Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

Western Digital Hit By Security Breach - MyCloud Taken Offline

Storage drive manufacturer Western Digital has disclosed a network security incident involving some of its systems. On 26 March the company identified an incident in which an unauthorized third party gained access to its systems. The firm activated its incident response procedures and commenced an investigation with the assistance of external incident response and digital forensics experts.

The investigation to date suggests that the intruder was able to exfiltrate certain information from the affected systems and the company is working to understand that nature and scope of that data. Among the response actions, several systems and services have been taken offline; at time of writing the My Cloud status page at https://status.mycloud.com/os4 indicates that My Cloud Home and My Cloud OS 5 services are down.

(Author pauses, stares at all the WD external backup drives around his office and counts himself fortunate to be very cautious in his use of external cloud services.)

FGS Global, Western Digital Provides Information on Network Security Incident, news release, 3 April 2023. Available online at https://www.businesswire.com/news/home/20230402005076/en/Western-Digital-Provides-Information-on-Network-Security-Incident.

US DoJ Seizes Over $US112 Million From Crypto Investment Scammers

The US Department of Justice has managed another win in the constant battle against cryptocurrency scammers, this time seizing virtual currency worth an estimated $US112 million linked to cryptocurrency investment scammers. Judges in the District of Arizon, the Central District of California and the District of Idaho had authorized seizure warrants.

The virtual currency accounts were allegedly used to launder proceeds of various cryptocurrency confidence scams. In these schemes - often referred to as 'pig fattening' or 'pig butchering' - fraudsters cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms. In reality, however, the funds sent by victims for these purported investments were instead funneled to cryptocurrency addresses and accounts controlled by scammers and their co-conspirators.

In 2022, investment fraud caused the highest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center (IC3), totaling $3.31 billion. Frauds involving cryptocurrency, including pig butchering, represented the majority of these scams, increasing a staggering 183% from 2021 to $2.57 billion in reported losses last year.

Office of Public Affairs, Justice Department Seizes Over $112M in Funds Linked to Cryptocurrency Investment Schemes, news release, 3 April 2023. Available online at https://www.justice.gov/opa/pr/justice-department-seizes-over-112m-funds-linked-cryptocurrency-investment-schemes.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.