Welcome to Codebook, the rootin', tootin' cybersecurity newsletter.
Today's Smart Brevity: 1,084 words, ~4 minute read
Illustration: Aïda Amer/Axios
Email scammers are just like any other small businesses: They need leads, and commercial lead-generation services — the same kind many salespeople use — are providing them.
The big picture: Email scams targeting businesses, usually referred to as business email compromise scams, can seem unsophisticated. They typically take the form of fake invoices or emails from executives asking for money transfers. But like any other kind of enterprise, they care a lot about finding new clients — or, in their case, victims.
Details: "Of the West African groups we've profiled, nearly all of them use lead-generation sites," said Crane Hassold, senior director of threat research at Agari, a firm that tracks how email scam groups operate.
The groups could craft and refine a single spear-phishing email that would work against a wide variety of similar executives just by substituting different company names and small details.
What they're saying: Codebook reached out to six lead-generation firms that criminal groups used in the past, as identified by a security source that asked to remain anonymous to protect its information-gathering operation. None of the firms responded.
The bottom line: Business email compromises reported to the FBI cost firms more than $1.2 billion in the United States alone in 2018, double the proceeds of 2017.
Rep. Will Hurd. Photo: Bill Clark/CQ Roll Call/Getty Images
Late last week, Rep. Will Hurd (R-Texas) was announced as the keynote speaker at the Black Hat cybersecurity conference. One day and a controversy over his voting record later, he was taken off the card.
Hurd responded this week with a Fox News opinion piece calling for bipartisan communication and understanding.
The big picture: Outside of agreeing with Democrats by opposing a border wall, Hurd generally isn't considered a controversial figure. His votes on several women's issues, including abortion, align with the pre-Trump national Republican mainstream.
Why it matters: Black Hat removed Hurd after a flash controversy about his votes on women's issues. And that raises a number of uncomfortable questions.
The bottom line: It's possible that the conference made the wrong decision in inviting any elected official and the wrong decision again when it removed Hurd from the card.
Turla, an espionage group typically attributed to Russia, took over the attack platform of OilRig, an espionage group typically attributed to Iran, during Turla's newest wave of attacks, according to a new report from Symantec.
The big picture: Symantec says this is the first time it has seen one nation's hacker team steal the attack infrastructure used by another nation's group. It's an unusual step that could potentially make figuring out who is behind an attack more difficult.
Details: Turla appears to have co-opted an OilRig command and control server and used OilRig infrastructure to launch its own attacks.
The U.S. hacks Russian grid: The New York Times reported that the U.S. had implanted malware into the Russian electric grid as a potential deterrent against continued Russian cyber operations against the U.S. (NYT)
Florida announces election funds: Florida Gov. Ron DeSantis (R) announced $2.3 million in new election security funding, raising the state's investment to $5.1 million. (The Hill)
Microsoft resumes selling Huawei: Redmond announced it would resume selling laptops already in stock from the beleaguered Chinese supplier. (CNBC)
We'll be back next week. Yee-haw.