Blog

Security Advisory: OpenClaw/Moltbot AI Agents

max.kovalsky@consortium.net (Max Kovalsky) — Tue, 03 Feb 2026 16:22:16 GMT

February 2026 — OpenClaw is an open-source AI coding agent that runs locally and interacts with your system through natural language. It can read and write files, execute shell commands, browse the web, and integrate with services like email, Slack, Jira, and GitHub. Moltbot extends this with a social layer — agent scan communicate with each other, share context, and coordinate tasks across installations.

Consortium Completes SOC 2 Type II Audit, Underscoring Deep Commitment to Client Security

Consortium — Mon, 01 Dec 2025 21:24:17 GMT

Consortium, a next-generation value-added reseller delivering tailored cybersecurity solutions and expert advisory services, today announced the successful completion of its SOC 2 Type II audit. This milestone reaffirms the company’s deep commitment to safeguarding client data and maintaining the highest standards of security and operational excellence throughout Consortium and Metrics that Matter®.

Navigating Generative AI Risks

Maxim Kovalsky — Fri, 14 Nov 2025 14:28:32 GMT

Introduction
Generative AI is no longer a futuristic concept—it’s here, reshaping how organizations innovate, automate, and deliver value. In cybersecurity, AI plays two distinct roles that frame how we think about its impact: AI for Security acts as a force multiplier, enabling faster decision-making and a more agile, responsive defense posture. It helps security teams scale, automate repetitive tasks, and gain deeper insights from complex data. Security for AI focuses on addressing novel and amplified risks introduced by AI adoption, such as model reliability, data leakage, and identity challenges. It’s about building guardrails and governance to ensure AI systems remain safe, trustworthy, and secure.

Pig-Butchering Scams are on the Rise - Here's how to Protect Your Organization

Caroline Grace Parisher — Fri, 24 Oct 2025 17:08:39 GMT

The Hidden Danger Behind a "Wrong Number" Text

Have you ever gotten a text from an unknown number asking if you’d like to grab coffee, reconnect, or maybe even step outside for a smoke? It might seem harmless — even a little funny — but that message could be the start of something far more sinister. These casual “wrong number” texts are the first move in a sophisticated social-engineering scheme known as a pig-butchering scam. The term originated in China, where shā zhū pán (杀猪盘) literally means “to fatten the pig before slaughter.” It’s a chilling metaphor for how scammers operate: they build trust over time, convincing their targets that they’re forming a genuine relationship — a friendship, romance, or business connection — before coaxing them into fake investment opportunities. Once the victim is “fat enough,” the scammer drains every cent and disappears.

While the tactic isn’t new, the sophistication is. Advances in AI, deepfakes, and language models have made these scams more convincing than ever, allowing fraudsters to automate realistic conversations and create fake trading dashboards or social media personas at scale. Think of it as a modern blend of phishing and catfishing — except instead of pretending to be your boss or a relative, scammers pose as charming strangers. Victims are lured through social media or “wrong number” outreach, groomed through weeks or months of friendly chatter, and eventually persuaded to invest in cryptocurrency or business “opportunities.” What starts as a friendly hello can end in financial ruin.

The Rising Tide of Global Fraud

In recent years, the “fatten-then-slaughter” model behind pig-butchering scams has stormed into the American landscape with alarming intensity. According to a July 2025 report by the U.S.–China Economic and Security Review Commission (USCC), U.S. losses from China-linked fraud operations — including classic “pig-butchering” investment schemes — likely exceeded $5 billion in 2024, marking a more than 40% increase from the prior year. The escalating threat has prompted a strong federal response. In October, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), in coordination with the United Kingdom’s Foreign, Commonwealth, and Development Office (FCDO), imposed sanctions on the Prince Group Transnational Criminal Organization (Prince Group TCO) — a network of over 100 members known for orchestrating large-scale financial scams based on these very schemes. “The rapid rise of transnational fraud has cost American citizens billions of dollars, with life savings wiped out in minutes,” said Secretary of the Treasury Scott Bessent. “Treasury is taking action to protect Americans by cracking down on foreign scammers. Working in close coordination with federal law enforcement and international partners like the United Kingdom, Treasury will continue to lead efforts to safeguard Americans from predatory criminals.”

Pig-butchering scams may start by targeting individuals, but their ripple effects can reach far beyond personal bank accounts. In a corporate setting, a single compromised employee — especially one with access to sensitive financial systems or executive credentials — can become the entry point for catastrophic losses. The reputational damage alone can be staggering; imagine the fallout if a senior employee at a trusted financial firm were publicly deceived by such a scheme. As these scams grow increasingly sophisticated through AI-driven manipulation and realistic fake identities, organizations can no longer afford to see them as personal problems. A recent Investopedia article (Oct 2025) underscores just how advanced these tactics have become, describing how scammers now use AI-generated personas, deepfake images, and long-game social engineering via dating apps, social media, and messaging platforms to lure victims into fraudulent cryptocurrency “investments.”

From Awareness to Action

All of this said, what was once considered a problem far away from American soil is now firmly a domestic concern. Financial institutions, fintechs, and cyber-fraud teams across the U.S. are beginning to confront the fact that pig-butchering isn’t just knocking — it’s already inside the door. At the heart of every pig-butchering scam lies a single vulnerability: human trust. That’s why education remains the strongest first line of defense. Employees who understand how these scams work — how that “wrong number” text can evolve into a full-scale investment con — are far less likely to fall victim. Regular awareness training, clear communication protocols, and simulated social-engineering exercises can drastically reduce exposure.

Solutions That Matter

At Consortium, we help organizations identify and implement the tools that make this possible. Whether it’s company-wide phishing and social-engineering simulations through platforms like KnowBe4, or advanced behavioral detection and CrowdStrike threat hunting to uncover early indicators of compromise, we work with our clients to build a layered, human-centric defense. The reality is that scams like pig-butchering aren’t going away — they’re evolving. But with the right combination of education, technology, and proactive threat visibility, organizations can turn their employees from potential targets into active defenders. If you’re ready to strengthen your human firewall, Consortium can help you find the right mix of training and technology to stay one step ahead.

Information gathered from the following sources:
Internet Crime Complaint Center. (2022, October 3). Cryptocurrency investment schemes (Alert I-100322-PSA). FBI / IC3. https://www.ic3.gov/PSA/2022/psa221003

Newman, L. H., & Burgess, M. (2024, December 17). Stop calling online scams “pig butchering,” INTERPOL warns. WIRED. https://www.wired.com/story/interpol-pig-butchering-scams-rename/

Hayes, A. (2025, October 15). Pig butchering scams: What they are and the red flags you must spot early. Investopedia. https://www.investopedia.com/pig-butchering-scams-explained-11830383

U.S. Department of the Treasury. (n.d.). U.S. and U.K. take largest action ever targeting cybercriminal networks in Southeast Asia (Press Release SB-0278). https://home.treasury.gov/news/press-releases/sb0278

Reddan, N. (2025, July 18). China-linked scam centers are increasingly targeting Americans. The Washington Post. https://www.washingtonpost.com/national-security/2025/07/18/china-scam-pig-butchering-congress/

TRM Labs. (n.d.). Unmasking pig butchering scams: The $4 billion crypto scheme preying on vulnerable investors. https://www.trmlabs.com/resources/blog/unmasking-pig-butchering-scams-the-4-billion-crypto-scheme-preying-on-vulnerable-investors

U.S.–China Economic and Security Review Commission. (n.d.). China’s exploitation of scam centers in Southeast Asia. https://www.uscc.gov/research/chinas-exploitation-scam-centers-southeast-asia

MCP Security: Why Your Standard Vendor Questionnaire Won't Cut It

Maxim Kovalsky — Thu, 16 Oct 2025 16:54:56 GMT

Fal.Con 2025: AI, Cloud and the Agentic SOC - Consortium's Key Takeways

Consortium — Wed, 24 Sep 2025 15:22:38 GMT

CrowdStrike’s annual Fal.Con 2025 conference in Las Vegas showcased a bold vision for cybersecurity’s future. As a Platinum Sponsor (and freshly awarded Global Technical Champion of the Year), Consortium had a front-row seat and even led four expert sessions on SOC transformation, IT deployment, AI-powered app development, and next-gen SIEM. For security leaders who couldn’t attend, we’ve distilled the most critical takeaways focusing on what matters for decision-makers evaluating CrowdStrike: the evolution of the Falcon platform, cloud security advancements, next-gen SIEM (Onum), and the rise of the AI-driven Agentic SOC.

From Threat Detection to Risk Reduction

Consortium — Mon, 22 Sep 2025 16:40:08 GMT

Consortium and CrowdStrike Empower Leaders to Quantify and Act on Cyber Risk

From Insight to Improvement: How Consortium and Corelight Strengthened Suricata Alert Visibility in CrowdStrike Next-Gen SIEM

jeffrey.serio@consortium.net (Jeffrey Serio) — Mon, 22 Sep 2025 15:41:18 GMT

In cybersecurity, no single tool delivers complete protection in isolation—success is built on interoperability, insight, and collaboration. That belief is at the heart of the upcoming C4 initiative (Consortium, Corelight, Cribl, and CrowdStrike) on June 12th, 2025, which showcases how these platforms combine to deliver exceptional detection outcomes.

Consortium Wins 2025 CrowdStrike Global Technical Champion of the Year Award!

Consortium — Thu, 18 Sep 2025 02:26:06 GMT

Consortium Wins 2025 CrowdStrike Global Technical Champion of the Year Award!

Resetting the Standard for Integrated, Outcome-Driven Security

Consortium — Wed, 17 Sep 2025 22:21:30 GMT

From identifying a critical detection gap to delivering a fully integrated, MITRE-aligned defense — Consortium advances SOC modernization and moves clients from insight to improvement.