December 19, 2017

Intelligence has the ability to save lives and prevent disasters with the ultimate purpose of educating the public. This awareness bulletin transmits alerts regarding current and future threats to North America.
Daily Intelligence Report

Hackers Are Targeting Cryptocurrency Workers with a Fake Job Advert

Hackers Are Targeting Cryptocurrency Workers with a Fake Job Advert – North Korea

North Korean hackers are targeting people in the cryptocurrency industry using phishing emails. Cybersecurity company Secureworks discovered a fake job advert email supposedly from a "prominent bitcoin company" headquartered in the UK that installs malware on people's computers when opened. It's not clear whether the hack is intended to steal information, or any bitcoin owned by people who open the email. Rafe Pilling, a senior security researcher at Secureworks, told Business Insider the coding of the attack bore hallmarks of the Lazarus Group, an infamous group of North Korean hackers linked to the WannaCry ransomware campaign and the theft of $81 million from Bangladesh's central bank. The attack involves an email sent to people supposedly advertising a job as the chief financial officer of a fast-growing UK-headquartered cryptocurrency startup. Secureworks is not naming the startup in question. When people open the email, they are presented with a pop-up about an attached word document. After clicking on the document, recipients are presented with a word document of the fake job ad. But in the background, a "Remote Access Trojan" malware is installed. North Korean hackers stole about 100 million Korean won, or $88,000, worth of bitcoin from South Korean exchanges every month from 2013 to 2015, according to Yonhap News Agency. Security researchers FireEye said earlier this year that North Korean hackers have shown increasing interest in bitcoin over the last two years.

Read the article More Info Back to Top

Stolen Voter Database Held for Bitcoin Ransom

Stolen Voter Database Held for Bitcoin Ransom – California, United States

An Amazon AWS server believed to contain files on all of California's registered voters was left exposed this year due to a misconfigured database, according to researchers at the Kromtech Security Center. The database was later stolen by cybercriminals demanding a ransom only payable in bitcoin. Kromtech told Gizmodo that it collected samples from the database earlier this year while examining thousands of servers left publicly exposed. Each of the servers had installed a database platform known as MongoDB, which was widely misconfigured and vulnerable to attack. While re-examining the data samples earlier this month, Kromtech discovered what appeared to be 4GB of voter files linked to the State of California. By that time, however, the server had been swept up in a wave of ransomware attacks, which reportedly infected more than 32,000 MongoDB installations as early as January 2017. Owners of the stolen database were confronted with a ransom note, which read, "Your DataBase is downloaded and backed up on our secured servers. To recover your lost data: Send 0.2BTC to our BitCoin Address and Contact us by eMail with your MongoDB server IP Address and a Proof of Payment. Any eMail without your MongoDB server IP Address and a Proof of Payment together will be ignored. You are welcome!" "This discovery highlights how a simple human error of failing to enact the basic security measures can result in a serious risk to stored data," he said. "The MongoDB was left publically available and was later discovered by cyber criminals who used ransomware to steal the data and try to extort their victims in to paying to recover their files."

Read the article More Info Back to Top

Russian FSB Major Arrested for Treason Says He Does Not Know Hacker Who Allegedly Hacked US Democrats

Russian FSB Major Arrested for Treason Says He Does Not Know Hacker Who Allegedly Hacked US Democrats – Russia And The United States

Major of the FSB Information Security Center Dmitry Dokuchaev was arrested for violation of Art. 275 (Treason) of the Russian Criminal Code. He says he did not cooperate with hacker Konstantin Kozlovsky, who pleaded guilty to hacking the US Democrats, according to Dokuchaev’s lawyer, RBC reports. “I haven't met with Kozlovsky and, therefore, have never cooperated with him,” Dokuchaev’s lawyer cites his client, as quoted by RBC. Kozlovsky confessed to being a part of the cyberattack on the US Democrats during the 2016 US Presidential race, as The Bell reported earlier quoting its sources. Kozlovsky confessed he had access to Hilary Clinton’s e-mails, the e-mail servers of WADA, and a number of defense companies, according to The Bell’s source. Kozlovsky said Dokuchaev was his supervisor. To recall, Kozlovsky is currently in the Matrosskaya Tishina pre-trial detention center. He has been charged with stealing money from banks. Dokuchaev has also been detained. Dokuchaev, Head of the FSB Information Security Center Division No. 2 Colonel Sergey Mikhaylov, Head of Kaspersky Lab's Investigations Unit Ruslan Stoyanov, and entrepreneur Georgy Fomchenkov have been charged with treason.

Read the article More Info Back to Top


To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!


If you need immediate assistance from G4S Corporate Risk Services or would like to learn more about our services, email or call 800.275.8310.