Stop right there
As we trudge through the cold dark days of the end of Winter, many of us are spending increasing amounts of time attached to our devices tinkering. Quite a lot of us are tinkering with Crypto currencies, even with relatively small amounts of investment.
This includes people who may not be as technically savvy as the average reader of this blog. If you know someone who falls into the category, we would urge you to take the following seriously. This is a highly organised and well funded criminal campaign designed to relieve small time investors of Bitcoin.
For the past four months(ish), Crypto investors, or people matching Facebook’s Artificial Intelligence criteria, have been seeing adverts (or ‘promotions’ if you have been desensitised) for a new ‘Amazon Crypto token and AI investment bot offering pre-sale ‘Amazon Tokens’.
The structure and attention to detail of these campaigns is really quite staggering, imitating legitimate pages of worthy news sources such as The Grauniad, it really looks real. But it isn’t.
Astonishingly, Facebook/Meta/Whateva has done very little to stop this activity and many people have fallen into the trap which, of course, involves The Mark (you, your family, your friends) parting with Bitcoin for nothing, all anonymised by the wonders of the ‘can do’ Blockchain.
Without having to bang on about looking at complete URLs and other stuff that many people we know will not do, no matter how many times we tell them, the takeouts from this scam are these:
- Amazon is not starting a crypto currency or an AI investment engine.
- Bezos has not left Amazon.
- You cannot trust Facebook adverts.
- Tell your friends and family.
- If it looks dodgy, stop right there before you go any further.
We have seen this blatant fraud attempt in the wild on many occasions now ourselves so please heed this advice.
Regular readers of this, or any sensible security blog for that matter, will know that we shudder when terms such as: ‘Agile’, ‘Container’, ‘Open Source’, ‘Internet facing Cloud service’ and ‘cost cutting’ are used together in any combination, let alone ‘Scrum Master’.
Last week a new Kernel level vulnerability (CVE-2022-0185) was announced that may allow breakout from one container to another on Linux based systems. Both Red Hat and Ubuntu recommend immediate patching.
Should you run containers on these platforms, you should get on it like a Bat Out Of Hell. After the past year, you should know what you are running and where!
Asset and vulnerability management combined with automated remediation is the only chance we have in this world of ruthless cyber criminals, script kiddies, opportunists and Nation States.
Tiberium’s FROST and MYTHIC services deploy in hours, not weeks, and provide automated responses to threat activity.
Microsoft also has a containerized version of Defender – Microsoft Defender for Cloud which manages the posture and threat of your containers, something that we predict will become very important.
We would love to show you our industry leading innovation and services.
Please contact us for an entertaining demonstration, even IRL should you fancy.
RIP Mr Loaf.
