Pete Recommends Weekly highlights on cyber security issues, January 16, 2022

Subject: The Spine Collector: Man arrested for using fake email addresses to steal hundreds of unpublished manuscripts
Source: Bitdefender blog

For years, “The Spine Collector” has been haunting publishers around the world, attempting to steal manuscripts by famous authors.As Vulture describes, for years somebody has been attempting to get their hands on upcoming books by the likes of Margaret Atwood, Stieg Larsson, Sally Rooney, and Ethan Hawke by creating fake domain names that appeared – to the unwary – to be those of companies in the publishing industry.

More than 160 fraudulent domains are said to have been registered in an attempt to impersonate real entities and individuals from the world of publishing. The domain names were confusingly similar to genuine domains, often using simple tricks such as replacing a lowercase “m” with the lowercase letters “rn”.

For instance, a domain like “” could be easily mistaken for “”.

By sending convincing emails that posed as industry colleagues, the fraudster known as “The Spine Collector” was able to trick publishers and others into handing over manuscripts of books.

Subject: Fake QR Codes on Parking Meters
Source: Schneier on Security via Bitdefender blog

Fake QR Codes on Parking MetersThe City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.


Subject: Privacy myths busted: Protecting your mobile privacy is even harder than you think
Source: CNet via beSpacific

CNET – “With increasingly invasive digital surveillance from advertisers and law enforcement over the past few years, securing your mobile phone from privacy threats in 2022 should be a key resolution. But don’t stop short. Changing a few settings in your phone and apps isn’t enough. To get the most privacy, the key ingredient to add is a suite of encrypted apps. Securing your phone’s privacy from groups like your internet service provider and law enforcement is a three-part process. First, …

Subject: CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
Source: CISA

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA’s Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.

Subject: Google Drive accounted for the most malware downloads from cloud storage sites in 2021
Source: TechRepublic

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.The more that cybercriminals can take advantage of a legitimate service, the better their chances of tricking people into falling for their scams. That’s why popular services from the likes of Google and Microsoft are exploited in malicious attacks. In fact, Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope.

This increased use of cloud applications has naturally excited cybercriminals, who have eagerly abused these apps to deploy malware. For 2021, cloud storage apps accounted for 69% of cloud-based malware downloads, down only slightly from 72% in 2020. These services are ready-made targets for exploitation as attackers can easily create free accounts, upload their infectious payloads and then share malicious documents with potential victims.

With cloud-based storage apps such a tempting target for exploitation, how can individuals and organizations protect themselves against malicious documents? Netskope offers the following tips:


Also see:

Subject: Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes
Source: The Hacker News

The European Union’s data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity.”Datasets older than six months that have not undergone this Data Subject Categorisation must be erased,” the European Data Protection Supervisor (EDPS) said in a press statement. “This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline.”

Subject: The Dirty Work of Cleaning Online Reputations
Source: The Walrus via beSpacific

The Walrus – “For a fee, companies will tackle damaging search results. But is the new economy of digital makeovers making things worse?…Cleaning up your image, however, is not cheap. A serious campaign can cost between $10,000 and $20,000 or more and will usually run for at least four to eight months. Matt Earle’s twenty-four staff members deploy a suite of tactics to dilute or outright remove unwanted content. They have methods for contacting satisfied customers and encouraging them to leave positive reviews to bump up star-rated averages. They are also able to tweak Wikipedia entries in ways that pass muster with the website’s volunteer editors, who can be relentless about deleting puffery. Appeals can be filed …

Subject: Law Enforcement and Technology: Using Social Media
Source: CRS Report via beSpacific

CRS Report – Law Enforcement and Technology: Using Social Media, January 11, 2022: “As the ways in which individuals interact continue to evolve, social media has had an increasing role in facilitating communication and the sharing of content online—including moderated and unmoderated, user-generated content. Over 70% of U.S. adults are estimated to have used social media in 2021. Law enforcement has also turned to social media to help in its operations. Broadly, law enforcement relies on social media as a tool for information sharing as well as for gathering information to assist in investigations…”

Subject: You can actually make that old laptop last longer – There are ways to maximize the lifespan of your existing laptop so you don’t have to buy a new one just yet. We’ll explain.
Source: CNET

The longevity horizon of a laptop is analogous to the longevity of a human: It partly comes down to responsible behavior, partly genetics and partly just dumb luck. There’s no guarantee that anything you do can save it from dying young or failing to keep up with increasingly demanding tasks. And there’s no guarantee that if you treat it like crap it won’t last far longer than expected — in 10 years you might find yourself cursing it. “Fail already you slow POS so I can justify buying a replacement!” That’s the argument I have daily with my 7-year-old iPad.

Posted in: Big Data, Competitive Intelligence, CRS Reports, Cybersecurity, Email Security, Government Resources, Legal Research, Privacy, Social Media