A

You're listening to the Cyberwire Network, powered by N2K.

Okay, so tell me this doesn't feel exactly like the start of that one movie.

B

Yeah. Office party, Lights flickering, everyone pretending to be festive while secretly thinking about email notifications.

C

Oh, yeah, what's that one movie where the guy's just trying to enjoy the holiday and then everything goes terribly wrong?

A

That's like half the Hallmark channel, Dave.

B

No, no, I know what he means. Big building Holiday Party Chaos.

A

Oh, no, wait a minute. You're thinking of.

C

Yeah, that one.

B

Don't say it.

C

Welcome to the party, pal.

A

Unauthorized access. Breaching employee login credentials. Uploading payload into email boxes. Penetrating HR's auto reply templates.

And there it is. Unauthorized access detected. Mary. Chaos, everyone.

C

Looks like someone just crashed our night.

B

Uninvited guests?

C

Looks more like Hans malware.

A

Please don't.

C

Attention, everyone. McLayton mode. Activate it.

Great.

B

Now we ruined a perfectly good party. Not cool, Dave.

C

Oh, right. Good point.

B

Look, this is no ordinary breach. It's moving toward the core. The server room. If it hits that, it nukes the backups. We're toast.

C

So what's the play here, Selena?

A

We can only stop it from the server room, but the doors are locked from the inside and maintenance has gone home already. The only way in is through the overhead vent.

B

Perfect, Selena, you get in the vent.

A

Get in the what? No, I'm not getting in the vent. Can't we just let the malware win this one time?

C

Come on, Selina. You're our only hope.

A

Fine.

C

Great. Here, take this radio so we can stay in touch.

A

Become a frat researcher, they said. It'll be fun, they said. Now I know what a TV dinner feels like.

C

Selina, you're doing great. Remember, you're our McClane. Do what you do best.

A

I can see the server hatch ahead. I'm going to pop in and pull the physical power lines. Ready to cut it off?

B

Ready. Do it now.

A

Replacing all thumbs up with passive aggressive pause.

The system's clean. We saved the day.

C

Yippee ki yay, mother. Dave.

B

Family show.

C

Motherboard. I was gonna say motherboard. Motherboard.

A

Sure you were.

B

Well, that's one way to save the holiday.

A

Foreign.

Hello to all our listeners, and welcome to Only Malware in the Building. I'm your host, Selena, joined by Dave and Keith. And I'm very excited. It's our December episode. The holidays are right around the corner. Are you guys gearing up? Are you ready to take some time off rest and relaxation?

C

Oh, yeah.

B

All set, you know. Got the turkey in me. The tree is up. We've decked the halls. We are all set. I'm waiting for Santa.

C

All I want for Christmas is you.

A

And dips, I imagine.

C

And dips. Oh, that's even better. All I want for Christmas is dips.

A

And the presents under the tree, or whatever it is that you're cooking this week, this month, all of these things come from a supply line. And how do the presents get under our trees? Are all of our new shoes and clothes and food and yummy energy drinks. Mulled wine, cider.

C

Santa. It's Santa. Selena. It's Santa. Santa is the supply line. You're going to tell me different.

A

Well, Santa might be targeted by threat actors this holiday season. And today we're going to be talking about cyber threats to things that impact physical goods and real cargo. And this is something that I'm very excited about, very interested in proofpoint. My colleague Oliver Ladson recently published some research on this. And earlier this year, we published some other research about scammers, basically using requests for quotes to steal a variety of goods. And so today, on today's episode, we're going to be talking about how cyber threats impact the physical goods that we use every day. So you guys ready?

C

I am so, ho, ho, ho, ready.

Foreign.

A

Amazing. All right, well, I will kick us off describing this research and then do you guys. I'm curious to hear your thoughts about it. And, Keith, I know that we had chatted about some overlap with other threat actor clusters, so I'll go ahead and start with the cyber criminals that are actually targeting trucking and logistics to deliver remote monitoring and management software. Now, we've talked on the podcast previously about how RMM tools, which are legitimate enterprise software that are being used maliciously by a variety of different threat actors, has becoming increasingly popular. But now what we're seeing is this increase in cybercriminal activity that is actually targeting cargo, freight, and ground transportation, these types of things. And what they're doing is, in many cases, they're compromising these load boards or where the actual carriers and brokers post loads that need to be driven to a place the threat actor will post a fake load reply with a malicious link, actually responding to the carriers who are like, yeah, I want this load. And then they will actually link to an RMM that is basically used to hijack these carrier accounts. Then they will bid on real loads, and then they will do a variety of things. But ultimately what it leads to is cargo theft. And through my research, I've discovered basically this is kind of like a new take on an old threat going all the way back. You guys remember Butch Cassidy and the Sundance Kid?

C

Do I ever.

A

Exactly. So they were going after trains. We had the mob going after cargo theft in the 60s. And now, of course, we have organized crime groups that are targeting cargo. And now we have a cyber criminal angle where they're partnering and working with these organized crime groups to do some of this stuff. So, yeah, so we published some new research on this, and it's actually really interesting. And I'm curious, you guys, are you familiar with this at all? Was this research surprising to you?

B

It's a little surprising to me, but like you mentioned, you know, like, organized crime is always going after, you know, cargo diversion or trying to, you know, get that new, like, truck full of nice suits or cigarettes or something like that. So to see the cybercriminals pivot into this is kind of just that next evolution, which was very fascinating to me.

C

I read your research, Selina, the proofpoint research, and actually we covered it on the Cyberwire Daily. And I guess in my mind, sort of like what Keith is saying, when I think of cargo theft, I think of the Sopranos and a couple of guys pulling over a semi truck and telling the driver to take a walk while they unload the back of the truck, you know, full of flat screen TVs or something like that. I mean, Keith, is that a reality from your days in law enforcement? Like, does that do those things are trucks actually, like, forcibly pulled over and just robbed?

B

Absolutely, yeah. You know, robbed or, you know, they. They bribed the driver and, you know, so what? You know, one of the biggest heists ever, I think, in US History was the mob. You know, I can't remember the details, but I just remember it was something at JFK where there was a bunch of goods that they stole. And I just can't remember the details off the top of my head. But, yeah, this is a common thing for organized crime, for sure.

A

Well, and what I thought was actually really interesting, so I went into this thinking, well, first of all, it was really interesting to me because the RMM payloads and some overlap with a threat actor that was previously delivering ransomware, sort of affiliated types of payloads, like Danabot, for example, right? These payloads that were initial access that could be used for ransomware. So in my head, I was like, oh, okay, this threat actor is targeting cargo freight theft. Like, maybe they're. They're doing this for ransomware just based on the payloads. And then it. That Actor kind of disappeared a little bit. And then we saw this resurgence of cargo targeted theft using rms. And I was like, oh, okay, like, did ransomware threat actors pivot to RMMs? And then we started investigating more and more about the actual activity, what they were doing, and some of the overlap with publicly reported data. So Reddit is a great place for intelligence gathering and open source intelligence. I have to say. There are so many subreddits about so many things and including cargo, so.

There are many, many people who are kind of sharing their experience. There's also some posts on Facebook that were talking about, oh, my company or my friend's company was hacked. And this is what the threat actor did. And there was one particular Reddit post that really caught our eye that we were able to sort of link together. Together was happening. So essentially this person described that the attacker compromised the company via an RMM delivery. They deleted existing bookings and blocked dispatcher notifications. They added their own device to the dispatcher's phone extension. They booked loads under the compromised carrier's name and coordinated the actual transport. So they were telling people, here's where you go to pick this up and drop this off. So it's really interesting to kind of see this whole, the summation of, okay, the threat actor is using this RMM to do a full takeover. And then actually they know the industry enough, they know these companies well enough, and the process of how this dispatch and carrier and brokering works to do all that themselves.

C

Well, can we walk through, like, a sample of this? So let's say that I have ordered a container full of dips to come over from overseas. Right. All my favorites. And this, this container is coming over on a container ship, and I'm expecting it to cross the Atlantic and then be trucked to my warehouse where I will consume them.

What happens to, what are the bad guys doing to get in the way of all of that and how does it play out?

A

Yeah, so there are a lot of different ways potentially that a threat actor could do this. So first of all, the actual compromise has to happen. So let's say the threat, the threat actor has already taken over this. And they say, I got eyes on this, on these dips, I want these dips. So what they'll ultimately do is they will either do something called double brokering, where they will basically buy and then sell and make a profit a little bit on that cargo. And the person that is actually participating in the double brokering doesn't maybe even know that a, it's being double Brokered or B that it's a criminal activity. B it's entirely possible that they work with people and they'll pay somebody to go, they'll book somebody to go pick up those dips and then drop them off at a warehouse that is owned by the criminals that they're actually working with. In that case, the driver might not know that they are, you know, working for somebody who's actually doing this maliciously. They just think that it's, you know, a legitimate booking. So, okay, I'm going to go pick this up and drop this off and have no interaction with any criminals myself. And then finally, they could potentially be using somebody that is in on it and then they would then get a cut of whatever the profits are. So there are many ways that this could theoretically happen, but what we see a lot of is the actual sort of fake bids, the email threads, either the threat hijacking or the bids that are posted maliciously on these load boards to try and engage people with actually kind of doing the initial compromise. So we don't necessarily observe the follow on activity, how it gets to the warehouse or wherever it's being shipped to. But based off of public reporting and a lot of information that has been shared in congressional hearings as well as some really interesting reports in various Media, I think 60 Minutes did a pretty good sort of overview about what this is and how it works. Yeah, it's really pervasive. And I want to highlight here too that cargo theft in General is a $35 billion loss sort of crime annually according to the National Insurance Crime Bureau here in the US So it is big money and that's all. Not just cyber enabled, but all cargo theft.

B

So when you think about this, it's fascinating to me because you just kind of look at the evolution of the cyber threat actors where generally they've gone after the finance departments, but now they're pivoting to supply chain procurement, dispatch operations, really all sectors with weak security. So a lot of people probably in shipping and logistics, they're not really cyber savvy, they're not really thinking about cybersecurity from that. The other interesting thing in this is kind of the pivot to the goods, like you were saying. So when you think about it from a cybersecurity, like a cyber criminal group, now you have goods that you've stolen that now makes it easy to launder the money because now you have, you've purchased your inventory allegedly, you know, like for free from stealing it, and now you're able to put this up in maybe online marketplaces or maybe even physical storefronts, sell that and then you have your profit. So really everything is being laundered through these operations. And it's much more evolved than just trying to go in, hack into a computer and then wire that money out there and then trying to launder that money. And so this kind of reminds me a little bit of a pivot. Some of the Russian cybercriminals, a number of years ago, what they were doing was they were using stolen funds from their bank accounts, like from transferring from stolen bank accounts to buy goods to then ship that over to Russia and then sell it. And then, you know, that's how they kind of laundered their money. So this is kind of like a little bit of an evolution on that scheme.

A

Stick around after the break.

C

And now a word from our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops rent somewhere in its tracks. ThreatLocker Protect is the core threat locker product focused on endpoint security, designed to prevent unauthorized software from running, control how applications interact and manage access to storage devices. Its building blocks are allow listing, ring fencing, and network control. Allow Listing is a deny by default software that makes application control simple and fast. Ring fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network control locks down access by port, source, IP, or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class endpoint protection from ThreatLocker. And we thank ThreatLocker for sponsoring only malware in the building.

As Keith says, the pivot to physical goods. And it makes me wonder because in my mind that's extra work and that's an extra vulnerability, that something is actually existing in the real world as opposed to, let's say, cryptocurrency, you know, something like that, or even just sending money around the world electronically.

Selena, do you have any sense whether or not the folks who are handling the cyber part of this, how much they're keeping that part of it containerized, if you will, like self contained. In other words, we'll handle the hacking part, but you got to take care of the actual shipping goods yourself or. Or is it more blended in?

A

That's a really good question. So I do not have visibility into that particular aspect of it. But one thing that is kind of notable is that the activities of the ttps that we're seeing, the tactics, techniques and procedures used by these threat actors do have some overlap with non cargo targeted stuff. So, you know, the, for example, the, in the huge spike of remote monitoring and management tooling. You and I have talked about how there's a lot of advertisements on criminal forums that are like, hey, I'm looking for this particular RMM or this particular RMM got shut down, it doesn't work anymore. Like, what's a good alternative? There's also a lot of like similar lore themes that are being used. Some, you know, interesting like hosting and some infrastructure pieces that, that are not necessarily exclusive to the cargo threat actor that suggest, okay, they're probably operating or exist in these cyber criminal spaces that have overlaps with more sort of traditional cybercrime and they're just kind of appearing in this cargo focused threat landscape. So it's totally possible that they are kind of just selling out their services to these different threat groups. And you know, they're not necessarily located in country or they don't even know the people that they're really working with, but they're just sort of selling their services or they got connected in some way. So we don't have great visibility there. And it's not necessarily like, oh yeah, these guys are definitely doing like ransomware, a different type of cybercrime, right? Like we are seeing them using the RMM delivery targeting cargo. But it is sort of interesting that they're using very similar techniques to what we're seeing across the cybercriminal threat landscape. And you know, I, like I mentioned early on, like, I initially thought like, oh, are these guys, are they trying to ransomware? Like, is that, is that kind of what they're doing? Just because, you know, the ttps and initially the malware that was used, we've also actually seen this sort of expand. It's not just this one particular threat actor that's doing this. We see multiple different other clusters that are doing this type of activity. And again not just in North America, that's what the report focused on, but we are seeing it, you know, more broadly. So it is really interesting and it does appear to be growing.

B

I was fascinated. Like the one point that in your one article that you had was that shipments were going to West Africa. What made me think of again working West African criminal organizations of just kind of looking at some of this may be being done by West African criminal groups that, that started out, you know, you think of, you know, the lottery scams, the romance scams, but then doing bec. And so a lot of the techniques are very similar to what we saw in B.C. bEC attacks where they were installing malware in order to get visibility into shipments or diversion like that, you know, the request for quotes, you know that, I think the article on that, you know, so the West African criminal groups are set up and I'm not saying for sure that this is attribution for that at all, but it's, it's making my spidey sense kind of go up if we've seen shipments go there because they are, they are very well organized organized crime groups that can do this because you know, they have their operators, they have their technical operators that could do, you know, exploitation, you know, installing the RMM tools. They also have really good call centers and social engineering, finance cash outs in like logistic and freight forwarders. So, you know, they do have the infrastructure in place to be able to do that. And so it got me wondering whether this is an evolution now of, of those schemes because people are getting better at the BEC scams, detecting those, stopping that, those financial transactions. So now maybe this is going into, into cargo. So that's just some of my hypothesis because some of the, some of the actual checks and balances things to put in place as a company which we could talk about are very similar to stopping BEC are almost identical to being able to stop these things as well.

A

Yeah, I just wanted to call out. So the RMM stuff is separate from the net RFQ stuff that Keith, you're mentioning about, about how it gets sent to West Africa. So we haven't really fully delved into that yet. So let me just kind of tldr that for everybody because it is actually really interesting and it is a little bit different ttps. So for the RFQ scams, which are requests for, quote, basically a threat actor is going to impersonate somebody, kind of do like almost an identity theft basically. And so they will send a sort of net rfq. Like I need financing for these goods to then sell and to, you know, to profit and mutually beneficial business arrangement. And so then the business will respond and ask for financing information and then stolen information, this identity that, you know, that the stuff that they stole is actually provided to the business. The business thinks it's real, they approve net financing terms and the items are actually shipped. So this is where the sort of physical goods theft again kind of comes in from these scammers. So the items are received, right, and either dropped at a warehouse or a mule house or something like that. And then they are again sent overseas, you know, to your point, potentially like the West African shippers. And then of course the communication is completely cut off from from the target. Right. So. So yeah, so you have these like two types of physical goods theft. So you have like the cyber enabled cargo theft and then you have this like net RFQ scam trying to steal physical goods. And these are two distinct threat clusters. But to your point, Keith, the RFQ ones do align very much with BEC types.

B

West African groups. Yeah, yeah.

A

Types of activity.

B

Yeah. Now be curious, I mean, just that neither of us have any visibility right now into the RMM diversions of where all those cargoes are going. And if they are coming here to the States, probably, chances are, you know, that they're recruiting mules and reshippers that will then take that cargo and then redistribute it overseas as well. Because again, from a cyber criminal, you know, they've been doing that for years. So that would be a natural progression to now just hijack that, that shipment, you know, send it to, you know, a warehouse and then have people say, hey, you know, we're recruiting you to process. We have a shipment coming in. And now, you know, you need to reship this out. The goods are coming in and laundered that way. You know, I just don't have any visibility on that. But I'm just thinking that that's probably how some of this scheme is working.

C

Well, if going back to my shipment of dips and I'm sitting here waiting for them hungrily and they don't show up when they're supposed to, and I go back through the chain to try to figure out where things went wrong. Is this a matter of, you know, I call the guys down at the docks and say, hey, did my dips ever show up? And they say, yeah, they absolutely did. And the truck came up and picked them up, came by, picked them up, and drove away. Is that a likely outcome here? That it was a phony truck driver or what are we talking about? Any, any insights, Selena?

A

Yeah, so that is definitely one possibility. And it's interesting too, because you see reports again on social media where have posted, oh, I tried to call, I tried to call the carrier and you know, they said that they have been getting 50 calls a day about this because, you know, their, their accounts were taken over and somebody was pretending to be them. And then, you know, we're kind of like running this fraud and, you know, trying to rebook things or, you know, target specific loads. And you know, like I mentioned earlier, they had, you know, the, the person on Reddit had mentioned how they really took over their phones too. So, you know, you might be Calling somebody, thinking that you're calling dispatcher, calling the real person, but you're actually talking to a threat actor. So there are many of these cases that have been, you know, shared and discussed online where it's like, yeah, they fully took over everything, completely shipped it to the wrong place or, you know, people were, were missing goods or, you know, it, they just sort of disappeared. And it's also entirely possible that there are multiple groups that are doing this that have, you know, some are doing double brokering, some are working with drivers, and some are just, you know, using them surreptitiously. They have no idea. But it is a pretty big problem and people are losing quite a bit of money. And one thing that I thought was actually pretty interesting too when I was doing this research is like, it's not necessarily like, you know, high end electronics or, you know, really expensive clothes. Like sometimes it is, obviously. But one, one of the things that I thought was really funny was energy drinks. Like I was reading some testimony from IMC Logistics that was some congressional testimony from earlier this year which actually mentioned like, energy drinks are something that are regularly targeted because many of them are not legal in countries outside of the US and so they can get those energy drinks and then resell them on the black market or in other ways, you know, getting them in the hands of people in other countries. And to me, that was so interesting because I'm like, energy drinks, that seems like not that profitable. But in addition to, you know, like our phones and tablets and sneakers, like energy drinks.

B

But think about it, they are making 100% profit though.

A

That's true. That's true. Yeah. Yeah. So maybe your dips would be, would be very profitable day because according to Meena Gari, global cargo theft hotspots are Brazil, Mexico, India, Germany, Chile, the US and South Africa. But the most targeted commodities, our food and beverage products.

C

Really. See, that surprises me because I would think that you'd go after something that wasn't perishable.

A

Yeah, well, I think, you know, part of that is, okay, once you eat the dips, they're gone.

C

They're gone. Right, right. The evidence. You eat the evidence.

A

Yeah.

C

Keith, who runs down this kind of stuff, this criminal activity, who's going after them?

B

The interesting thing is probably, you know, this is going to be global because if you're talking about shipping overseas, things like that, or even just shipping in the United States, you're going to be going across, you know, state borders. So this is going to be a federal crime, naturally. So this would be the FBI. And you know, what you're going to have to look at is, you know, this kind of, this cyber enabled crime is kind of what we were talking about when I was at the FBI where we, where you have to have two divisions at the FBI Cyber Division and Criminal investigative really kind of team up because at the end of the day, usually the shipping diversions, that's going to be a criminal investigative division of the FBI. But when we're talking about doing an intrusion and doing RMM installs, you know, and exploiting computers to do this, that's a traditional cyber function. So you really have that cross between the two divisions which is going to be very imperative of sharing that intelligence back and forth between that. So kind of putting together a task force as you know, these threats start having bigger losses of really being able to track that because naturally, again, this isn't going to just be some hacker in the basement diverting cargo shipments or you know, shipments. This is going to be some kind of an organized crime group because you're going to need logistics and call centers and, and technical support and things like that. So because it's a little bit more of a sophisticated thing. So this is going to be that organized crime aspect that Criminal Investigative division traditionally has done. And then you're going to need to use your partnerships because if you're having a diversion from a US Company and then something being delivered overseas, you need to really have that partnership with law enforcement partners overseas. So I'm going to be really interested to see how this blows up really in the next six to 12 months and see how many resources that, that the, that the government throws at this. But this is a very interesting angle that could have big losses.

A

There was an interesting document that I found while doing this research and it was published in like the early 1970s as this microfiche that had been scanned and published online. Yes, old school, very old school school. And they published, the Department of Justice and the Department of Transportation published Cargo Theft and Organized Crime, a desk book for management and law enforcement. And it was, it was really interesting because it talked about some of the history of this and also kind of incorporating like the organized crime angle, but from more of like the mob or like, you know, some, like you mentioned the Sopranos, some of these, these types of figures. Right. Like, if we think about crime from a historical perspective, like cybercrime is, is relatively new, you know, and these guys are, we're doing this for a while. So it's really interesting because they, they published these like guides on like how law enforcement can sort of like combat this type of threat. And I thought it was really interesting because it's still very relevant even though it was published, you know, on talking about cases from like the 60s and 70s. But it's still very, very much relevant in terms of like all the different, you know, the Department of Transportation, the Department of Treasury, Department of Justice, like how all these different entities sort of have to work together in collaborating and combating this crime.

B

I know I would have loved to work one of these cases. It just sounds. There's so many different angles that are moving that I just think would be fascinating to look at this organization and see how it's working and try to attack that. I know just like, you know, some things I think that we could tell our listeners, you know, to be thinking about here because we know the threat actors are using rmm and just like we had spoke about it at a previous episode, you know, I think it's really important for the cyber security and the network defenders to really limit who could install RMM software, you know, on the systems, you know, use application listing, enforce, you know, MFA on all remote connections as well, and really monitor any new RMM installs. I think, you know, those are really important. And then, you know, be talking, you know, from a cybersecurity standpoint, be talking with your supply and logistics to really look at, you know, you know, rotating and managing credentials carefully, you know, verify load postings through callbacks and like a trusted broker, like networks and things like that. Just kind of like how you would do with, you know, with, with the BEC cases. You know, anytime somebody would change a, a bank account that you were normally sending it to, physically pick up the phone and call and, you know, and verify that. And then, you know, finally really just kind of train the frontline staff and empower, you know, procurement and, you know, train the sales procurements, accounts receivable on these new schemes so that, you know, they're aware of different things, you know, the different indicators. So. And maybe even, you know, do a tabletop exercise between cyber and logistics. So those are some of the ideas that, you know, I was thinking of about that that could help in detecting and preventing these.

C

I guess you kind of have to walk that line between being vigilant with your security but also not putting too many things in the way that you're going to throw sand in the gears of the supply chains.

A

Well, one of the things that I thought was interesting because a lot of the comments were referencing this, a lot of the public experiences Is that it moves. F people want loads, they want business. Things are moving super duper fast. And so oftentimes that's how these things kind of fall through the cracks, is people aren't necessarily checking or they just kind of want to pounce on them as soon as possible. And that does play a role from like a social engineering perspective is like, well, we can convince somebody if they're already in this heightened sense of, oh, I have to. I have to make these deals. I gotta, you know, I have to. I have to close this, I want this bid, whatever, then they can kind of manipulate that. And that's how it can be very effective. But, you know, one thing that I like to talk about is like, if you. If something. If something feels a little bit off, like, if your sixth sense, if your spidey sense is tingling, then, you know, you should take a breath, take a step back and figure out a different avenue to verify that. Whether that's like texting somebody that, you know, whether that's calling, not necessarily the number that's listed in the bid or the email, but, you know, calling directly a different. A different phone number that you can verify that. Yeah, this is really authentic. But yeah, if your spidey sense is tingling, it's a sign.

C

But Selena, greed. Selena, greed.

B

Nobody wants to be the Grinch this Christmas either. You know what I mean?

C

So perhaps my spidey sense is tingling because of greed and all the money I'm going to make from this deal.

A

Yes, yes. Santa Claus definitely needs to check and make sure he's picking up correct authentic packages.

B

Yeah, I think the grins was probably one of the very first diversion of cargo theft right at Christmas.

C

Yeah, he social engineered the heck out of little. What was it? Little Cindy Lou who?

B

Yeah.

A

We will be right back after this quick break.

C

All right, well, anything else we want to share here with our listeners in terms of prevention or being able to keep an eye out for this. Selena, what are the takeaways from your research?

A

Yeah, I mean, Keith definitely did a great job laying out what organizations can be doing. I would just like, just, you know, let people be mindful that this is increasing. This is a threat that we are seeing more of, not just in North America, but expanding globally. And, you know, to validate and make sure that you are really talking to the person that you think that you're talking to is extremely important. And also too, you know, I think we're talking about it from like a supply chain perspective, but really what ends up happening is these losses mount up and yes. Okay, they might be. They might go to insurance, so they might get their money back or whatever. But ultimately what ends up happening is things get more expensive anytime that there's disruption and impact and losses across the supply chain, the expense ends up getting pushed onto consumers. And so I think that, you know, those of us who don't really think about where our turkeys are coming from maybe might not necessarily be aware of that. But you have all of these things. Like, it comes from a container in the ocean, it gets picked up at the, you know, as a cargo shipment, it gets driven across state lines, somebody else picks it up, and then it, you know, winds up in our closets or on our plates. And I think that that whole process is a really a black box to a lot of us. And so, you know, thinking about where this stuff is coming from and why some of these crimes actually have impacts beyond just the organizations that are actually being hacked and impacted. But ultimately it can be a consumer impact as well.

C

Don't buy black market dips.

A

Definitely don't do that.

You never know where they come from.

C

No. Better safe than sorry. All right, well, thanks, everybody.

A

Thanks so much to all our listeners. Thank you so much for listening. Happy New Year, happy holidays, and we will see you back here in January. And that's only malware in the building, brought to you by N2K CyberWire. In a digital world where malware lurks in the shadows, we bring you the stories and strategies to stay one step ahead of the game. As your trusty digital sleuths, we're unraveling the mysteries of cybersecurity, always keeping the bad guys one step behind. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you ahead in the ever evolving world of cybersecurity. If you like the show, please share a rating and review view in your favorite podcast app. This episode was produced by Liz Stokes, mixing and sound design by Trey Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher.

C

Thank you to Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring only malware in the building, visit threatlocker. Com.