What do little old ladies, Chinese threat actors, and a quarter of a million dollars have in common....
So...do you work in an industry where money changes hands often via email? Does your day job consist of opening up random PDFs sent from strangers? How about representing buyers in large transactions...with a Gmail account...and no 2FA...Bear with me...this will make sense...soon... Its story time kids....Let me set the stage, a small town in the pacific northwest with a little old retiree who took out the bulk of her retirement to pay off her house and buy a new one...Seems odd for a security conference talk, no? Bear with me...This story entails everything from a foreign threat actor, phishing for a pay day -- a victim who didn't even have email...and in the end a large some of money wired to a domestic account with mules ready to cash out...True story bruh... We will walk through one of the more interesting cases we have been involved in highlight some of the flaws in our current Real Estate industry, AND as a bonus debut a cool new tool that we created for managing complex email threads within a DFIR engagement.
John Stauffacher (@g33kspeed) is currently heading up the Incident Response team at Trace3. Mr Stauffacher is an accomplished speaker, author, and contributor to the security community. He has contributed to open source projects, as well as consulted with companies ranging from small SMB firms to large fortune 50 companies.