A

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack with wired, wireless and cellular all in one integrated solution that's built for performance and scale. You can find them at meter.com CST.

B

FBI warns of state backed QR code phishing campaign Europol arrests 34 in major Black Axe crackdown and uncertainty looms over CISA's pre ransomware alerts after key departure this is Cybersecurity Today and I'm your host David Shipley. Let's get started. The FBI has issued a warning about a new phishing tactic being used by a North Korean state sponsored hacker group. The group is leveraging malicious QR codes in spear phishing campaigns that are targeting organizations in the United States. The primary focus of these attacks appears to be groups involved in policy research and analysis related to North Korea. Among the targets are think tanks, academic institutions, non governmental organizations, strategic advisory firms, and even US Government entities. The phishing technique uses QR codes to bypass traditional security measures. The FBI has previously noted its use by cybercriminals to steal money. It remains a highly effective method for tricking victims and evading detection. Here's how it works. Victims receive emails containing QR codes, often disguised as links to questionnaires, secure file shares, or login pages. When scanned with a mobile device, the QR codes direct users to attacker controlled websites. These pages often impersonate legitimate platforms such as Microsoft 365 Google login portals, Okta or VPN services with the goal of stealing access credentials or session tokens. The FBI highlights that these tokens are particularly dangerous because they allow attackers to bypass multi factor authentication and hijack accounts without triggering many security alerts. In some cases, attackers have posed as foreign investors, embassy officials, think tank members or conference organizers to gain credibility. For example, in one incident last June, North Korean hackers sent a fake conference invitation to a US Strategic advisory firm. The email contained a malicious QR code which redirected recipients to a phishing site designed to harvest sensitive information. Because this method often requires victims to scan QR codes using their mobile devices, it can sidestep traditional email security tools and endpoint monitoring systems. The FBI describes this as a Multi Factor Authentication Resilient identity intrusion vector. Say that three times fast. To defend against these attacks, the FBI recommends organizations train employees to recognize phishing attempts and to be wary of QR codes to never scan QR codes that you weren't expecting, especially if it's from someone you don't know implementing mobile device management solutions to enhance security for mobile devices and to continue enforcing multi factor authentication. Lastly, the FBI urges anyone targeted by these attacks to report incidents to their local FBI Cyber Squad or through the Internet Crime complaint center@ic3.gov this story is a great reminder about the push last year by some cyber experts to dictate what advice should or shouldn't be given to folks in order to avoid so called hacking folklore or hacker lore. It was misguided when it came out, particularly with regards to claims that QR codes weren't a threat people needed to worry about. It doesn't matter that the codes themselves aren't the delivery mechanism for malware. It matters that they can lead people into a trap, particularly on devices that may not have many other security controls. Educating people about QR code phishing remains good advice, as noted by the FBI, Europol has announced the arrest of 34 individuals in Spain tied to an international criminal organization known as Black App attacks. The arrests were part of a coordinated effort by the Spanish National Police, the Moravian State Criminal Police Office and Europol. The operation resulted in 28 arrests in Seville, with additional arrests in Madrid, Malaga and Barcelona. Authorities also seized €66,000 in cash, froze nearly €120,000 in bank accounts and uncovered evidence implicating the group in fraud schemes causing damages of over Euro 5.93 million, which is approximately 6.9 million USD, or about 9.6 million Canadian. Black Axe is one of the most prominent West African transnational organized crime syndicates. Established in Nigeria in 1977, the group now operates globally with an estimated 30,000 members and an extensive network of facilitators. The organization has been linked to a wide range of criminal activities including cyber enabled fraud, human trafficking, drug smuggling and violent crimes. Europol described their activities as involving business, email, compromise schemes, romance scams, inheritance scams and even advanced payment fraud. These operations are often supported by money laundering networks that use both traditional financial systems and and cryptocurrencies. This isn't the first time Black Axe has been targeted by international law enforcement. In 2022, an Interpol led operation dubbed Operation Jackal resulted in the arrests of 75 individuals connected to the syndicate. In 2024, a follow up effort led to over 400 arrests, the seizure of more than 5 million in assets and and the identification of thousands of additional suspects. Europol's recent crackdown is yet another significant step in disrupting Blackaxe's global operations. Authorities are urging businesses and individuals to remain vigilant against cyber enabled fraud schemes and to continue to report suspicious activity to your local law enforcement or appropriate authorities. A critical US Government program designed to warn organizations about imminent ransomware attacks is facing uncertainty after the departure of its lead developer. David Stern, the key figure behind the Cybersecurity and Infrastructure Security Agency's Pre Ransomware Notification Initiative, resigned late last month after being reassigned to a different federal agency. The Pre Ransomware notification initiative, or PRNI, has been credited with helping to prevent an estimated $9 billion in economic damage since its inception in late 2022. By analyzing tips from the intelligence community, cybersecurity firms and Internet infrastructure operators, the program alerts organizations when ransomware operators are preparing to attack. Over the past two years, the initiative has sent thousands of warnings to critical infrastructure operators, including water systems, healthcare facilities, schools and energy utilities. Stern's departure comes at a challenging time for cisa, which has already been grappling with staffing shortages, budget cuts and leadership challenges, according to sources familiar with the program. Stern was the only CISA employee dedicated to these notifications. His departure has raised concerns about the future of the initiative, with some suggesting that the program's success relied heavily on Stern's trusted relationships with private sector security researchers and organizations. While CISA has stated that the program is continuing, some industry insiders remain skeptical. They note that Stern's departure has strained relationships between CISA and its private sector partners, which are a key source of the intelligence that fuels the program. For now, CISA reports that it's training additional staff to take over the initiative. However, experts warn that the unique connections and trust Stern had built with the cybersecurity community may not be easily replaced. This development underscores the importance of stable leadership and strong partnerships in the fight against ransomware, an ongoing and costly threat to organizations worldwide. It also means more countries will have to step up to fill this gap. The news also comes as the US Announced late last week that it was pulling out of several international organizations helping coordinate responses to cyber threats. Among the organizations the US Exited were the Global Forum on Cyber Expertise, the Online Freedom Coalition, and the European center of Excellence for Countering Hybrid Threats. The Global Forum on Cyber Expertise works on issues such as critical infrastructure protection, cybercrime, cyber skills and policy, as well as emerging technology. Its members include nations and government organizations like Interpol, but also tech companies like Hewlett Packard, mastercard and Palo Alto Networks. Thank you for listening. If you enjoy the show, please tell others Consider leaving us a review and remember to like and subscribe. We'd love to reach even more people, and we continue to need your help. I've been your host. David Shipley, Jim Love will be back on the news desk on Wednesday. Have a great Monday.

A

We'd like to thank Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter Designs deploys and manages everything required to get performant, reliable and secure connectivity. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices to warehouses and large campuses to data centers. Book a demo@meter.com CST that's M E T E R.com CST.