FBI Archives - Cyber Protection Magazine

The problem with proxies

Lou Covey October 31, 2025

Proxies are absolutely crucial to the operation of the internet, but they also represent a clear and present danger to users. Finding that balance is pretty much a full-time job for cybersecurity. The recent Amazon Web Services (AWS) and Microsoft Azure outages are good examples of that.

Amazon explained the outage was caused by “failing intermediaries” monitoring system health, preventing proper traffic routing. Another word for intermediaries is “proxies”. When the monitoring subsystem malfunctioned, health check updates were not propagated properly, causing backend servers to appear offline even when they were active, which invalidated DNS lookups. This created a cascading failure.
Likewise, the Azure outage was caused by a misconfiguration of the proxy Front Door, a global entry point for content delivery network functionality, load balancing, and application acceleration.

How Proxies Function

When a user wants to access a website, the request goes to the proxy server instead of going directly to the internet. The proxy server receives the request, then forwards it to the target website. It modifies the request header to hide the user's original IP address.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

SE Asia casinos that shut down during pandemic were turned into social-engineering call centers to scam wealthy individuals

Pig butchering: Proving the Luddites right

Lou Covey October 9, 2024

Pig-butchering may be proving the Luddites were right. The social-engineering scam bypassed ransomware as the most profitable cybercrime approximately two years ago. After government regulations and law enforcement took a big bite out of returns for ransomware this past year, public-private partnerships are taking aim at the new champ.

TL;DR
* Pig butchering eclipses losses from ransomware
* Top targets are tech savvy people under 50
* Human error trumps cyber awareness
* Public/private partnerships making inroads at dismantling scam operations
* Tips to avoid scams
* Podcast with Arkose CEO
Between 2020 and 20023, scammers reaped more than $75 billion from victims around the world. Approximately 90 percent of the losses came from of purchasing fraudulent cryptocurrency, according to the US Treasury Department’s, Financial Crimes Enforcement Center. In comparison, ransomware attacks in that same period harvested $20 billion worldwide in ransoms and cost approximately another $20 billion in recovery costs.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Criminal using a device to make a deep fake voice call

Telemarketers are hated, but loved by criminals and entrepreneurs

Lou Covey September 24, 2024

Everyone hates telemarketers. If they can convince one or two suckers out of a thousand call to sign up, it………more...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Security expert collapsed from exhastion

Breach fatigue or too big to fail?

Lou Covey September 19, 2024

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Cyberint midyear report shows declinen in ransomware attacks per victim

Have we reached peak ransomware?

Lou Covey August 9, 2024

Cybercrime reports flowing out of marketing departments still highlight the danger of ransomware. However, a closer look at the numbers reveals a much different story and poses the question: Have we reached peak ransomware?

Last year, ransomware attacks hit all-time highs with paid ransoms exceeding $1.1 billion and attacks exceeding 5000, according to FBI and Interpol reports. However, looking at midyear reports from Cyberint, SonicWall and Check Point and a dozen others, attacks and ransoms paid have crashed. Still, the crime is not to be discounted, and industry recommendations are to double down on efforts to combat the “scourge”.

There are three reasons why the ransomware industry is hitting a wall.

Law enforcement agencies, working In cooperation, have found the means to identify and shutdown ransomware gang operations around the world.
Potential victims have learned hard lessons regarding the gangs’ willingness and ability to decrypt data, and becoming repeat targets. They are deciding in greater numbers to ignore ransom demands, cutting into revenue streams.

The “honor among thieves” philosophy does not relate to these criminals. Ransomware service providers are stiffing their affiliates, causing a fracturing of the criminal industry into multiple, independent gangs.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here

The Evolution of Ransomware: From Simple Scams to Advanced Cybercrime Strategies

Chris Storey August 6, 2024

Ransomware vulnerability is typically exacerbated by immature security programs, leaving organizations susceptible to a variety of infiltration tactics. Additionally, a lack of security culture within companies increases susceptibility to ransomware attacks.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Data thefts keep rising in spite of investment in security tools and services

Do corporations really care about your security?

Lou Covey July 10, 2024

“Your security is important to us,” is a common phrase on corporate websites and emails, usually after some data breach that affects customers. To prove that statement, corporations invest billions of dollars in the cybersecurity industry. Most market projections say the industry is worth about $180 billion. About 15 percent of that market goes to data security. But all the indications are that we are losing the war in personal identity security That leaves is with the question: Do corporations really care about customer security?

Probably not

US Department of Health and Human Services reported recently that. in the US, there have been 2,213 breaches since 2020, with 152.1M affected individuals. That is almost half of the American population. But that is just breaches involving medical data.

The FBI reports, in the same period, more than 350 million stolen personal information records, exceeding the known population of the country. Worldwide, the number of personal identity information (PII) records exceeds one billion people.

So how bad is it? “I always tell people assume your social security number has been breached. Just assume that,” said John Meyer, senior director for Cornerstone Advisors, an organization providing security consultation to financial organizations.

So we are spending tens of billions of dollars to protect data from exfiltratation on almost a weekly basis from attacks bypassing current defenses. Is it worth the investment? Does protecting that data even matter?

Well, yes… sort of

Data security professionals say it is and it does. Communications, industry intellectual property, state secrets, and control of crucial systems must still be protected. Most professionals we talked to cite ransomware attacks as the primary reason for investing in security precuts and services.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

FBI statistics showing the break down of elder fraud. $1.2 million in investment scams is on the top. which is twice as much as the second, tech support scams

Elder fraud festers out of control

Lou Covey June 21, 2024

As legislatures around the world try to get a handle on the growth of ransomware, another category of cybercrime is festering out of control: Elder fraud.
The FBI’s Internet Crime Complaint Center (IC3) reported more than 100,000 people in the US, 60 years and older, lost $3.4 billion total to digital scams. The IC3 pointed out that the elderly are half as likely to report a loss. So the actual crimes and losses are probably much higher.

In contrast, the total ransomware payouts last year from reporting companies was $1.1 billion according to Chainanalysis. While the total number of fraud reports to the IC3 appears to have leveled off after years of growth, elder fraud increased by 14 percent year on year.

“Combatting the financial exploitation of those over 60 years of age continues to be a priority of the FBI,” wrote FBI Assistant Director Michael D. Nordwall, who leads the Bureau’s Criminal Investigative Division, in the report. “Along with our partners, we continually work to aid victims and to identify and investigate the individuals and criminal organizations that perpetrate these schemes and target the elderly.”

Who is vulnerable?

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

RSAC Reporter’s Notebook: Change is coming

Lou Covey May 15, 2024

The cybersecurity industry is just absolute chaos, and rightly so. This is the industry charged with plugging dikes during the Class-5 hurricane that the internet seems to be today. Nowhere is that chaos more evident than at RSAC just from a marketing perspective. Everyone has “ground-breaking”, “industry-leading”, and “first ever” product offerings and this year was no different. But if you can look past the Macho-man impersonations, Formula One cars, and the mesmerizing miasma of the website and show floor, you can see an order forming in the chaos. Change is coming.

Back to step one

RSA CEO Rohit Ghai, said we have missed a step in AI development. “We’ve seen it first as a co-pilot alongside of a human pilot and then see it taking over flying the plane.” He said the first step is making it an advanced cockpit making it easier for less trained and experienced people to do the work. He pointed out that cybersecurity is an industry with negative employment making it difficult to find experienced technicians to do the work.

Last year, any discussion of ethical development was met with confused stares. This year, the need for ethical AI development is taken seriously but few can see a profit in it. Cybersecurity VC Rob Ackerman (DataTribe) and Carmen Marsh, CEO of the United Cybersecurity Alliance, were open to suggestions,

“From the perspective of (companies like OpenAI), I understand the reasons to go as fast as they can to develop a true artificial intelligence, the question is, who are the people in the room guiding the process?” said Ackerman. “Once you get a diverse set of advisors working on the problem, then you do the best you can to create something ethical. But right now, we aren’t even doing the best we can.”

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Keystone cops in wrecked car turning a corner

Turning the corner on cyber insurance

Lou Covey March 8, 2024

It seems like the insurance industry is turning the corner on cyber insurance and making a decent profit in the process. But not every industry watcher is optimistic.

Purchase Required

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Already a member? Log in here