Hacking Humans

Andrew Morris, founder and CEO of GreyNoise Intelligence, joins Dave to discuss the explosive increase in opportunistic scan-and-exploit cyber attacks, and what security analysts can do to combat it. Joe and Dave share some follow up from listener Mark, whose son got scammed out of 150 million dollars in a game he plays. Dave's story is on ChromeLoader, which is a pervasive and persistent browser hijacker that modifies your settings and redirects you to more advertisement websites. Joe has two stories: one on a family of con artists found to be scamming gas station patrons that attacked an individual after being confronted, and the second is on fake Facebook ads and how shoppers are being scammed. Our catch of the day comes from listener Jon, who was contacted via email being requested to pay customs fees of $750 for packages in his name.Links to stories: ChromeLoader: a pushy malvertiser Michigan State Police Looking For Con Artists in Emmet County Gas Station Scam Shoppers scammed by fake ads on Facebook Marketplace Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim.CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: “Diamond Presentation v2 0: Diamond Model for Intrusion Analysis – Applied to Star Wars’ Battles,” Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.

Ryan Kovar, distinguished security strategist at Splunk and leader of SURGe, discusses the speed of ransomware, as well as the first-of-its-kind research the SURGe team is releasing on how quickly the top ransomware families can encrypt 100,000 files. Joe and Dave share some listener follow up from listener Josh. Joe's story follows the baby food shortage and warns about the dangers of sellers scamming people through online purchases of formula. Dave's story is on how IT members can identify the three most dangerous types of internal users and what businesses need to look out for. Our catch of the day comes from listener Josh, who shares about a friend of his who possibly got hacked and the check the scammers claimed was real.Links to stories: Kansas City-area experts warn of online baby formula scams The three most dangerous types of internal users to be aware of Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attckAudio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.

Ann Johnson, Security Executive at Microsoft and host of the afternoon cyber tea podcast, joins Dave to discuss social engineering and ways to help prevent it, as well as the different types of social engineering she's seen from her experience, Dave and Joe share some listener follow up about macros in Office documents, Joe has two stories this week, one is on how Seth Green lost over 300K in NFTs, and the other is on a new scam with Chatbots on phishing emails, Dave's story is on how a California man was arrested for siphoning money, our catch of the day comes from listener Sadik who shares a suspicious looking email telling him, that his Norton service is about to expire.Links to stories: Amazing mind reader reveals his 'gift' Seth Green Loses $200K Bored Ape Yacht Club NFT in Phishing Scam Phishing Scam Nets $23.5 Million From DoD, California Man Arrested Siphoning Money From Contractor Phishing websites now use chatbots to steal your credentials Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The set of people, process, technology, and cultural norms that integrates software development and IT operations into a system-of-systems.CyberWire Glossary link:Audio reference link: "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.

Mark Horne, Chief Marketing Officer at Pindrop, joins Dave to discuss voice authentication, Dave and Joe have some follow up about business phishing (BECs) from listeners Nick and Michael, Joe's story has a romance scam where criminals pretend to be celebrities, and Dave's story is about the increase in phishing downloads due to cyber criminals using SEO to leverage their lures, and we've got 2 catches of the day for you from listener Peter on free Dyson vacuums and one from Joe with a plea from Vladimir Putin asking for money.Links to stories: ‘Keanu Reeves … I know it’s not you’: Fraudsters pretend to be celebrities in scam attempts Malware Mayhem: Netskope Research Finds Sharp Increase in Phishing Downloads, as Cybercriminals Leverage SEO to Lure Victims Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attckAudio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.

Matthew Connor, Founder of Conscious Security, discusses a study he conducted while working with F-Secure, the study targeted 82,402 individuals with one of four phishing emails, he goes into the findings of the study and certain insight this study has brought, Joe's story is on the popular app Zelle and how users are loosing thousands of dollars due to scams, and Dave's story is on three big tech giants announcing plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance, our catch of the day comes from listener Areus on text messages exchanged between two strangers and where the conversation leads.Links to stories: Criminals Are Scamming Zelle Users. Here's How to Keep Your Money Safe Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls. CyberWire Glossary link: https://thecyberwire.com/glossary/waterfall-software-developmentAudio reference link: “Creating Video Games - Agile Software Development,” by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015