Podcasts
Only Malware in the Building
Ep 18
Only Malware in the Building 12.2.25
Ep 18 | 12.2.25

Yippee-ki-yay, cybercriminals!

Show Notes
Transcript

Selena Larson: Okay, so tell me this doesn't feel exactly like the start of that one movie.

Keith Mularski: Yeah, office party, lights flickering, everyone pretending to be festive while secretly thinking about email notifications.

Dave Bittner: Oh, yeah, what's that one movie where the guy's just trying to enjoy the holiday and then everything goes terribly wrong?

Selena Larson: That's like half the Hallmark Channel, Dave.

Keith Mularski: No, no, I know what he means. Big building, holiday party, chaos.

Selena Larson: Oh, no, wait a minute. You're thinking of. [ Alarm ]

Dave Bittner: Yeah, that one.

Keith Mularski: Don't say it.

Computer: Welcome to the party, pal. Unauthorized access. Breaching employee login credentials. Uploading payload into email boxes. Penetrating HR's auto reply templates.

Selena Larson: And there it is, unauthorized access detected. Merry chaos, everyone.

Dave Bittner: Looks like someone just crashed our night.

Keith Mularski: Uninvited guests.

Dave Bittner: Looks more like Hans malware.

Selena Larson: Please don't.

Dave Bittner: Attention everyone! McClain mode activated.

Keith Mularski: Great. Now we ruined a perfectly good party. Not cool, Dave.

Dave Bittner: Oh, right. Good point.

Keith Mularski: Look, this is no ordinary breach. It's moving toward the core, the server room. If it hits that, it nukes the backups. We're a toast.

Dave Bittner: So what's the play here, Selena?

Selena Larson: We can only stop it from the server room, but the doors are locked from the inside, and maintenance has gone home already. The only way in is through the overhead vent.

Keith Mularski: Perfect. Selena, you get in the vent.

Selena Larson: Get in the what? No, I'm not getting in the vent. Can't we just let the malware win this one time?

Dave Bittner: Come on, Selena. You're our only hope.

Selena Larson: Fine.

Dave Bittner: Great. Here, take this radio so we can stay in touch.

Selena Larson: Become a researcher, they said. It'll be fun, they said. Now I know what a TV dinner feels like.

Dave Bittner: Selena, you're doing great. Remember, you're our McClain. Do what you do best.

Selena Larson: I can see the server hatch ahead. I'm going to pop in and pull the physical power lines. Ready to cut it off?

Keith Mularski: Ready? Do it now.

Computer: Replacing all thumbs up with passive-aggressive times.

Selena Larson: The system's clean. We saved the day.

Dave Bittner: Yippee-ki-yay, mother.

Keith Mularski: Dave, family show.

Dave Bittner: Motherboard. I was going to say motherboard, motherboard.

Selena Larson: Sure you were.

Keith Mularski: Well, that's one way to save the holidays. [ Music ]

Selena Larson: Hello to all our listeners, and welcome to Only Malware in the Building. I'm your host, Selena, joined by Dave and Keith. And I'm very excited, it's our December episode. The holidays are right around the corner. Are you guys gearing up? Are you ready to take some time off, rest and relaxation?

Dave Bittner: Oh, yeah.

Keith Mularski: All set. You know, got the turkey in me. The tree is up. We've decked the halls. We are all set. I'm waiting for Santa.

Dave Bittner: All I want for Christmas is you.

Selena Larson: And dips, I imagine.

Dave Bittner: And dips. Oh, that's even better. All I want for Christmas is dips.

Selena Larson: And the presents under the tree or whatever it is that you're cooking this week, this month, all of these things come from a supply line. And how do the presents get under our trees? Or all of our new shoes and clothes and food and yummy energy drinks, mulled wine, cider?

Dave Bittner: Santa. Santa. It's Santa, Selena. It's Santa. Santa is the supply line. You're going to tell me different?

Selena Larson: Well, Santa might be targeted by threat actors this holiday season. And today we're going to be talking about cyberthreats to things that impact physical goods and real cargo. And this is something that I'm very excited about, very interested in. Proofpoint, my colleague, Oliva Ladson, recently published some research on this. And earlier this year, we published some other research about scammers basically using requests for quotes to steal a variety of goods. And so today, on today's episode, we're going to be talking about how cyberthreats impact the physical goods that we use every day. So you guys ready?

Dave Bittner: I am so ho, ho, ho ready. [ Music ]

Selena Larson: Amazing. All right, well, I will kick us off describing this research. And then you guys, I'm curious to hear your thoughts about it. And Keith, I know that we had chatted about some overlap with other threat actor clusters. So I'll go ahead and start with the cyber criminals that are actually targeting tracking and logistics to deliver remote monitoring and management software. Now, we've talked on the podcast previously about how RMM tools -- which are legitimate enterprise software that are being used maliciously by a variety of different threat actors -- is becoming increasingly popular. But now what we're seeing is this increase in cybercriminal activity that is actually targeting cargo freight and ground transportation, these types of things. And what they're doing is in many cases, they're compromising these load boards for where the actual carriers and brokers post loads that need to be driven to a place. The threat actor will post a fake load, reply with a malicious link actually responding to the carriers who are like, yeah, I want this load. And then they will actually link to an RMM that is basically used to hijack these carrier accounts. Then they will bid on real loads, and then they will do a variety of things. But ultimately, what it leads to is cargo theft. And through my research, I've discovered, basically, this is kind of like a new take on an old threat. Going all the way back, you guys remember Butch Cassidy and the Sundance Kid?

Dave Bittner: Do I ever?

Selena Larson: Exactly. They were going after trains. You had the mob going after cargo theft in the '60s. And now, of course, we have organized crime groups that are targeting cargo. And now we have a cybercriminal angle where they're partnering and working with these organized crime groups to do some of this stuff. So we published some new research on this, and it's actually really interesting. And I'm curious, you guys, are you familiar with this at all? Was this research surprising to you?

Keith Mularski: It's a little surprising to me. But like you mentioned, you know, like, organized crime is always going after, you know, cargo diversion or trying to, you know, get that new like truck full of nice suits or cigarettes or something like that. So to see the cyber criminals pivot into this is kind of just that next evolution, which was very fascinating to me.

Dave Bittner: I read your research, Selena, the Proofpoint research, and actually we covered it on the CyberWire Daily. And I guess in my mind, sort of like what Keith is saying, when I think of cargo theft, I think of the Sopranos and, you know, a couple of guys pulling over a semi-truck and telling the driver to take a walk while they unload the back of the truck, you know, full of flat screen TVs or something like that. I mean, Keith, is that a reality from your days in law enforcement? Like, do those things -- are trucks actually like forcibly pulled over and just robbed?

Keith Mularski: Absolutely, yeah, you know, robbed or, you know, they bribe the driver. So one of the biggest heists ever, I think, in US history was the mob. You know, I can't remember the details, but I just remember it was something at JFK where there was a bunch of goods that they stole. And I just can't remember the details off the top of my head. But yeah, this is a common thing for organized crime for sure.

Selena Larson: Well, and what I thought was actually really interesting -- so I went into this thinking, well, first of all, it was really interesting to me because the RMM payloads and some overlap with a threat actor that was previously delivering ransomware, sort of affiliated types of payloads, like Danabot, for example, right? These payloads that were initial access that could be used for ransomware. So in my head, I was like, oh, okay, this threat actor is targeting cargo freight theft. Like maybe they're doing this for ransomware just based on the payloads. And then that actor kind of disappeared a little bit. Then we saw this resurgence of cargo-targeted theft using RMMs. And I was like, oh, okay, like did ransomware threat actors pivot to RMMs? And then we started investigating more and more about the actual activity, what they were doing, and some of the overlap with publicly reported data. So Reddit is a great place for intelligence gathering and open-source intelligence. I have to say, there are so many subreddits about so many things, and including cargo. So there are many, many people who are kind of sharing their experience. There's also some posts on Facebook that were talking about, oh, my company or my friend's company was hacked, and this is what the threat actor did. And there was one particular Reddit post that really caught our eye that we were able to sort of link together what's happening. So essentially, this person described that the attacker compromised the company via an RMM delivery. They deleted existing bookings and blocked dispatcher notifications. They added their own device to the dispatcher's phone extension. They booked loads under the compromised carrier's name and coordinated the actual transport. So they were telling people, here's where you go to pick this up and drop this off. So it's really interesting to kind of see this whole, the summation of, okay, the threat actor is using these RMMs to do a full takeover, and then actually they know the industry enough, they know these companies well enough, and the process of how this dispatch and carrier and brokering works to do all that themselves.

Dave Bittner: Well, can we walk through like a sample of this? So let's say that I have ordered a container full of dips to come over from overseas, right? All of my favorites. And this container is coming over on a container ship and I'm expecting it to cross the Atlantic and then be trucked to my warehouse where I will consume them. What happens to -- what are the bad guys doing to get in the way of all of that, and how does it play out?

Selena Larson: Yeah, so there are a lot of different ways potentially that a threat actor could do this. So first of all, the actual compromise has to happen. So let's say the threat actor has already taken over this and they say, I got eyes on these dips. I want these dips. So what they'll ultimately do is they will either do something called "double-brokering," where they will basically buy and then sell and make a profit, a little bit, on that cargo. And the person that is actually participating in the double-brokering doesn't maybe even know that, A, it's being double-brokered or, B, that it's a criminal activity. B, it's entirely possible that they work with people and they'll pay somebody to go -- they'll book somebody to go pick up those dips and then drop them off at a warehouse that is owned by the criminals that they're actually working with. In that case, the driver might not know that they are, you know, working for somebody who's actually doing this maliciously. They just think that it's, you know, a legitimate booking. So, okay, I'm going to go pick this up and drop this off and have no interaction with any criminals myself. And then finally, they could potentially be using somebody that is in on it, and then they would then get a cut of whatever the profits are. So there are many ways that this could theoretically happen. But what we see a lot of is the actual sort of fake bids, the email threads, either the thread hijacking or the bids that are posted maliciously on these load boards to try and engage people with actually kind of doing the initial compromise. So we don't necessarily observe the follow-on activity, how it gets to the warehouse or wherever it's being shipped to. But based off of public reporting and a lot of information that's been shared in congressional hearings, as well as some really interesting reports in various media -- I think 60 Minutes did a pretty good sort of overview about what this is and how it works. Yeah, it's really pervasive. And I want to highlight here, too, that cargo theft in general is a $35 billion loss sort of crime annually, according to the National Insurance Crime Bureau here in the US. So it is big money. And that's all, not just cyber enabled, but all cargo theft.

Keith Mularski: So when you think about this, it's fascinating to me because you just kind of look at the evolution of the cyber threat actors, where generally, you know, they've gone after the finance departments, but now they're pivoting to supply chain, procurement, dispatch operations, really all sectors with weak security. So, you know, a lot of people probably in shipping and logistics, they're not really cyber savvy. They're not really thinking about cybersecurity from that. The other interesting thing in this is kind of the pivot to the goods, like you were saying. So when you think about it from a cybersecurity -- like a cybercriminal group, now you have goods that you've stolen, that now makes it easy to launder the money. Because now you've purchased your inventory, allegedly, you know, for free from stealing it, and now you're able to put this up in maybe online marketplaces or maybe even physical storefronts, sell that, and then you have your profit. So really, everything is being laundered through these operations, and it's much more evolved than just trying to go in, you know, hack into a computer and then wire that money out there and then trying to launder that money. And so this kind of reminds me a little bit of a pivot. Some of the Russian cybercriminals a number of years ago, what they were doing was they were using stolen funds from their bank accounts, like from transferring from stolen bank accounts, to buy goods to then ship that over to Russia and then sell it. And then, you know, that's how they kind of laundered their money. So this is kind of like a little bit of an evolution on that scheme.

Selena Larson: Stick around after the break. [ Music ]

Dave Bittner: As Keith says, the pivot to physical goods. And it makes me wonder because, in my mind, that's extra work, and that's an extra vulnerability that something is actually existing in the real world, as opposed to, let's say, cryptocurrency, you know, something like that, or even just sending money around the world electronically. Selena, do you have any sense whether or not the folks who are handling the cyber part of this, how much they're keeping that part of it containerized, if you will, like self-contained? In other words, we'll handle the hacking part, but you got to take care of the actual shipping goods yourself. Or is it more blended in?

Selena Larson: That's a really good question. So I do not have visibility into that particular aspect of it, but one thing that is kind of notable is that the activities of the TTPs that we're seeing, the tactics, techniques, and procedures used by these threat actors, do have some overlap with non-cargo targeted stuff. So, you know, for example, the huge spike of remote monitoring and management tooling. Keith, you and I have talked about how there's a lot of advertisements on criminal forums that are like, hey, I'm looking for this particular RMM or this particular RMM got shut down, doesn't work anymore. Like, what's a good alternative? There's also a lot of like similar lore themes that are being used, some, you know, interesting like hosting and some infrastructure pieces that are not necessarily exclusive to the cargo threat actor that suggests, okay, they're probably operating or exist in these cybercriminal spaces that have overlaps with more sort of traditional cybercrime, and they're just kind of appearing in this cargo-focused threat landscape. So it's totally possible that they are kind of just selling out their services to these different threat groups. And, you know, they're not necessarily located in country, or they don't even know the people that they're really working with, but they're just sort of selling their services or they got connected in some way. So we don't have great visibility there. And it's not necessarily like, oh yeah, these guys are definitely doing like ransomware, a different type of cybercrime, right? We are seeing them using the RMM delivery targeting cargo, but it is sort of interesting that they're using very similar techniques to what we're seeing across the cybercriminal threat landscape. And, you know, like I mentioned early on, like I initially thought, like, oh, these guys, are they trying to ransomware? Like is that kind of what they're doing? Just because the TTPs and initially the malware that was used. We've also actually seen this sort of expand. It's not just this one particular threat actor that's doing this. We see multiple different other clusters that are doing this type of activity. And again, not just in North America, that's what the report focused on, but we are seeing it, you know, more broadly. So it is really interesting and it does appear to be growing.

Keith Mularski: I was fascinated, like the one point that, in your one article that you had, was that shipments were going to West Africa. What made me think of, again, working West African criminal organizations, of just kind of looking at some of this may be being done by West African criminal groups that started out, you know, you know, you think of the lottery scams, the romance scams, but then doing BEC. And so a lot of the techniques are very similar to what we saw in BEC, BEC attacks, where they were installing malware in order to get visibility into shipments or diversion like that. You know, the request for quotes, you know, I think the article on that. So the West African criminal groups are set up -- and I'm not saying for sure that this is attribution for that at all. But it's making my spidey sense kind of go up if we've seen shipments go there. Because they are very well-organized crime groups that can do this. Because, you know, they have their operators, they have their technical operators that could do, you know, exploitation, you know, installing the RMM tools. They also have really good call centers and social engineering, finance, cash outs, and like logistic and freight forwarders. So, you know, they do have the infrastructure in place to be able to do that. And so it got me wondering whether this is an evolution now of those schemes. Because people are getting better at the BEC scams, detecting those, stopping those financial transactions. So now maybe this is going into cargo. So that's just some of my hypothesis. Because some of the actual checks and balances, things to put in place as a company -- which we could talk about -- are very similar to stopping BEC are almost identical to being able to stop these things as well.

Selena Larson: Yeah, I just wanted to call out. So the RMM stuff is separate from the Net RFQ stuff that Keith, you're mentioning about, about how it gets sent to West Africa. So we haven't really fully delved into that yet, so let me just kind of TLDR that for everybody. Because it is actually really interesting and it is a little bit different TTPs. So for the RFQ scams, which are requests for quote, basically a threat actor is going to impersonate, somebody kind of do like almost an identity theft, basically. And so they will send a sort of Net RFQ, like I need financing for these goods to then sell and to, you know, profit in a mutually beneficial business arrangement. And so then the business will respond and ask for financing information. And then stolen information, this identity, you know, the theft that they stole, is actually provided to the business. The business thinks it's real. They approve NAP financing terms, and the items are actually shipped. So this is where the sort of physical goods theft, again, kind of comes in from these scammers. So the items are received, right, and either dropped at a warehouse or a mule house or something like that. And then they are, again, sent overseas, you know, to your point, potentially like the West African shippers. And then of course, the communication is completely cut off from the target, right? So yeah, so you have these like two types of physical goods theft. So you have like the cyber enabled cargo theft. And then you have this like Net RFQ scam trying to steal physical goods. And these are two distinct threat clusters. But to your point, Keith, the RFQ ones do align very much with BEC types of.

Keith Mularski: With African groups, yeah.

Selena Larson: Yeah, types of activity.

Keith Mularski: Yeah, and I'd be curious, I mean, just -- neither of us have any visibility right now into the RMM diversions of where all those cargoes are going. And if they are coming here to the States, probably chances are, you know, they're recruiting mules and reshippers that will then take that cargo and then redistribute it overseas as well. Because, again, from a cybercriminal, you know, they've been doing that for years. So that would be a natural progression to now just hijack that shipment, you know, send it to a warehouse, and then have people say, hey, you know, we're recruiting you to process. We have a shipment coming in, and now, you know, you need to reship this out and the goods are coming in and launder it that way. I just don't have any visibility onto that, but I'm just thinking that that's probably how some of the scheme is working.

Dave Bittner: Well, if I -- going back to my shipment of dips. And I'm sitting here waiting for them hungrily, and they don't show up when they're supposed to, and I go back through the chain to try to figure out where things went wrong. Is this a matter of, you know, I call the guys down at the docks and say, hey, did my dips ever show up? And they say, yeah, they absolutely did. And the truck came up and picked them up -- came by, picked them up and drove away. Is that a likely outcome here that it was a phony truck driver? Or what are we talking about? Any insights, Selena

Selena Larson: Yeah, so that is definitely one possibility. And it's interesting too, because you see reports again on social media where people have posted, oh, I tried to call the carrier and, you know, they said that they have been getting 50 calls a day about this. Because, you know, their accounts were taken over and somebody was pretending to be them and then were kind of like running this fraud and, you know, trying to rebook things or, you know, target specific loads. And, you know, like I mentioned earlier, you know, the person on Reddit had mentioned how they really took over their phones too. So, you know, you might be calling somebody thinking that you're calling like a dispatcher or calling the real person, but you're actually talking to a threat actor. So there are many of these cases that have been, you know, shared and discussed online where it's like, yeah, they fully took over everything, completely shipped it to the wrong place, or, you know, people were missing goods, or, you know, they just sort of disappeared. It's also entirely possible that there are multiple groups that are doing this that have -- you know, some are doing double-brokering, some are working with drivers, and some are just, you know, using them serendipitously, they have no idea. But it is a pretty big problem and people are losing quite a bit of money. And one thing that I thought was actually pretty interesting too when I was doing this research is like it's not necessarily like, you know, high-end electronics or, you know, really expensive clothes. Like sometimes it is, obviously. But one of the things that I thought was really funny was energy drinks. Like I was reading some testimony from IMC Logistics, that was some congressional testimony from earlier this year. It actually mentioned like energy drinks are something that are regularly targeted because many of them are not legal in countries outside of the US. And so they can get those energy drinks and then resell them on the black market or in other ways, you know, getting them in the hands of people in other countries. And to me, that was so interesting. Because I'm like, energy drinks, that seems like not that profitable. But in addition to, you know, like our phones and tablets and sneakers, like energy drinks.

Keith Mularski: But think about it, they're making 100% profit, though.

Selena Larson: That's true. That's true. Yeah, yeah. So maybe your dips would be very profitable, Dave. Because according to Meenach RE, global cargo theft hotspots are Brazil, Mexico, India, Germany, Chile, the US, and South Africa. But the most targeted commodities are food and beverage products.

Dave Bittner: Really? See, that surprises me because I would think that you'd go after something that wasn't perishable.

Keith Mularski: Yeah.

Selena Larson: Well, I think, you know, part of that is, okay, once you eat the dips, they're gone.

Dave Bittner: They're gone, right. The evidence, you eat the evidence.

Selena Larson: Yeah.

Dave Bittner: Keith, who runs down this kind of stuff? This criminal activity, who's going after them?

Keith Mularski: The interesting thing is probably, you know, this is going to be global. Because if you're talking about shipping overseas, things like that, or even just shipping in the United States, you're going to be going across, you know, state borders. So this is going to be a federal crime, naturally. So this would be the FBI. And, you know, what you're going to have to look at is, you know, this kind of this cyber-enabled crime is kind of -- we were talking about it when I was at the FBI. Where you have to have two divisions at the FBI, Cyber Division and Criminal Investigative, really kind of team up. Because at the end of the day, usually the shipping diversions, that's going to be a criminal investigative division of the FBI. But when we're talking about doing an intrusion and doing RMM installs, you know, and exploiting computers to do this, that's a traditional cyber function. So you really have that cross between the two divisions, which is going to be very imperative of sharing that intelligence back and forth between that. So kind of putting together a task force as, you know, these threats start having bigger losses of really being able to track that. Because naturally, again, this isn't going to just be, you know, some hacker in the basement diverting cargo shipments. This is going to be some kind of an organized crime group. Because you're going to need logistics and call centers and technical support and things like that, because it's a little bit more of a sophisticated thing. So this is going to be that organized crime aspect that Criminal Investigative Division traditionally has done. And then you're going to need to use your partnerships. Because if you're having a diversion from a US company and then something being delivered overseas, you need to really have that partnership with the law enforcement partners overseas. So I'm going to be really interested to see how this blows up really in the next six to 12 months and see how many resources that the government throws at this. But this is a very interesting angle that could have big losses.

Selena Larson: There was an interesting document that I found while doing this research, and it was published in like the early 1970s. This was microfiche that had been scanned and published online. Yes.

Dave Bittner: Old school.

Selena Larson: Very old school. And they published -- the Department of Justice and the Department of Transportation published "Cargo Theft and Organized Crime, a Desk Book for Management and Law Enforcement." And it was it was really interesting because it talked about some of the history of this and also kind of incorporating like the organized crime angle, but from more of like the mob or like, you know, some like you mentioned, the Sopranos, some of these types of figures, right? Like if we think about crime from a historical perspective, like cybercrime is relatively new, you know, and these guys were doing this for a while. So it's really interesting because they published these like guides on like how law enforcement can sort of like combat this type of threat. And I thought it was really interesting because it's still very relevant, even though it was published, you know, talking about cases from like the '60s and '70s, but it's still very much relevant in terms of like all the different -- you know, the Department of Transportation, the Department of Treasury, Department of Justice, like how all these different entities sort of have to work together in collaborating and combating this crime.

Keith Mularski: I know I would have loved to work one of these cases. It just sounds -- there's so many different angles that are moving that I just think it would be fascinating to look at this organization and see how it's working and try to attack that. I know just some things I think that we could tell our listeners, you know, to be thinking about here, because we know the threat actors are using RMM. And just like we had spoke about it in a previous episode, you know, I think it's really important for the cybersecurity and the network defenders to really limit who could install RMM software, you know, on the systems, you know, use application listing, enforce, you know, MFA on all remote connections as well, and really monitor any new RMM installs. I think, you know, those are really important. And then, you know, be talking, you know, from a cybersecurity standpoint, be talking with your supply and logistics to really look at, you know, rotating and managing credentials carefully, you know, verify load postings through callbacks and like a trusted broker, like networks and things like that. Just kind of like how you would do with, you know, with the BEC cases. You know, anytime somebody would change a bank account that you were normally sending it to, physically pick up the phone and call, you know, and verify that. And then, you know, finally, really just kind of train the frontline staff and empower, you know, procurement and, you know, train the sales, procurements, accounts receivable, on these new schemes so that, you know, they're aware of different things, you know, the different indicators. And maybe even, you know, do a tabletop exercise between cyber and logistics. So those are some of the ideas that, you know, I was thinking about that could help in detecting and preventing these.

Dave Bittner: I guess you kind of have to walk that line between being vigilant with your security, but also not putting too many things in the way that you're going to throw sand in the gears of the supply chains.

Selena Larson: Well, one of the things that I thought was interesting, because a lot of the comments were referencing this, a lot of the public experiences, is that it moves fast. People want loads. They want business. Things are moving super-duper fast. And so oftentimes, that's how these things kind of fall through the cracks is people aren't necessarily checking or they just kind of want to pounce on them as soon as possible. And that does play a role from like a social engineering perspective is like, well, we can convince somebody if they're already in this heightened sense of, oh, I have to make these deals, you know, I have to close this, I want this bid, whatever, then they can kind of manipulate that, and that's how it can be very effective. But, you know, one thing that Owen and I like to talk about is like if something feels a little bit off, like if your sixth sense, if your spidey sense is tingling, then, you know, you should take a breath, take a step back, and figure out a different avenue to verify that, whether that's like texting somebody that you know, whether that's calling not necessarily the number that's listed in the bid or the email, but, you know, calling directly a different phone number that you can verify that, yes, that this is really authentic. But yeah, if your spidey sense is tingling, it's a sign.

Dave Bittner: But Selena, greed, Selena, greed.

Keith Mularski: Nobody wants to be the Grinch this Christmas either, you know what I mean?

Dave Bittner: That's right. Perhaps my spidey sense is tingling because of greed and all the money I'm going to make from this deal.

Selena Larson: Yes, yes. Santa Claus definitely needs to check and make sure he's picking up correct, authentic packages.

Keith Mularski: I think the Grinch was probably one of the very first diversion of cargo theft, right?

Dave Bittner: Oh, yeah. It's true. Yeah, he social engineered the heck out of little -- what was it? Little Cindy Lou Who.

Keith Mularski: Yeah. [ Music ]

Selena Larson: We will be right back after this quick break. [ Music ]

Dave Bittner: All right, well, anything else we want to share here with our listeners in terms of prevention or being able to keep an eye out for this? Selena, what are the takeaways from your research?

Selena Larson: Yeah, I mean, Keith definitely did a great job laying out what organizations can be doing. I would just, you know, let people be mindful that this is increasing. This is a threat that we are seeing more of, not just in North America, but expanding globally. And, you know, to validate and make sure that you are really talking to the person that you think that you're talking to is extremely important. And also, too, you know, I think we're talking about it from a supply chain perspective, but really what ends up happening is these losses mount up. And yes, okay, they might be -- they might go to insurance, so they might get their money back or whatever. But ultimately, what ends up happening is things get more expensive. Anytime that there's disruption and impact and losses across the supply chain, the expense ends up getting pushed onto consumers. And so I think that, you know, those of us who don't really think about where our turkeys are coming from, maybe might not necessarily be aware of that. But you have all of these things, you know, it comes from a container in the ocean. It gets picked up, you know, as a cargo shipment. It gets driven across state lines. Somebody else picks it up, and then it, you know, winds up in our closets or on our plates. And I think that that whole process is really a black box to a lot of us. And so, you know, thinking about where this stuff is coming from and why some of these crimes actually have impacts beyond just the organizations that are actually being hacked and impacted, but ultimately, it can be a consumer impact as well.

Dave Bittner: Don't buy black market dips.

Selena Larson: Definitely don't do that. You never know where they come from.

Dave Bittner: No, better safe than sorry. All right, well, thanks, everybody.

Selena Larson: Thanks so much. To all our listeners, thank you so much for listening. Happy New Year, happy holidays, and we will see you back here in January. And that's Only Malware in the Building, brought to you by N2K CyberWire. In a digital world where malware lurks in the shadows, we bring you the stories and strategies to stay one step ahead of the game. As your trusty digital sleuths, we're unraveling the mysteries of cybersecurity, always keeping the bad guys one step behind. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you ahead in the ever-evolving world of cybersecurity. If you like the show, please share a rating and review in your favorite podcast app. This episode was produced by Liz Stokes, mixing and sound design by Tre Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. [ Music ]

Only Malware in the Building
Podcast Info
HOST(S):
Selena Larson
Keith Mularski
Dave Bittner
Selena Larson is a Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint on the Threat Research team. She collaborates with fellow researchers to identify and investigate advanced cybercriminal threats and develop actionable threat intelligence. Previously, she was a Cyber Threat Analyst for the industrial cybersecurity firm, Dragos, and a cybersecurity and privacy journalist.
Keith Mularski is the Chief Global Ambassador for Qintel and a retired FBI Special Agent with extensive experience in cybercrime investigations and intelligence operations. He previously led major cybercrime takedowns and held leadership roles bridging public and private sector cybersecurity efforts, including as a cybersecurity executive at Ernst & Young. He continues to collaborate with global partners to combat cyber threats and protect critical infrastructure.
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monthly
Creator: N2K
ADVERTISEMENT
Sponsored by ThreatLocker
Sponsored by ThreatLocker

ThreatLocker® is a Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. With ThreatLocker, you can allow only what you need and block everything else, including ransomware! Learn more.