers from 2021 to February 2023.” The poster claims it includes information on the witness protection program, aerial footage of military bases, and details on wiretapping operations. The USMS confirmed last month it began investigating a “data exfiltration event” after a ransomware attack on February 17th. At that time NBC News’ sources say the attackers did not gain access to the Service’s Witness Security Files Information System.  

(Bleeping Computer)

First Dero cryptojacking campaign

The cryptocurrency Dero launched in 2017, claiming to offer significant improvements on privacy and mining speeds compared to Monero and other privacy-focused coins. Monero remains a popular coin in cryptojacking schemes due to its relative anonymity. So it’s not surprising that researchers observed the first cryptojacking campaign using Dero. Researchers at Crowdstrike observed the campaign, with threat actors scanning for exposed Kubernetes clusters with misconfigured authentication. The attackers used this to deploy a Docker image that started the miner across all Kubernetes nodes, using a hardcoded wallet address and mining pool. Interestingly, the researchers saw a Monero crytojacking campaign targeting the same cluster, which removed the Dero container and started a more aggressive takeover. 

(Bleeping Computer)

OpenAI open sources its evaluation framework

The popular AI company open sources its system Evals, which it uses to evaluate performance across its various models. Given the increasing product integrations with OpenAI’s and other AI models, the company hopes developers will use Evals to share and crowdsource benchmarks. The framework allows developers to use datasets to generate consistent prompts, look at how a model completes them, and easily compare different models. Users can create their own benchmarks for Evals. OpenAI said it will grant early GPT-4 access to “high-quality” contributors.

(TechCrunch)

Signature Bank under investigation prior to seizure

We covered that regulators seized the crypto-focused bank over the weekend. Now Bloomberg’s sources say Justice Department investigators in Washington and Manhattan as well as the Securities and Exchange Commissions, opened investigations into Signature prior to that action. They looked into if Signature took adequate steps to detect money laundering with clients. While under investigation, there have been no accusations of wrongdoing. It’s not clear if this played a part in the decision to seize the bank. Regulators say they took the action due to losing faith in Signature management after it didn’t provide “reliable and consistent data.”

(Bloomberg)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.