Tag Archive for: couriers

A Look into Top Couriers’ Digital Footprint

/in


Just as no man is an island, no company can perform core functions without other organizations’ help. This fact is highlighted in today’s age of outsourcing, partnership, and third-party connections. Unfortunately, threat actors have also found a massive opportunity in these relationships. Targeting a third-party vendor often allows them to target the vendor’s clientele.

In this post, we used our Third-Party Risk Management (TPRM) solutions to look at some of the popularly used express mail courier services that several companies worldwide partner with — FedEx, DHL, China Post, and UPS. These companies are often targeted since they have thousands, if not millions, of personally identifiable information (PII) in their records. In August 2020, for example, a Canadian courier became a victim of a ransomware attack, giving threat actors access to its customers’ personal details.

Potential “Unknowns” in the Digital Footprint of FedEx, DHL, China Post, and UPS

We gathered a total of 24,601 domains and subdomains containing the words “fedex,” “dhl,” “chinapost,” and “ups.” A vast majority of the subdomains were not owned by any of the courier companies, as confirmed by a bulk WHOIS lookup.

Indeed, only 40 domains appeared to be managed by the legitimate companies, as they matched WHOIS record details with the official couriers’ domain names. This number represents less than 1% of the total number of subdomains in our dataset. The table below shows the breakdown.

Company # of domains with matching WHOIS record details Percentage match
UPS 38 0.15%
DHL 1 0.00%
FedEx 1 0.00%
China Post 0 0.00%
TLD

We studied the top-level domain (TLD) distribution of the domains and subdomains obtained and ran them against the most abused TLDs known to direct visitors to phishing and botnet command-and-control (C&C) servers. Seven of the most abused TLDs made up more than half (53%) of the total number of subdomains.

The pie chart shows the TLD distribution of the subdomains under the .com, .net, .org, .de, .ru, .info, and .eu TLDs against all other TLDs not included in the list of most abused.

All seven TLDs were among the most abused by botnet operators. The .com TLD was also most favored by…

Source…

Hackers should beware bogus UPS couriers bearing handcuffs…

/in

Alexander J Martin of The Register describes the arrest of British student Lauri Love, who allegedly hacked the FBI and NSA, and is wanted for extradition by the United States:

Lauri Love was arrested on suspicion of offences under the Computer Misuse Act 1990 early in the evening of 25 October 2013, when a National Crime Agency officer wearing dungarees and posing as a UPS courier told Love’s mother that Lauri himself had to come to the porch to collect his delivery.

In his dressing gown and pyjamas, Love confirmed his identity and was then informed of the ruse and handcuffed. Over the next five hours a total of 14 NCA officers attended the property wearing agency-branded windbreakers, which were easy visible to the neighbours.

Six of these officers had been tasked with searching for digital media which are alleged to contain evidence that the 28-year-old had criminally accessed private sector, military and government computer systems in the United States.

The agency believed their courier ruse had been necessary because, they claimed, intelligence had suggested that Love’s computer equipment could be encrypted “at the press of a button” which, if activated, would “frustrate the object of the search,” though even with this successfully executed approach the officers still collected encrypted devices.

Quite what UPS thinks of its brand being used by the police in this way is unclear…

Last month, the National Crime Agency (NCA) failed in its court attempt to force Love into disclose his passwords, and decrypt seized computers. The extradition proceedings, however, are ongoing.

Graham Cluley