FBI-Alert Number I-011822-PSA Public Announcement

Cybercriminals Tampering with QR Codes to Steal Victim Funds

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction. However, a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.

While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

PS: Follow up on CrowdStrike if you are a tech, you will understand this: In this case was a bad SYS file..Since most and CTO’s should know this CrowdSrike has full access to your system (like most AV firms) since everything is cloud based, do you understand how easily CrowdStrike could be compromised. I would think long and hard before adding or for that matter keeping CrowdStrike in my security rollout/arsenal. Ask for a refund and get a good product, not a Wall Street Darling. This is my personal opinion since I have been in the AV industry for 30 years

Keep in mind this is my personal opinion..please prove me wrong if you can.

3 Cause’s of the Crowdstrike down
1) Bad Developer file uploaded
2) Microsoft Software ( Be a developer of software not a security expert
3) Distribution of software via Cloudfare

Keep in mind this is my personal opinion..please prove me wrong if you can.

A faulty kernel driver developed by cybersecurity company CrowdStrike has caused a massive Microsoft outage that is currently causing chaos around the world. Windows machines have been crippled by the Blue Screen of Death (BSOD) on a global scale. The situation is so serious that flights are being grounded, major banks are experiencing problems with their systems, while key emergency 911 services have also been affected.

Cloudflare (down more then its up we have logs) Expands Relationship with Microsoft, Makes Industry Leading …
Jan 12, 2023Cloudflare and Microsoft announce new integrations between Cloudflare One and Microsoft Azure Active Directory to help customers deploy Zero Trust security across applications, users, devices and networks. The partnership also includes features such as Remote Browser Isolation

“The criticality of CrowdStrike as a security platform tends to, I think, outweigh some of those issues in the sense of customers can’t afford to just turn them off and not renew because of one incident. They’re just too tied into the ecosystem,” Walsh tells Yahoo Finance. “They’re too critical of a tool and what kind of within the overall stack. So I think those conversations certainly have the potential to emerge…”

Josh Lipton and Julie Hyman
Fri, Jul 19, 2024, 1:19 PM MST

Comments like this are foolish, of course you can change software providers..Comments like this are like the early 90’s when Symantec and McAfee dominated the AV industry (Techs comments back then were we will never get fired if we use the 2 products mentioned above, but we all managed to survive with better products that did not peg the CPU’s)

Defused Cyber Deception Researcher and Founder Simo Kohonen joins to discuss the implications for CrowdStrike and the broader cybersecurity landscape.

Kohonen explains that CrowdStrike “pushed out a faulty update” that, when installed, “broke everything,” affecting industries globally. He emphasizes CrowdStrike’s reputation as the “top number one cybersecurity company in the world” and notes that their extensive customer base amplifies the scale of this issue. While the issue is fixable, he cautions that the timeline for resolving this problem may vary.

Simo Kohonen – Aalto University | LinkedIn
Sep 2021 – Present 2 years 7 months. Helsinki Metropolitan Area. Key contributor in the technology-related major fundraising at the Aalto University. Managing key accounts in a client and data driven manner utilizing the Microsoft Dynamics CRM system. Identifying, cultivating, soliciting, and stewarding

Crowdstrike EULA (https://www.crowdstrike.com/terms-conditions/)
8.5 No Guarantee. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR.

My opinion every major provider write EULA’s like this..They take your money and say sorry..right now Crowd Strke does not have enough employees to remove the file that broke it, the firms that use Crowdstrike also do not have enough techs to to fix all systems affected, including Chase .

Personally I would like to see a law firm create a class action law suit, for loss’s incurred..

I do know about this matter I recommended a RMM soultion to one of my partners..The firms  development team pushed the wrong patch out in a  update that deleted over 4000 endpoints of one of  the largest and most reliable AV solutions back then and even today. Personally my firm and along with myself restored all endpoints, I did drop the RMM when they basically said sorry but would not pay for costs to restore, this still happens to be a client today still..its all about service.

I wish you all luck to get your services restored, hire a qualified tech

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count” 40 years in the AV business.

Updated on: June 14, 2024 6:47 AM Paulina Okunytė Journalist (Good Job)

The legal action was based on NetLab’s findings, which indicated that Meta did not take down 1817 paid ads containing scams.

The fraudulent ads used the name of a popular government program to assist indebted individuals, called Desenrola, and kept running even after months after official notification.

To all MSP and Tech’s do what you can to block Facebook / Meta just for security purposes

Meta has received backlash after trying to discredit researchers who identified fraudulent ads on its platforms as “unable to produce technical evidence.”

Meta’s lawyers called researchers from NetLab, a research group affiliated with one of Brazil’s top universities – Federal University of Rio de Janeiro (UFRJ) – “biased” and “unable to produce technical evidence.”

The accusation comes as part of the company’s defense in an ongoing case in Brazil. The country’s federal watchdog for consumer issues, Senacon, sued the tech giant in November 2023 for failures in ad moderation on the company’s main platforms, Facebook and Instagram.

The legal action was based on NetLab’s findings, which indicated that Meta did not take down 1817 paid ads containing scams.

The fraudulent ads used the name of a popular government program to assist indebted individuals, called Desenrola, and kept running even after months after official notification.

The formal document, obtained by journalists at Brazilian tech news outlet Nucleo, describes Netlab as a “partial third party” and questions its ability for neutrality.
Accusation of bias

Meta accused NetLab’s report of containing “a series of imperfections, biased responses, distorted conclusions, and reliability that is, at best, dubious.”

However, the company failed to specify what the alleged errors were.

“Netlab has an institutional political opinion that is manifestly opposed to Facebook Brazil [Meta’s legal name in Brazil],” the company argued.

“And not only that: the coordinator of the laboratory herself, Professor Rose Marie Santini, has publicly expressed strong criticisms of digital platforms,” the document reads.

One of Meta’s attempts to undermine the group is to argue that NetLab’s report lacked links to each of the ads it identified as fraudulent.

Apparently, the researchers shared the URLs and IDs of each ad with Nucleo reporters.

“This is a strategy to make us work for them, given that they have already made money from an ad, and this request transfers to us the responsibility of cleaning up their platform,” said Santini to Nucleo.
Meta condemned by activists

Meta’s actions have been condemned by activists. 70 organizations, research centers, digital rights watchdogs, and think tanks have signed a note of repudiation.

“This is an attack on scientific research work and attempts to intimidate researchers who are carrying out excellent work in the production of knowledge based on empirical analyses that have been fundamental in qualifying the public debate on platform accountability,” they stated in the note.

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

Ericka Chickowski, Contributing Writer May 14, 2024

RSA CONFERENCE 2024 – San Francisco – Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multiyear supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year?

At last week’s RSA Conference, Ed Skoudis, president of the SANS Technology Institute, convened his annual panel of SANS Institute instructors and fellows to dig into topics that should be top of mind for cyber defenders for the remaining months of the year.

Security Impact of Technical Debt

The security cracks left behind by technical debt may not sound like a pressing new threat, but according to Dr. Johannes Ullrich, dean of research for SANS Technology Institute, the enterprise software stack is at an inflection point for cascading problems. What’s more, “It affects more and more not only just our enterprise applications, but also our security stack,” he said.

Technical debt is the accumulation of work in software engineering or system design that’s left undone or put off until tomorrow for the sake of getting a minimum viable product up and running today. The debt may be accrued intentionally to optimize for speed or cost reasons, or it could build up unintentionally due to immature software engineering practices. Either way, it tends to raise a ton of cybersecurity risks as the debt grows.

And according to Ullrich, the rising accrual of technical debt combined with the growing complexity of the software supply chain is increasing the profile of this threat vector.

“Even as a developer myself, it is very easy to say, ‘Hey, this new library doesn’t really have any new features and doesn’t fix any security vulnerabilities, so I’m not going to apply that update,” he says. “The problem is that five years from now, after you skip 10 to 15 different incremental updates, then the big security vulnerability hits that library and now you have to work through all of these little quirks that have added up over the years so you can fix it.”

Article (https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024?_mc=NL_DR_EDT_DR_weekly_20240516&cid=NL_DR_EDT_DR_weekly_20240516&sp_aid=123517&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=53519)

In my world of tech support it is happening with 98% of all manufacturers today Microsoft being the leader in my opinion.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”