Dragon News

Dragon News

An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.




Dragon News

Two Bites of the Cherry, how Criminals Could Abuse Access to Stolen Goods

Jenny O'ConnellJenny O'Connell

Scams that allow miscreants access to physical goods (often to sell on as a mechanism by which to monetize compromised card details) have been in existence for a long time. Brian Krebs recently gave an interesting overview of ‘reshipping’ schemes. These scams involve delivering fraudulently purchased items to unsuspecting mules, the mules forward the parcels on to the criminal, who sells the goods on the black market for a tidy profit.

Typically, to make the scheme worthwhile, the goods selected will be small-size and high-value. Technology fits neatly into this category, laptops being a popular choice.

So far, so obvious.

But consider for a moment another trend we’ve seen recently, that of legitimately purchased computer equipment arriving preinstalled with malicious, or at least unwanted, applications.

How much harder would it be for the criminals running the mules to convince them that the items need a ‘patch’ before delivery? Suddenly the ruse changes from work-at-home admin jobs to work-at-home tech jobs. The criminal receives a chunk of cash when they sell the item, and perhaps more if the malware scoops up the bank details of the purchaser too.

Interestingly, news broke recently of an update to the Dyreza malware, which specifically targets the IT supply chain, potentially allowing for the diversion of shipments. Imagine that, a whole consignment of new laptops being sold preinstalled with Dyreza.

So, what can we do?

First off, don’t be a mule. Be very wary of to-good-to-be-true work from home job offers. It’s helping criminals, and they aren’t interested in honoring that promised paycheck. Get the word out to students, stay at home parents, anyone who could be tempted.

Secondly, don’t purchase a device if you have any qualms about its provenance. Again, it’s only helping criminals, and they aren’t interested in your well-being, any more than they were the card-holder they scammed.

Finally, don’t assume that the information you hold isn’t valuable, just because your job exists in logistics or manufacturing, rather than IT, finance or HR. It doesn’t take too much creative thinking to dream up a potentially under-handed use for it.


Interested in knowing more about upcoming threats and how they could affect your business? Why not check out Team Cymru’s Enterprise Intelligence Service.

Photo Credit: Robert Couse-Baker, ‘Cherries’, used under creative commons license 2.0