Feed aggregator

 Sometimes one has to wait for a Kickstarter to end then wait a month for the supplement to get published to really access the full weight of its impact on the market place. Not so with the classics & in this case Frank Mentzer's Immortals box set has been playing with my mind. And here's the line that's been doing it;"The Player's Guide to Immortals lays out the basic information needed to Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

The KnitCrate Quick-to-Stitch Knit and Crochet Club is a fun way to get a yarny surprise in your mailbox every month! Watch my live unboxing, learn more, and enter to win one on Moogly! Disclaimer: This post was sponsored by KnitCrate and includes affiliate links; all opinions are my own. What is the KnitCrate Quick-To-Stitch...

Read More

The post KnitCrate Unboxing and Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2

...very pleased to meet youThe random element in D&D gameplay is one of the great, underappreciated design features of role-playing games. We rarely question its presence, and only notice it when it is absent from a particularly contrarian ruleset. Things could have gone differently: if RPGs had emerged from experimental theatre, randomness would presumably play a much lesser, even marginal role. But random chance in game, character generation, and game prep, is at the heart of the role-playing experience, responsible for a lot of its variety and unpredictability. “Roll a saving throw against poison” is one of the tense moments in any adventure – for a moment, the whole world stops as the fate of adventurers hangs in the balance, and great things are decided by the roll of a 20-sider.
Random and semi-random methods have added a curious layer of chance to running the game as well. The GM runs the game, but even with a pre-written adventure, he does not know exactly what game he will be running. What if the players blow a few crucial rolls and they cannot get through a particular locked door? What if the bad guys roll terribly, and a dangerous foe goes down in a few rounds of desperate melee? What if a random encounter is taken as a major clue, derailing the course of the campaign? These factors, even beyond player decisions, make sure we are kept guessing – and hopefully at the edge of the seat.
And of course, random generation is useful in preparing adventures, from the general framework to the room- or encounter-level descriptions. Random tables – used intelligently – take our mind where it would not go without prodding. What the computer people call “procedural generation” can determine a lot of incidental detail in a lot of CRPGs beyond the basic RNG – going all the way to the construction of random landscapes and political systems. But computers have not been given an imagination yet: they work fast, but they can only regurgitate and combine; they cannot truly create and interpret. And so, tabletop gaming’s random tables remain wedded to a combination of random rolls and the human personality. Your take on “ruined tower, giant snails, archives” will be different from mine, and from one random “seed”, we would build radically different worlds.
Of course, not all tables are created equal. We may try a lot, but we will gravitate to a few which are particularly useful.Some are plain better, more useful than others. This is why I present here my personal list of favourites, all of which I have used extensively due to their usefulness and longevity. No distinction is made here on the basis of age, nor official or unofficial status: tables are a meritocracy. However, there is no order to the choices in this final selection: all are great in their own way, and to rank them further would not be useful. So!
* * *
The Concept Generator: The Locations (Overview) Table (Tome of Adventure Design)

It would take long to sing the praises of the great ToAD, this modern classic of utility products, so let it suffice that its over 300 pages of tables is an inexhaustible mine of what the author, Matt Finch calls “deep creativity” – half-formed idea fragments which emerge into full-blown game material. Like Charles Foster Kane’s Xanadu, its treasures are endless. Someone in the middle, there is a four-page 1d100 table for the generation of random thrones. There is enough in that table alone to create and stock The Dungeon of Thrones, if you wanted to. That’s the kind of book the ToAD is. But there, among the tables for “complex architectural tricks”, “corpse malformations”, “religious processions and ceremonies”, and “mist creatures” – which I am sometimes using – there are some that come up all the time (such as a table collection for generating individual-, item-, location-, and event-based missions), and one that is beyond useful. And this is actually the first table in the book: the “Locations (Overview)” table.

The Locations Overview Table

This is a four-column 1d100 table to create basic concepts for major locations (there is one for dungeon complexes, dungeon rooms, and strange features, of course – the book scales down nicely). It could work as a module title generator, of the “Adjective Noun of the Adjective Noun” variety. I have been using this particular table since its original appearance in Mythmere's Adventure Design Deskbook, vol. 1., and found it a great companion for coming up with the initial building block of future adventures, or just interesting places to scatter in a campaign world. Consider these examples:

• Moaning Chapterhouse of the Bat-Sorcerer
• Collapsing Edifice of the Many-Legged Burrower
• Dilapidated Castle of the Bitter Apparition
• Aerial Cliffs of the Hyena-Keeper

I am not saying every one of these results does something for me right now, but three or four rolls almost always provide a basic framework to build on. I can imagine the Moaning Chapterhouse of the Bat-Sorcerer as a place in a campaign inspired by Clark Ashton Smith’s Hyperborea stories, and the Dilapidated Castle as a locale in a chivalric high fantasy/fairy tale setting. The other two, as the average result tends to be, is weird fantasy; the Aerial Cliffs are great, while the Collapsing Edifice just gives me “centipede monster lair”, and that’s not much added value. The other three, I could use. Sometimes, I take a folded paper sheet, and fill one page with random idea seeds that seem to fit my current mood, then build an adventure around them (The Singing Cavernsfrom Echoes #01 was partially built with this method).
Of course, there is something about this table I have not noted yet: it is not just one table. It is followed by another identical d100 table with different keywords (Sinister Grotto of the Howling Wolves… OK, this is not much – but how about Fossilised Pagoda of the Mist-Pirates, the greatest wuxia OSR adventure never written?), and a two-column table that uses the “purpose approach” for truly weird but sometimes quite cool results (Skin Altar, Time-Well, Spider Separator [?], Perfume Pools [that’s a winner]). That’s a lot of stuff to work with. You could fill a mini-setting with adventures based solely on these tables, because why not.
* * *
Muddle's Generator

The Wilderness Workhorse: Muddle’s Wilderness Location Generator

Yes, this is an internet tool, and you can try it for free, so go ahead. The ToAD, exhausting as it is, is not much focused on wilderness play, and its tables in this section are cool but just not as varied as the dungeon chapter. Muddle’s wilderness table is a good alternative. It combines nouns and adjectives into a list of 50 locations for your wilderness adventure. A lot of these results will be irrelevant to your current project, but you can check these and delete them, then replace them with a new batch of entries, repeat until you have the precise 50-entry roster you need. Here are the first few from the selection I got this time:

• Deep Hills of the Elder Piller (sic)
• Mausoleum of Adamantite Drows
• Dreary Treasury
• Inner Tomb
• Skeletonelder Hole
• Slimefist Tower

A lot need to be weeded out (I have developed a soft spot for Awful Peak, it is staying), and the vocabulary is much more limited than Mythmere’s thesaury(Sorry! Sorry!), but it is quick, cheap, and often does its job. You can use it to build. Deep Hills of the Elder Pillar sounds like the place where people possess a lot of good ol’ folksy wisdom, much of it involving goat sacrifice and non-euclidean things, Dreary Treasury is a place offering an interesting internal contradiction, and Inner Tomb either lies deeper in the wilderness, or it is a tomb with a hidden sub-section. And we have a cultist hideout at the end, I believe.

But that’s not all! Muddle’s set also has a dungeon room generator that’s almost as decent,  and you can force it to select by theme. The other tools are less useful, although the deity generator might make Petty Gods a run for its money (Grundermir Ratvoid, Dread Fiend of Bad Breath; Malumdrim Biscuitfinger, Queen of Ants; Asheeltrym Grumblespoons, Lord of Bannanas (sic); Mulelroun, Godess of Apples; and Grelderthul the Beautiful, Queen of Aggression is certainly a pantheon).

* * *

The Implied Setting: Outdoor Random Monster Encounter Tables (AD&D Dungeon Masters Guide)

In the book that has everything, everyone will find something. Gary’s magnum opus is less methodical guidebook than an occult tome that teaches you, the fledgling DUNGEON MASTER, that horizons are infinite, and the true scope of the reaches far beyond a few narrow possibilities. Last evening, we looked up its advice on underwater combat after two characters fell into a deep pool inhabited by a water spider, and I am sure the “how much damage will I take in my armour type if I transform into a specific lycanthrope type” table has been useful to someone, somewhere – at least once in history.

When the DMG’s readers are asked which is the most important section in there, the teenage munchkin will say “Of course it is the magic items table! Here, have a vorpal mace and two Wands of Orcus!”. The journeyman will point to the dungeon dressing appendix – it is useful indeed – and the old-schooler will at once point to Appendix N for its listing of AD&D’s thematic roots, which we all know is better than the stupid dreck everyone else is reading. The connoisseur of obscure gems will note the “Abbreviated Monster Manual” from Appendix E. Bad people who need to be put on a watchlist will cite “the Zowie Slot Variant”. These are not bad answers, but for my pick, I would go with Appendix C, AD&D’s outdoor encounter system.

You encounter 2d6 Catoblepas

Random dungeon dressing and treasure tables help you fill your rooms, and Appendix N will help you develop a refined taste in genre literature; Appendix C gives you the most practical tool for AD&D’s implied frontier setting. We can appreciate the points of light concept because it gives us our points of light in the practical sense – not as aesthetic, but also as practical procedure. Random encounters, particularly when also used to populate wilderness areas, as in a hex-crawl, give you the gameplay texture to make expeditions in the outdoors varied, fun, and very hazardous. That is, they give you the everyday reality of travelling between two points on the landscape. Here is an expedition of six encounters moving between two cities separated by plains, then hills, a stretch of forest, more hills, marsh, then plains again, assuming one encounter occurring on each stretch:

• Plains: Men, nomads (150), with 13 levelled Fighters between 3rd and 6th level, a 8th level Fighter leader with a 6thlevel subcommander, 12 guards of 2nd level, plus two lesser Clerics and a lesser Magic-User. Assuming the nomads do not force you back in town, or just take you as captives, we can move on to…
• Hills: Elves (140), with 10 levelled Fighters of 2nd or 3rdlevel, 3 Magic-Users of 1st or 2nd level, and 4 multi-classed elves (4/5 level, plus a 4/8 leader). Let us not consider the giant eagles in their lair – the elves are bros, anyway. We share lembas and move on.
• Forest: 2 Giant weasels, which are 3 HD creatures. Luck was with us, unless the encounter occurs by surprise, since giant weasels suck blood at a rate of 2d6 Hp/round. They have no treasure, but their pelts are worth 1d6*1000 gp, each enough to hire 100 porters for 10 to 60 months of work, or an army of 50 heavy footmen for the same time span!
• Hills again: 16 Wolves, the basic unit of fantasy wildlife. They are 75% to be hungry when you meet them. Of course, they are hungry this time, too.
• Marsh: this is a great place to meet a beholder, catoblepas, or other high-level monsters, but instead, we get Men, pilgrims (60), 9 Clerics of 2ndto 6th level, and a 8th level Cleric with a 3rdto 5th level assistant. There is 60% of 1d10 Fighters (random level, 1st to 8th), and 30% for a Magic-User of 6thto 9th level, but they are not here right now. Still, these badasses are travelling in the world’s most dangerous terrain type except mountains. Don’t screw with.
• Plains again: 1 Huge spider, which is a good roll on 1d12, and fortunately, it is not the calf-sized 4+4 HD type, but the dog-sized 2+2 HD type. The only downside is that they surprise 5:6, which is a bad value, considering their poison is deadly.

Just a random encounter, bro!

After this trip, you start to appreciate those sexy harlot encounters in the city (and hope if it comes to worse, it is 8th to 11th level Thieves out for your purse, and not a Weretiger or a Goodwife out for your blood), and you start understanding why those points of light remain points, not larger blots, or why those pilgrims travel in groups of 10-100. It also puts your mind into a different frame than level-balanced games with random monsters numbering in the 1d4 or 1d8 range. You can’t fight all those roving death armies, and besides, it does not pay (weasel pelts excepting). You learn to scout, you learn to run, you learn to leave behind food to distract your pursuers (this scales up from rations to pack animals and fellow adventurers – as the great Grey Fox once shouted back to a companion stuck in a bad situation, “What ‘party’? The party is already over here!”), bribes of gold or good, old-fashioned bullshitting to tip over that reaction roll. You learn to grovel before that dragon, planning future revenge. You learn to plan an ambush to plunder that lair you just discovered, and carry away the best valuables. Welcome to the AD&D World Milieu!

* * * 

The Chad Sword & Sorcery Milieu: Ravaged Ruins (Wilderlands of High Fantasy / Ready Ref Sheets)

Wilderlands of Highly AwesomeSo you got to know Appendix C, and suddenly gained a new understanding of AD&D. You are on a different level. Here is where it gets stranger. From the OD&D era, Judges Guild’s Wilderlands setting presents a truly bottom-up sandbox setting of minimal detail and high weirdness – recognisably D&D fantasy, but more “Appendix N” and Frazetta than the comparative classicism of Greyhawkor Steading of the Hill Giant Chief. The “High” in Wilderlands of High Fantasy might stand for something else than “Tolkienesque” here, even though the setting also has a generous helping of Tolkien pastiche – right next to old-school Star Trek, classical mythology, pulp fantasy, and Dark Ages Europe/Near East mini-kingdoms. It is just general fantasy enough to kick you out of your comfort zone when it turns out the Invincible Overlord has captured a stray MIG fighter, or that the dungeons under Thunderhold, castle of the Dwarf King have half-buried railway tracks and a gateway to Venus on their fourth level. The described Wilderlands is filled with odd, short idea fragments and juxtapositions, a few throwaway lines like

• “Villagers charged with a centuries old oath to the ‘King of the Lost-Lands’, maintain an eternal bonfire atop a crag to warn ships off the hidden reef.”
• “In a well hidden crypt is a ring of Brathecol, one of the kings of old Altantis. (sic –  ‘Altanis’ vs. ‘Atlantis’ is one of the strange ambiguities of the setting)) A stone golem is  guardian of the crypt which appears as a monolithic block of limestone.”
• “The crystallized skeleton of a dragon turtle is buried on the sandy beach. The skull houses a giant leech.”

However, there is also a procedural Wilderlands that lives in its weirdo random tables and guidelines, which were collected in the supremely fun Ready Ref Sheets, Volume I (no second volume was released, but the first one is a great look into OD&D, and remarkably easy to obtain). Here you can find rudimentary rules for taxation, trade and mining – but the most useful table is the self-explanatory Ravaged Ruins. This table generates wilderness locations to scatter across your hex maps, and let your players wonder about the fallen glories of past ages – something that already establishes one of the major themes of the Wilderlands. The table is relatively small, a simple two-pager with results drawn from archaeology... at least at first glance. It generates a basic ruin type, with nested sub-tables to determine the specific subtype – there are not that many results, but the number of combinations is at least decent. Supplemental columns also establish the condition of the ruins, their covering (definitely archaeological in sensibilities), state, and the monsters guarding the ruin. And it gets weird, as seen in these six rolls:

• Statued fountain, found in a large crater, covered with vines, crumbled and decayed, protected by lycanthropes.
• Bones, above ground and covered with slime, partially operational, no guardians. (What does partially operational mean in the case of a bone pile? Mediocre Judges will frown and reroll. Superior Judges will find an explanation. Perhaps this is a bone mine of extinct creatures, still excavated by locals as trade goods or building material? What of the slimes?)
• Sea-horse carriage, partially sunken and buried in a thicket, dangerous operational, protected by insects.
• Periscope inside cavern, covered in rocks, collapsed and tumbled, mechanical guardians. (Wait a minute! We are not in Middle Earth anymore, Bilbo!)
• Man o’ War inside cavern, dangerous operational, protected by trap. (It has to be a fairly big cavern for that… and what if we roll it for a place far, far from a sea coast?)
• Asphault (sic) road, partially covered in thickets, corroded & eroded, protected by giant types. (So this setting has old, overgrown, eroded asphalt roads.)

Ravaged Ruins

Something, even a random detail, becomes a theme through repetition and exploration: and this is the Wilderlands’: picking through the remnants of older ages, part Dark Ages, part Classical Antiquity, part fallen star-faring civilisation. Antigrav sleds, nuclear submarines and re-entry capsules lie wrecked in ancient ruins guarded by dragons and mechanical guardians next to crystallised skeletons and eroded old idols; the grand works of past cultures lie abandoned in dusty deserts and frozen tundra. There are rat chariots pyramidal palaces. What is this place? In a compact, two-page table, Wilderlands of High Fantasy speaks louder, and in a more game-relevant way, than a full supplement. Yes, this table can be exhausted through use, but by that time, you get the Wilderlands.
* * *
The Panic Button: The Table of Despair (Original D&D Discussion / Fight On!)

Not every great table is enormous, and this one is just a throwaway forum post by korgoth. However, The Table of Despair is a great gameplay innovation, and a high achievement of old-school design. It becomes useful when the characters don’t get the hell out of Dodge before the curtain falls; when someone is separated from the main party for longer than healthy, or when someone flees in blind panic. You roll on the table and weep, mortal. Those are not great odds – in fact, they are downright crummy odds – but this is Jakkalá, and they may in fact be the best odds you can get. All that for a fistful of káitars!

The Table of Dessssspair!

Aside from its chuckling evil glee, the table communicates the danger of the Underworld very clearly. The results are appropriate, and should be pronounced in a booming, hollow voice. It is not applicable to every campaign, and it is a bit repetitive, but it is a work of simple genius. I have included a milder variant in Castle Xyntillan (“The Table of Terror”), which is derived from Helvéczia’s “Through Branch and Bush”, but all of these trace their lineage back to korgoth’s now classic post.

* * * 

The Carousing Table

The Equation Changer: Party Like it’s 999 (Jeff’s Gameblog)

Curiously, very little of the definitive old-school gaming blog has seen print; Jeff Rients just wrote tons of material he gave away for free. And 2008 was a great year, even by the Gameblog’s standards. These carousing guidelinesare not radically new, since they build on older principles which go right back to Orgies, Inc. (The Dragon, 1977) and even Dave Arneson’s First Fantasy Campaign (Judges Guild, 1977), already in vogue by 2006-2007. But Jeff’s take is the iconic, recognised version; he was not there the earliest, but he was there the mostest. It is simple: at the start of every session, you can just throw away a bunch of gold pieces in wild parties, and earn the same amount in experience points. There is, also, a random table to add risk and complication to the downtime activity. The party may have just been looking for some good fun and easy XP, but a few bad rolls later...

• Brother Otto wakes up with the hangover from hell, cramping his spellcasting.
• Nick the Knife accidentally burned down the inn, and everyone in town knows.
• Sir Wullam wakes up and finds himself with the symbol of the Brotherhood of the Purple Tentacle tattooed on his... oh no! Oh nooooooo!
• Sorceric has a minor misunderstanding with the guards, and is hauled in for six days in the lockup.

The adventure has not even started yet... or has it just started?

At least this inn is not on fire, RIGHT, Nick?

The carousing rule inverts D&D’s core equation, the 1 gp = 1 XP rule. Here, you do not gain XP for treasure you find, you gain XP for treasure you spend. AD&D’s model – which, mind you, works great, although for different reasons – hoovers up excess gold from the campaign through training costs (most of my current Hoard of Delusion party is stuck at their current level, having the XP but not the gp for training), and introduces the strategic dilemma – do we spend it on advancement or other useful stuff? It is also quintessentially 80s action movie – our hero, experiencing hardship, goes to the gym or the old karate master to bulk up for the tougher challenges coming his way. The inverted model removes money through living it up through excessive partying. OD&D’s upkeep rule is a predecessor (1% of your current XP total per arbitrary time period), but Jeff’s carousing table turns it into a mini-game and a source of new mini-adventures. You can also see Ffahrd, the Grey Mouser or Conan doing this, more than them learning new moves under the watch of a wise old instructor. Of course, it is just a table of 20 entries, with a comical aesthetic. But it is a hell of a beginning. I have my own 64-result downtime complications table from the Helvéczia RPG: here are four results for late 17th century picaresque adventures:

• One of Father Gérome Gantin’s noted enemies has vanished from town, and everyone is eyeing him suspiciously.
• Bettina von Vilingen, the noted scoundrel, finds herself the elected mayor of a tiny podunk village.
• Sebastiano Gianini, Bettina’s partner in crime, has indulged in sins better left unmentioned, and loses 3 Virtue.
• Domenico Pessi, retired mercenary, survives a close encounter with Death, but to correct the mistake, the Grim Reaper is once more on Domenico’s trail...

* * *

The Dipper: The Monster Determination and Level of Monster Matrix (OD&D vol. 3)

For our final table, let us return to the roots: OD&D’s random monster chart. OD&D has often been called badly designed (and until its mid-2000s revival, it was mostly considered a historical footnote), but what it is is badly written, and barely if at all explained. The design itself, taken at face value instead of handwaved or second-guessed, is surprisingly tight – blow the dust off of the covers, and you find yourself something that hangs together quite well as a game. We have already mentioned AD&D’s wilderness encounter charts – here is a simple, elegant and universal matrix for running expeditions into the Mythic Underworld.

The Dipper

The matrix cross-references level depth – the basic measure of zone difficulty – with a 1d6 roll to select a random chart, followed by a roll on the chart itself. It is trivial, but it is quite different from modern random charts, which usually go for weighted results for every level. The matrix mixes up the results by occasionally introducing lower-level (more powerful) monster types to the first dungeon levels, or hordes of low-level types for the depths below. Dangerous monsters travel up from the depths, and weaker creatures band together to establish strongholds and outposts in the deeper reaches. Consider the following expedition, going down to Level 3 and back, with two encounters on the average each level (it is not stated, but usually implied that the number of creatures appearing will be worth one dice per baseline, adjusted upwards and downwards):

• LVL 1: 6 Kobolds (LVL 1)
• LVL 1: 3 Lizards (LVL 2)
• LVL 2: 1 Hero (LVL 3, a 4th level Fighting Man)
• LVL 2: 1 Manticore (LVL 5 – ooops!)
• LVL 3: 2 Superheroes (LVL 5, 8th level Fighting Men)
• LVL 3: 9 Gnolls (LVL 2)
• LVL 2: 2 Ogres (LVL 4)
• LVL 2: 3 Thaumaturgists (LVL 3, 5th level Magic-Users)
• LVL 1: 2 Goblins (LVL 1)
• LVL 1: 1 Swashbuckler (LVL 3, 5th level Fighting Man)

Although basically meant for on-the-run wandering monsters, this little chart comes into its own during stocking dungeons. Follow the general stocking procedure for rooms along with the room treasure charts on p. 7, and you will soon have something fairly serviceable for a starting effort. It is quick and a lot of fun. Of course, for established monster lairs, I would use a higher “No. Appearing” – perhaps not the 40-400 goblins of the outdoor charts, but at least 1d8*5 for a start – if it’s got treasure, it can defend it. You can also expand the monster listings, or “slot in” alternate subtables while preserving the master matrix. You could have one for mediaeval fantasy, desert tomb-raiding, undercities, or what have you.

The AD&D Matrix

Now, I am not 100% happy with this table – chalk it up to personal preference, or the benefit of hindsight. I do believe it goes too deep. Six levels of difficulty should be enough, for a neat 6×6 matrix. Second, it is weighted towards the more powerful encounters, dredging up deep horrors as soon as you enter Level 3. On Level 2, you are more likely to encounter Level 3 monsters (Wights, 4th and 5th level NPCs and Giant Snakes) than Level 2-ones; on Level 3, you will regularly meet Mummies, Wyverns, Hydrae and Balrogs. On the other hand, fun low-strength critters are phased out too soon – Orc, Skeletons, Bandits and the like disappear after Level 2. That is too steep for a good difficulty curve. In our LBB-only, reasonable by-the-book Morthimion campaign, I have adjusted things by using the Level 1 charts for the first two levels, Level 2 for the second two, and so on: that was more than enough for a modern OD&D game (i.e. one played casually, not obsessively every day, every week, as people would do in the 1970s). I also tended to bump treasure values up by one row for largely the same reasons.

E..excuse me, is this Level Two? I thought this was Level Two

All that said, the OD&D monster table is an excellent example of compact, elegant design. With a few alterations – cut it down to 6 levels, rebalance a little, increase encounter numbers for some monsters – it would be powerful even in our day and time. I would adjust it just slightly, but keep the “dipper” aspect. AD&D’s equivalent dungeon encounter chart (Appendix C) is certainly more balanced, but missing some of the cool chaos introduced by its predecessor. It is weighted a bit too much towards “slog” instead of “swing”. Somewhere between the two, I believe we could find the perfect monster encounter chart.

The PRODAFT Threat Intelligence Team has published a report (pdf) that gives an unusually clear look at the size and structure of organized cybercrime.

It uncovered a global cybercrime campaign that uses modern management methods, sophisticated tools—including its own malware testing sandbox—and has strong ties with the SolarWinds attack, the EvilCorp group, and some other well-known malware campaigns.

SilverFish uncovered

The research team managed to do a full investigation of one of the SilverFish group’s Command and Control (C2) servers, after detecting an online domain (databasegalore[.]com) from previously published Identifiers of Compromise (IOCs).

It was possible for researchers to create a unique fingerprint of one of the online servers by using multiple metrics, such as installed software. After 12 hours of global scans of the IP4 range, they identified more than 200 other hosts with a very similar setup.

According to the report this “enabled the PTI Team to access the management infrastructure” of the group and learn significant information about how the group worked, who it had attacked, and how.

Sophisticated organization

What the researchers found was a highly sophisticated group of cybercriminals targeting large corporations and public institutions worldwide, with a focus on the EU and the US. They named this organization the SilverFish group.

By linking together the C2 servers they found, and comparing them to known IOCs, the researchers were able to connect the SilverFish group to the infamous SolarWinds attacks.

A large subset of the servers the researchers identified were also used by the infamous EvilCorp group, which modified the TrickBot infrastructure for the purpose of a large-scale cyber espionage campaign.

Links to SolarWinds

The report describes a “significant overlap” between the 4,700 victims identified during the investigation and organizations affected by the SolarWinds attacks. A significant part of the large infrastructure was found to have strong connections with the SolarWinds IOCs shared by three different security companies. The conclusion being that these servers most likely took part in the SolarWinds campaign.

Links to Trickbot

By looking at the group’s tactics, techniques, and procedures (TTP), combined with the technical complexity of the SilverFish group’s attacks, PRODAFT was able to detect similar findings in the c2 server, command statistics, infection dates, targeted sectors and countries, tools used during the attacks, executed commands, and other information that was very similar to those used by TrickBot.

So, is this group related with TrickBot? Not likely, but the research shows that the SilverFish group is using a similar version of the TrickBot infrastructure and codebase. It also found evidence of WastedLocker malware and other TTPs that matched with both EvilCorp and SolarWinds.

Links to EvilCorp

EvilCorp is the name of a vast, international cybercrime network. The alleged leaders of this network are very high on the FBI’s wanted list. In 2019, US authorities filed charges against EvilCorp’s alleged leaders, Maksim Yakubets and Igor Turashev, accusing them of using malware to steal millions of dollars from groups, including schools and religious organizations, in over 40 countries. EvilCorp is held responsible for the development and distribution of the Dridex and WastedLocker malware.

Malwarebytes’ Threat Intel Team commented:

Prodaft also mentions ties with the WastedLocker ransomware thought to be operated by EvilCorp, likely from the Traffic Distribution System analysis. One of the hostnames in particular is related to the SocGholish social engineering toolkit and is used to fingerprint victims before distribution of the final payload.

Management

According to PRODAFT, the main dashboard of the SilverFish C2 control panel features a section named “Active Teams”. SilverFish uses a team-based workflow model and a triage system similar to modern project management applications. Each user can write comments about each victim. Based on these (mainly Russian) comments, the researchers gained a better understanding of the motivation of the group and the prioritization of the victims—operations were prioritized based on these comments.

A hierarchy was also found to be present in the comments on the C2 server, enabling management of different targets, assignment of these targets to different groups and triage of incoming victims.

Targets

The main areas of focus for the SilverFish group appear to be the US and Europe, with each region serviced by different teams. They also seem to primarily target critical infrastructure. Successfully compromised victims were found in nearly all critical infrastructures (as defined in the NIST Cyber Security Framework).

The SilverFish group predominantly targets critical entities like energy, defense, and government or Fortune 500 enterprises. Second, the researchers found comments in the C2 servers that indicate ignoring victims like universities, small companies, and other systems which they consider worthless.

Approximately half of the victims were found to be corporations which have a market value of more than $100 million USD, as per their public financial statements.

WordPress

In contrast to traditional attacks that use a domain name purchased via means of anonymous payments, SilverFish is using hacked domains for redirecting traffic to their C2 control panel.

To avoid disrupting the legitimate traffic of the hacked website, the SilverFish group creates new subdomains, which makes it almost impossible for a website owner to understand that their domain is being exploited in an attack. The frequency in which they change domains would imply that the SilverFish group has more than 1,000 already compromised websites, which are rotated almost every other day.

A significant number of these compromised websites were using WordPress. The report notes that while it is possible to buy login credentials from underground markets, “the amount of compromised websites with the same software shows us that the SilverFish group might also be leveraging 0-day or N-day exploits.” WordPress is, by far, the world’s most commonly used web Content Management System, and out-of-date installations and vulnerable plugins provide no shortage of targets.

Post-exploitation

Perhaps unsurprisingly, the SilverFish group was found to make extensive use of publicly available “red teaming” tools such as Empire, Cobalt Strike and Mimikatz, as well as Powershell, BAT, CSPROJ, JavaScript and HTA files used for enumeration and data exfiltration.

Executed Cobalt Strike beacons use domain fronting for communicating to the C2 server. Domain fronting obscures the eventual destination of HTTP traffic by relaying it from the server listed in the publicly-readable SNI portion of a request, to a different server listed in the private (encrypted) Host header.

The main goals of the SilverFish group are likely to be covert reconnaissance and data exfiltration. According to PRODAFT, the commands and scripts the SilverFish group use “strongly indicates sophistication and an advanced post-exploitation skillset”.

Remote sandboxing

The most astounding find the researchers uncovered was that the SilverFish group has designed an unprecedented malware detection sandbox, formed by actual enterprise victims, which enables the adversaries to test their malicious payloads on live systems with different enterprise AV and EDR solutions (enterprise systems can be hard for criminals to acquire).

Malwarebytes Threat Intel Team commented:

Machines are profiled and used as a testing ground, a sort of live antivirus testing platform featuring many different EDR products.

The SilverFish attackers were using this system to periodically test their malicious payloads on more than 6,000 victim devices, scripts, and implants. According to the report, the SilverFish group members appear to be tracking the detection rate of their payloads in real time.

Level of sophistication

PRODAFT says “we believe this case to be an important cornerstone in terms of understanding capabilities of organized threat actors”, and it is hard to disagree.

Although ransomware groups can be well organised, they are mostly engaged in noisy smash-and-grab raids. The SilverFish group is something different. According to PRODAFT it is an “organization that operates in an organized and disciplined manner in a hierarchical environment, one that is even highly compartmentalized,” that takes a “structured approach to covert cyber-espionage.”

Attribution

The Prodaft researchers refrain from attribution, but there are some strong pointers which can be found in their extensive report.

• Russian comments and use of Russian slang words on the C2 servers.
• Indications that the group is sparing countries that were part of the former USSR and still have strong ties with Russia.
• The group is active during European work hours, with most of its activity recorded between 08:00 and 20:00 (UTC).
• The attention to critical infrastructure, and major companies in the US and Europe.

Attribution is hard and sometimes the conclusion you come to is the one the threat-actors want you to reach. But if it walks like a duck and quacks like a duck….

The post Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group appeared first on Malwarebytes Labs.

There’s an often-overlooked story in the Bible that moves me deeply. It’s in Luke 7:11-17. 

Jesus walks (according to what seems like a predetermined plan) from Capernaum toward a walled village called Nain, a distance of approximately 12 miles.

He is followed not only by his disciples but also by a large crowd of people. As he and the crowd approach Nain, coming out of a gate in the wall they meet a funeral procession.

A funeral at that time would comprise several sad elements: first a narrator who would speak of the good deeds of the deceased; then women assigned to chant and wail, attended by a flutist or two; then the funeral bier carried by friends and loved ones bearing the body of the deceased. All of these would be followed by family and a large number of grieving townspeople.  

As our Lord and his followers approach he sizes up the situation quickly. On the bier, he sees the body of a young man, an only son; following the bier, one lone woman, the mother who is obviously widowed. 

Luke tells us that “his heart went out to her.” Jesus then says to her: “Don’t cry.” I would love to have heard those caring words spoken by our Lord. Then stepping forward he touches the bier and the procession stops. To the lifeless body he says, “Young man, I say to you, get up.”

The people in both throngs are amazed as the young man sits up on the bier and begins to talk to those around him. Jesus tenderly restores him to his speechless mother.

The funeral procession breaks up. The professional mourners cease their wailing. The crowd is filled with awe, but when they gain their wits they begin to shout, “A great prophet has appeared among us!” And they add, “God has come to help his people!”

There is no indication that this miracle is performed to add to our Lord’s reputation or to enhance his popularity. This miracle is prompted by one thing — his instant compassion. Because of the remoteness of the town, the people may not have heard of Jesus, but they read the situation correctly. 

Here is a powerful picture of God Incarnate: tender-hearted toward the hurting, and at the same time with the power to raise the dead. We see in this episode of Jesus’ life that God wishes to enter our lives during every circumstance. Does he not deserve our fervent worship in return?

Image info: The Resurrection of the Widow’s Son at Nain (La résurrection du fils de la veuve de Naïm) – James Tissot, Public Domain.

Roll Call:

Action Jack: Man of Action--Man Out of Time!
Fibbit: Manic Pixie Extradimensional Dream Girl!
Infranaut: IR-Powered Celebrity Hero!
Il Masso: The Rock-Solid Hero of Little Italy!
Space Racer: Cosmic Speedster!

Supporting Characters: Zauber the Magnificent (flashback only)

Villains: Spiderbots (first appearance)

Synopsis: Individually, enjoying a day in Empire Park, our heroes are startled by an attacked of spider-shaped robots emerging from the sewers, which seem to be particularly targeting them. Our heroes destroy the robots, and join forces. During the melee, Fibbit catches gets images of a peculiar industrial building and a man dressed as a magician, who ages before her eyes. Space Racer had a flashback to a vague memory of a dead world, somehow displaced in time.

Action Jack recognizes Fibbit magician as Zauber the Magnificent, a magician and crime fighter from the war years.

Fibbit also warns the others that she also sensed a malevolent force in the direction of the spiderbots' origin--and it seemed to sense her back!

Last week on Malwarebytes Labs, our podcast featured Adam Kujawa, who talked us through our 2021 State of Malware report.

We cover our own research on:

• Royal mail parcel scam
• How your iPhone can tell you if you’re being stalked
• Careers in cybersecurity
• ProxyLogon PoC whack-a-mole
• Teen behind 2020 Twitter hack pleads guilty
• FBI warns of increase in PYSA ransomware attacks targeting education
• Apple shines and buffs Mac security
• Mother charged with using deepfakes to shame daughter’s cheerleading rivals
• HelloKitty: When Cyberpunk met cy-purr-crime
• NFTs explained: daylight robbery on the blockchain
• Report reveals scale of Business Email Compromise losses
• Resident Evil 8 the latest game plagued by fake demos and scams

Other Cybersecurity news

• College experiences sharp end of ransomware: 8 campuses close with teaching moved online, after ransomware attack takes over key systems (Source: SCCB)
• Smart targets: Research suggests smart doorbells make your home a more attractive proposition for criminals (Source: The Register)
• CopperStealer running riot: malware racks up big infection numbers at the start of 2021 (Source: SCMagazine)
• Trouble in the club house: Fake Android app pretends to be social media app ClubHouse (Source: Infosecurity Magazine)
• FBI alert: Phishing mails spreading “sophisticated” malware (Source: ZDNet)
• Young adults under fire: It’s not just older generations threatened by scams and fakery (Source: GoErie)
• Bogus giveaway scams on the prowl: Edmonton businesses warn of social media impersonations (Source: Global News CA)
• Taxing times: Fake tax mails come bearing Remote Access Trojans (Source: Bank Info Security)
• Twitter compromise leads to gaming scam: NHS Boss suffers Twitter account takeover, which is used to push Playstation 5 sales (Source: BBC)
• Banking on security: reports suggest bank industry hardware may provide inroads for wily attackers (Source: Forbes)

Stay safe, everyone!

The post A week in security (March 15 – 21) appeared first on Malwarebytes Labs.

It’s the end. But the moment has been prepared for… The Doctor Who monthly adventures range from Big Finish has sadly come to an end with The End of the Beginning. When Big Finish were granted a license to create original Doctor Who audio adventures it was a time of trepidation. New televised Doctor Who […]

The post REVIEW: Big Finish: Doctor Who: The End of the Beginning – The Monthly Adventures bow out on a high appeared first on Blogtor Who.

The post 1489 appeared first on Looking For Group.

The post Video of the Day – Doctor Who: The Fires of Pompeii, 2008 appeared first on Blogtor Who.

Art by Jason Sholtis
Back in 2017, I did a series posts doing adventure sketches re-imaging Against the Giants. Here's the complete list:

Wedding of the Hill Giant Chief

Sanctum of the Stone Giant Space God

Glacial Gallery of the Frost Giant Artist

Part I

In my previous post I discussed the status of magic at the beginning of history within my setting, the Majestic Fantasy Realms. Here I will discuss the aftermath of the Dawn War and how it gave rise to the first great era of magic. 

Prior to the Dawn War all magic was arcane and ritual based. The gods were known as the Lords of Creation and functioned as guides, teachers and coaches rather than as a source of divine mystery. Their roles were to prepare the two races, humans and elves, for the roles they were to play in the newly created world. 

As recounted in the last post, the demons were imprisoned in the Abyss with the chromatic crystals and as a result magic in a concentrated form was cycled throughout the world. Providing a source of energy to cast spells within seconds instead of minutes.

Faith, Signs and Portents.

The Lords of Creations decided that their close presence to the mortal races was one of the primary causes for the rise of the Demons. After the Abyss was sealed, they withdrew from the world and only interacted with those who followed their philosophies. Communicating through signs and portents, they sought to teach through faith instead of direct instruction. In doing this they changed from being the Lords of Creation into gods with religion and faiths.

Their clerics became the first true spellcasters in the world. Those who developed or had the strong faith found they had power as well. They were given divine insight to use the new sources of magical power coursing throughout the world. Through meditation and prayer they could memorize specific spells. Developing the forms in their mind. Then while casting filling the forms with magical energy and finally releasing the form and energy as a spell. As the cleric became more experience their divine insight developed to allow them to cast more potent spells. 

However, power had a price, and that price was belief and faith. Belief in what they were taught and faith that it was right and real and not madness or the whisper of demons rising from the Abyss. Without faith and belief, there was no divine insight, without divine insight the ability to cast spell within seconds disappeared.

As religions developed and took hold, the Cleric became the dominate spellcaster overshadowing the old arcane ritual casters. A major contributing factor was the Shield of Faith, which made Clerics invulnerable against spells and rituals cast without a god's divine insight unless the spell manifested something in the physical world like fire, ice, stone, or lightning. In many cultures the ways of the old ritual based arcane spellcasting was lost. Except for one group, the Elves and their allies.

The Elves and Wizardry

Within a few generations only the elves preserved any memory of the time before the Dawn War. Like other cultures, the god also only spoke to the elves in signs and portents. But among the elves and their allies it did not developed into a full blown religion but into various philosophies one committed their lives too. Those who committed to one of the divine philosophies also received the divine insight to learn and cast spells within seconds. 

But because elves still remembered, they and their allies also still practiced and more important continue to develop the old arcane rituals. They learned how to cast rituals with divine insight separate from the forms they created in their mind with their daily meditations and prayers. They could cast divine rituals without a having to write them into ritual book.

And the elves and their allies developed a way to casting arcane spells within seconds called wizardry. Through a complex series of meditations, rituals, and study, Wizards could internalize spell forms to fill with energy to cast at a moment’s notice. However, it took practice and further study to be able to do their more than once a day and with more potent spells. Even then the Wizard were very limited in how many spells that could be internalize and the process of internalizing a form took years even decades. An issue that wasn’t present with divine insight. 

Wizardry did not spread far beyond the elves and cultures allied with the elves for two reasons, the laborious study involved which was fine for immortal elves but took up much of a human’s lifetime. The second and more tragic, was that many rejected interaction with the elves and their allies when elves began to contact others cultures again a thousand years after the Dawn War. The worldview of the elves and their allies was seen as godless to cultures dominated by religion. 

Hedge Mages and Arcanists

Magic in concentrated form flowed through everyday life. It would manifest in physical objects known as viz only to dissipate at dawn the next day. Creatures, some known as monsters, developed ways of harnessing magical energies to better survive. Outside of the elves, religion and the clerics were dominate but over the centuries people both within a faith and outside were continually rediscovering arcane magic and ritual spellcasting. Most times it was a curiosity and limited to a few weak rituals. In some cultures an underground tradition of Hedge Mages developed who lived on the fringes of society and passed down hard won rituals from master to apprentice over generation. Mostly making a living by brewing potions and elixirs for the few who found them. When the culture’s religion found out about them the reaction was nearly always negative and many died after being called heretics and apostates. 

Some religions allowed orders of arcanists to develop and catalog arcane rituals under the strict supervision of the religious hierarchy. Arcanists were rarely a separate order but instead a specialty among scribes, librarians, and record-keeper. 

The Dawn of the Magic User

As the centuries rolled on and history unfolded, chance and circumstance allowed cracks to form in the dominance of magic by clerics. In the next post I will conclude this series by talking about the events that lead to the rise of the magic-user.

The MechanicsFor Swords and Wizardry the cleric is as written. I have a few additional wrinkles like the Shield of Faith which acts as a form of limited magic resistance in the Majestic Fantasy RPG. 
Viz is the same as spelled out in the Basic Rules for the Majestic Wilderlands RPG. One viz allows the cast to cast a 1st level spells without losing it from memory or using a spell slot (if a wizard, see below). It also reduces the cost of creating a magic item. But a spellcaster can only keep so much viz intact without it dissipating at dawn. Generally equal to half their level rounded down plus their intelligence or wisdom bonus.
The Wizards works similarly to the D20 Sorcerer where the spellcasters do not have to memorize spells but instead learn spells known and cast them any way they want until their spell slots are used up for the day.
For Swords and Wizardry I went with the following table instead the one with the D20. They can cast arcane rituals with a spell level equal to 1/2 the high level spell they can case (rounded down). So Wizard can begin to cast first level arcane rituals at 3rd level when they learn how to learn and cast 2nd level spells. 
Spells Per Day
Spell Known


Part 3

The latest Doctor Who game provides a thrilling modern journey into terror Since they became Doctor Who’s resident games master in 2018, London based software house Maze Theory have given themselves impressively ambitious goals. And certainly, reviewers hailed their first release, Doctor Who: The Edge of Time, as the most polished and well designed game […]

The post Doctor Who: The Lonely Assassins – Game Review appeared first on Blogtor Who.

The post Video of the Day – Doctor Who: The Husbands Of River Song, 2016 appeared first on Blogtor Who.

 "Ever wonder what happens to powerful heroes after their adventures legendary, and they have passed in to the realms beyond? Now you can find out with the D&D Immortals Set.The Player's Guide to Immortals lays out the basic information needed to convert you mortal player characters to Immortal status. It also explains new game mechanics, as are many aspects of the character's new existence"Its Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts?

Preview power: the 80s and 90s

Back in the 80s, games reviews were only really found in dedicated gaming magazines like ZZap!64 or Amstrad Action. A couple of magazine publishers had the idea to distribute full games and demos on cassette tapes mounted to the cover. This led to some spectacular covertape related magazine warfare, distribution of games without permission, and copyright breach extravaganzas.

Downloadable demos: 2000s and beyond

When net-connected consoles blasted their way into homes from around the time of the original Xbox onward, this granted a second life to the old cover tapes and discs. Consoles came with demos pre-loaded, you could download demos or full games, and update purchased titles on the fly.

Consoles going digital slowly came with its own problems. Even so, the digital download revolution encouraged new funding models and ways to play games. Early access, where players are granted first look at a title by paying or for free, is where our latest scam lies.

What are the scammers doing?

Scammers are using demos and early access promises as bait for phishing and other forms of attack. The upcoming Resident Evil title, Village, currently has a spin-off demo version called “Maiden” on the Playstation 5 with other versions to follow. Enterprising phishers are distributing fake mails offering “Early access invitations” to play Village itself, which is the full game, set after the events of Maiden.

In this way, they’re trying to ride the wave of popularity for Maiden by encouraging people to get their hands on the rest of the content. The game developers, Capcom, also mention avoiding any files offered up by the phish. This sounds very much like the phishers were also dabbling in malware distribution.

We bring tidings. Bad tidings.

The full Capcom message sent to press reads as follows:

We’re sending this message as we’ve been made aware that there are currently emails circulating that pretend to contain “Early Access invitations” to Resident Evil Village. The sender address is being displayed as “no-reply(at)capcom(dot)com”.

We want to inform you that these messages are NOT from Capcom and appear to be phishing attempts by an unauthorized third party. If you have received such a message, please DO NOT download any files or reply, and delete the message immediately.

If you are unsure of the authenticity of correspondence from Capcom, please contact us directly to verify.

This is perfect bait for younger gamers who may not be aware of this type of scam attempt. No doubt it’ll have caught out many an adult gamer, too. That’s the most recent attempt at tricking people with fake early access. Shall we take a look at a slightly earlier effort?

Fake Beta build scammers come for Far Cry

Far Cry 6 is the soon to be released entry into Ubisoft’s unstoppable game series. Last month, a supposed “beta” build of the game was mentioned in emails to various influencers / content creators in the gaming space. The mail, flagged as being under embargo, comes complete with an access password. When the password is entered, and we’re not sure if they mean to open a zip or on a fake website, an infection is downloaded to the PC. According to potential victims, it “watches your screen and records everything you do”.

That’s bad enough. This is by no means the end of the wave of fake beta/early access/demo invites though.

Gaming a wide audience

In January, THQ Nordic warned of scam mails related to their game Biomutant. As with the other missives, it seems to focus on content creators / developers. Seeing developers state that no early builds of games are being mailed to people is bad news. Could one group specifically be trying this early access build gimmick? Or is everyone at it? Quite often, a new way to go on the offensive is posted to underground forums and then people go off and try it. That could be what is happening with these attacks, or it could just be coincidence.

As far as fake betas go, those have been around for a long time. A good example of this is Cyberpunk 2077, back in July of last year. How about a Fortnite Android beta scam from 2018? We can certainly round things out with a Valorant themed, malware laden closed beta key generator from last April.

Some tips to avoid fake beta/access scams

1. At least some of these attacks are targeted towards gaming influencers or people with big platforms. As a result, this means you may not encounter a few of them. If you do fall into this category, basic security hygiene applies. Check the security of all your accounts and enable two-factor authentication if it’s available. Run up to date security software, and ensure all your devices are patched and up to date.
2. Begin locking down your gaming accounts if you haven’t already. It might not just be your PC at risk from attacks. They could be after your console logins / details too. All major gaming consoles have plenty of security features. It’s well worth digging out their security documentation and shoring up any gaps in your defence.
3. If a games developer emails you out of the blue, it’s fairly easy to figure out what’s real and what isn’t. Major titles announce betas, and early access programs clearly on websites, social media, and gaming portals. It isn’t left to random mail shots and mysterious attachments. If there’s no evidence of whatever you’ve been sent in some sort of official capacity, steer clear. Worst case scenario, you can always contact most developers on social media. They will likely be happy to help if what you’re showing them is a scam.

Press X to continue?

We recommend telling younger gamers in your household about these scams, and also the security solutions used to address them. The “exclusive preview build” technique aimed at influencers probably won’t remain aimed at them exclusively for very long, so watch out for that. You may as well get ahead of the game now before the inevitable next wave of beta invite scams land in mailboxes near you. There’s always something to think about in video game land.

The post Resident Evil 8 just the latest game plagued by fake demos and early access scams appeared first on Malwarebytes Labs.

The post Video of the Day – Digital Spy, 2013 appeared first on Blogtor Who.

The post VIDEO: David Tennant and Michael Sheen’s Staged Comic Relief Special (ft. Sir Lenny Henry) – Red Nose Day 2021 appeared first on Blogtor Who.

Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didn’t give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help.

The Internet Crime Complaint Center (IC3), an arm of the FBI where internet users can report online fraud crimes, recently released the 2020 Internet Crime Report, an annual report that contains high-level information on suspected fraud cases reported to them and their losses. A state-by-state statistical breakdown of these cases were included in an accompanying report, 2020 State Reports, that you can browse through here.

The IC3 has found that the three biggest complaints they received in 2020 are phishing scams, which garnered the highest number of complaints (241,342), ransomware (2,474), and, perhaps the most striking of these, Business Email Compromise (BEC) (19,369). It’s striking, not because of the number of complaints but because BEC scams recorded the highest total losses by victims, at roughly $1.8 billion USD. Although phishing led to the highest number of complaints, victims “only” lost $54 million USD, a fraction of the money lost to BEC scams.

According to IC3, BEC can also be called Email Account Compromise (EAC). It may or may not involve a layered attack, depending on how a threat actor can better mimic the person they’re spoofing, and how much their target employee would be able to buy into the overall deception.

It starts off with an email, either from a compromised account or spoofed address, to make it look like it originated from a particular sender. The threat actor, usually posing as a higher-up within a company, contacts a more junior employee in the company who is cleared to perform funds transfers. The attacker gives the junior employee a plausible but urgent instruction to make a large, confidential transfer of money to a fake supplier.

“In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency,” according to the report. “In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include Extortion, Tech Support, Romance scams, etc., that involved a victim providing a form of ID to a bad actor. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.”

We remind businesses, regardless of sector, to be aware of BEC attack trends and be very vigilant in combatting it. BEC scams rely, in part, on the pressure that junior employees feel when asked to comply with demands from senior employees, and told not to alert anyone else. Employees should be empowered to seek advice and take the time they need.

Also, if your company doesn’t have an extra layer or two of authentication before the request to transfer money is green-lit, put one in place now. A phone or video call is ideal.

True, these steps introduce a bit of friction into your company processes, but a little inconvenience and delay could your company millions of dollars.

Good luck!

Other post(s) on the subject of business email compromise:

• Business email compromise: gunning for goal

The post Report reveals the staggering scale of Business Email Compromise losses appeared first on Malwarebytes Labs.

The post VIDEO: 2020: The Movie (ft. Doctor Who and Michael Sheen) – Comic Relief: Red Nose Day 2021 appeared first on Blogtor Who.