Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.
Laundering the spoils from cybercrime can be a dicey affair, fraught with unreliable middlemen and dodgy, high-priced services that take a huge cut of the action. But large-scale cybercrime operations can avoid these snares and become much more profitable when they’re able to disguise their operations as legitimate businesses operating in the United States, and increasingly they are doing just that.
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who don’t bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about the source of these attacks.
While the data from the past month again shows why that wisdom remains conventional, I believe the subject is worth periodically revisiting because it serves as a reminder that these attacks can be stealthier than they appear at first glance.
Would that all cyber crimes presented such a tidy spreadsheet of the victim and perpetrator data as neatly as does profsoyuz.biz, one of the longest-running criminal reshipping programs on the Internet.
Launched in 2006 under a slightly different domain name, Profsoyuz is a business marketed on invite-only cybercriminal forums to help credit card thieves “cash out” compromised accounts by purchasing and selling merchandise online. Most Western businesses will not ship to Russia and Eastern Europe due to high fraud rates in those areas, so businesses like Profsoyuz hire Americans to receive stolen merchandise and reship it to those embargoed regions.