Photo courtesy of TheRegister.co.uk
Within the last 48 hours, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) have issued warnings pertaining to cybersecurity. The FBI issued a warning due to an adultery blackmailing scheme that has swept across Florida over the last couple of weeks. As for the DHS, they issued an alert warning of increased activity from nation-state hackers, criminal groups, and hacktivists against Enterprise Resource Planning (ERP) systems.
Adultery Blackmail Scam
The FBI’s Jacksonville division issued a warning to residents in central Florida of a blackmail scam that claims to have evidence of adultery to its victims. The con starts with a scammer sending an email or letter to a potential victim claiming they have evidence that the individual is taking part in extramarital activities. Should the individual who receives the letter not follow the directions and pay the scammer in Bitcoin, the information will be revealed to the recipient’s family or spouse.
One letter obtained by a CBS affiliate states: “I know about the secret you’re keeping from your wife and everyone else. I have evidence and know what you’ve been hiding.” While this blackmail scam isn’t new, it continues to evolve as scammers change their tactics. Although the Jacksonville division of the FBI is the division which issued the warning, the FBI has confirmed that similarly worded emails and letters have been seen throughout the country.
If you come across this scam, the FBI encourages you to submit the information to the FBI’s Internet Crime Complaint Center. By no means should you respond or pay the Bitcoin demanded.
DHS Warning on ERP Systems
ERP systems are web-based applications, often cloud-based systems, that allow companies to manage various facets of their business, such as customer accounts, finances, human resources, marketing, sales, product distribution, and just about every other company operation. Because of the depth of data contained in ERPs, they have become rich targets for cybercriminals ranging from nation-state hackers to hacktivist groups.
According to a report released by intelligence firms Digital Shadows and Onapsis, attack vectors range from known vulnerabilities to exposing passwords instead of zero-day attacks where vulnerabilities are exposed before a company can patch them. Remember all those data breaches we have been talking about? According to researchers, many attacks leverage usernames and passwords from information leaked in breaches that occurred at other companies in an attempt to break into an employee’s ERP account.
Perhaps the most alarming point in the report is the damage that can be done if a company’s ERP system does become compromised.
“The implications of this research go beyond the risk to individual companies,” researchers in the report commented. “Based on the observed threat actors, the pervasive nature of these applications in the world’s largest organizations and dependence on them for the execution of their business-critical processes, wide-scale attacks on ERP applications could also have macroeconomic implications.”
Based on the fact the researchers warned that a compromise to an ERP system could have a Wannacry-like impact, this warning should not be taken lightly. The truth of the matter is, warnings like this have been issued, however, companies have still neglected to take the necessary precautions. It’s likely we will be writing an article on a massive ERP system compromise in the coming weeks. Stay tuned!