Robin’s Newsletter #294

4 February 2024. Volume 7, Issue 5
FBI disrupted Volt Typhoon activity. Moody's downgrades UK water sector due to cyber threat. Stolen FTX millions linked to US SIM swapping ring.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

FBI disrupts Volt Typhoon operation

  • According to FBI director Christopher Wray, the US disrupted the infrastructure of a Chinese-linked espionage group in December 2023. Speaking at a select committee hearing on the cyber threat posed by China, Wray said that hundreds of US-based small business and home routers had been infected with the ‘KV Botnet’ malware by the Volt Typhoon group. 
  • The FBI was able to issue a command to the affected routers — mainly end-of-life Cisco and Netgear devices — that removed the malware. A court had to approve the action, technically known as a ‘seizure’, and now plans to contact ISPs so they can notify affected customers, as the devices will return to a vulnerable state if they’re rebooted. 
  • The infected devices were used as VPN endpoints to tunnel traffic into the US to provide cover and minimise suspicion in other attacks.

Moody’s cited cyber threat while downgrading the rating of UK water sector

Stolen FTX $400 million linked to three US SIM swappers

Interesting stats

127,147,851 data subject have been affected by breaches “involving economic or financial data” between 1st October 2019 and end of 2023, according to a Freedom of Information request of the UK ICO. The number exceeds the population of the UK, but likely includes individuals not resident within the UK, and does not account for duplicates.

29% of ransomware victims paid ransom demands in Q4 2023, a record low, according to Coveware, down from  85% — the ransom payment rate at the start of 2019:

![Ransomware payment rates have steadily declined from 85% in Q1 2019 to 29% in Q4 2023 (Source: Coveware)](/img/newsletter/294-coveware_ransom_payment_rates.png

The size of the organisation targeted and median ransom payment has increased over the same period, though, as cybercriminals shifted from opportunistically extorting individuals to more organised attacks against organisations.

Quiz 

What does the FBI estimate losses to ‘liquidate savings’ scams from May to December 2023? A) $10 million; B) $25 million; C) $55 million. Answer ⤵

Other newsy bits / in brief

And finally

  • The Silk Dress cryptogram has been solved. Ten years ago, Sara Rivers-Cofieldm, a curator and archaeologist, bought an 1880s bustle dress from an antique shop in Maine and discovered a hidden pocket containing two sheets of paper with coded messages. Wayne Chan, a data analyst at the University of Manitoba, cracked the code, linking the phrases back to a US Army code book. The messages are weather observations, likely encoded because telegrams were charged per word, and code books allowed more information to be transmitted with fewer words. 

Answer

C) $55 million: the FBI is warning of a new wave of ‘tech support’ style telephone scams that encourage the victim to liquidate their savings into cash or precious metals to prevent them from being stolen by hackers, before sending a courier to collect the funds. Return ⤴

Robin

  Robin's Newsletter - Volume 7

  Espionage Volt Typhoon China Moody's Water Credit rating FTX SIM Swapping Data breaches Ransowmare payments Ransomware Ivanti Monero Cloudflare Okta SolarWinds Schneider Electric Blackbaud Proofpoint Cryptogram