 Interpol has broken up a cyber extortion ring that operated in Asia. According to Interpol, the group brought in over $47,000. More: - The International Police Organization claims that the groups, located in Hong Kong and Shanghai, threatened their targets that they would release intimate pictures and videos of them.
- Interpol claims that often, these groups do not have compromising material but boost their chances of getting a ransom by adding a stolen password in their conversation with their targets.
- The group had 12 members who targeted at least 34 victims.
Zoom Out: - Authorities in India recently arrested three individuals over similar charges. The three men ran an extortion racket, using social media and other apps as tools to gain access to private information and content.
- A man in Northern Ireland was also arrested three weeks ago after he blackmailed another individual with private content.
| |
 InterContinental Hotels Group has been hit by a cyberattack. The breach put a hold on the company's bookings. More: - InterContinental is based in Britain and has a presence in over 100 countries. It manages brands such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn, etc.
- The company's more than 6,000 locations could not process their bookings after the cyberattack affected its database.
- While the company has not disclosed many details about the attack, researchers believe that the hotel chain is a victim of a ransomware breach.
- The InterContinental app is currently down for its users.
- Over 4,000 users are believed to have been compromised so far.
Zoom Out: - In Jan. 2022, researchers reported that over 500 million records had been stolen from Marriot's database.
| |
 A message from SECURITY COMPASS This is your show developers! Come and interact with our panel through questions or advice on how we can all improve developer-centric threat modeling. What to expect: Earlier this year, Security Compass ran a survey that probed the mind of developers. During this webinar, we'll be discussing our findings with security experts who live in the developer and threat modeling space. What you will learn: - The connection between developer user stories or requirements, coding, and threat modeling.
- How to keep up with the ongoing discovery of software weaknesses.
- Practical advice for developers is to stay current on threat modeling practices.
When: September 14, 2022, at 11am EST Whether you are a developer, lead, architect, or thread modeler, this webinar will leave you with something to think about. Register Here
| |
 Over 300,000 gamers have been targeted with malware-infected files between June 2021 and July 2022. The gamers were targeted with over 90,000 infected files. More: - Hackers mainly targeted gamers with three types of cyberattacks:
- Downloaders
- Adware
- Trojans
- Downloaders were by far the most common threat vector, representing 88% of overall cases.
- These numbers represent only cyberattacks on the top 28 most popular PC games, meaning that the actual number of hacking campaigns in e-sports is much larger.
- Researchers believe that hackers will increasingly target video games as the industry becomes more popular and new models such as earn-to-play become common.
- In particular, hackers may aim to steal funds saved in video game wallets and cryptocurrency wallets.
Zoom Out: - Hackers stole over $600M from Axie Infinity, a play-to-earn blockchain-based game that has become popular in recent years, only a few months ago.
- Cyberattacks in the video game industry have increased by 167% YoY.
| |
 Half of the surveyed companies in a new report have claimed they compromise with hackers in ransomware scenarios. The report interviewed almost 3k company executives. More: - 90% of the surveyed executives believe that their companies are made a target because of their customers.
- Only 47% said that they provide their suppliers and customer with proper information that would help them avoid putting the company at risk.
- While companies were able to track 63% of payload attacks, the figure drops considerably when other attacks such as Cobalt Strike(53%), data exfiltration (49%), initial access (42%), and lateral movement (31%) come into play. This statistic highlights a more significant issue that companies face, which is the lack of information they have on the actions that they should take to prevent cyber attacks in the first place.
- Employees are also considered a security liability by management teams, a claim that is supported by industry statistics as well. Threat actors have often taken advantage of employee log-in credentials and admin privileges, bypassing security protocols that companies have put in place.
| |
 A message from NORDLAYER NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. We help organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution, within an ever-evolving SASE framework. Why NordLayer? - Quick and easy to integrate with existing infrastructure
- Hardware-free
- Designed with ease of scale in mind
NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today. Sign up Today
| |
 The Worok hacker group is targeting Asian companies with a hacking campaign. The group is using spyware to extract data with the goal of potentially using it as ransom and selling it online. More: - The group uses a multi-stage attack by first deploying CLRload.
- This attack then spreads a PowerShell script through a malicious PNG file.
- In addition to Asian companies, cybersecurity researchers believe that the group is focused on breaching African targets.
- The energy, financial, maritime, and telecom sectors are the most targeted industries.
- Worok is using tools written in languages such as C++, C#, etc. The threat actor is believed to use similar tools to APT40.
Zoom Out: - APT40 is believed to be a China-based threat actor that has been actively deploying hacking campaigns since 2009.
- The group has targeted robotics, biomedical, healthcare, military, and other industries.
| |
Quick Hits: - Origin Investments’ IncomePlus Fund has seen its 27th consecutive month of positive returns, generating 18.7% over the past 12 months.*
- Researchers have tracked a new phishing-as-a-service tool known as EvilProxy. The hacking tool is being sold on online forums for $400 per month, while the cost goes up to $600 if the tool is used against Google accounts. The toolkit is able to bypass security protocols and 2FA authentication codes.
- Network hardware provider QNAP has released a statement that warns all its users to update their devices to the latest version. The announcement comes days after reports that a ransomware attack was used to breach its users through a zero-day flaw.
- Cymulate, a cybersecurity company based in Israel, has raised a $70M Series D. The company offers a simulation software product that enables companies to learn how to prevent and prepare against cyberattacks.
- Government officials in Kosovo have stated that their internet connection was disrupted as a result of a cyberattack. The origin of this attack is unknown so far.
*This is sponsored content.
| |
Upcoming events at Inside: - September 07 - AMA with Andrew Gazdecki (Founder of MicroAcquire) (Register Here)
- September 09 - AMA with Jay Ryan (U.S. Federal Government Program Manager at Security Compass) (Register Here)
- September 14 - What Do Developers Think of Threat Modeling? (feat. security experts from Security Compass, Dell, and Tricentis) (Register Here) *
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Register to learn What Do Developers Think of Threat Modeling? | |
| |
