China government-backed hackers stole U.S. COVID-19 relief funds, according to a recent report. Initial analysis shows that the attack affected 12 U.S. states, while it is believed that all 50 were targeted. More: - APT-41, a threat actor known for having previously carried out many hacking campaigns against the U.S., is believed to be the group responsible for the breach.
- The Secret Service has stated that it has opened over 1,000 investigation cases regarding a campaign that is believed to have started as early as 2020.
- So far, authorities believe that APT-41 has been able to intercept over 40,000 financial transactions and 2,000 unique accounts.
Zoom Out: - APT-41 (also known as Double Dragon, Barium, and Wicked Panda) is a state-backed Chinese hacker group. The group's motives are both cyber espionage and financial gain.
- The threat actor, first tracked in 2014, has conducted operations against the healthcare and high-tech sectors while also conducting espionage operations against political opponents. Its financial gain operations usually target the video game industry.
- In 2020, the U.S. DOJ presented charges against five Chinese and two Malaysian citizens for breaching over 100 companies globally.
| |
The second largest bank in Russia, VTB Bank, is being hit with the "largest" DDoS attack in its history. The IT Army of Ukraine has claimed responsibility for the cyberattack. More: - The cyberattack has reportedly left users unable to use VTB Bank's website and mobile app services.
- VTB claims the attack is the largest in the company's history.
- According to an official statement, most of the IP addresses from which the DDoS attack was launched were in Russia. All of these addresses have been reported to local authorities.
- Other Russian banks in Russia, such as the Central Bank of Russia and Alfa Bank, have been hit by cyber attacks in the last weeks.
Zoom Out: - Russia and Ukraine have been at the center of what has been considered the world's first cyberwar. Russia has attacked Ukraine with cyberattacks since 2013, managing to shut down its energy grid in 2015 for the first time, an act that was repeated later on.
- Ukraine was hit with nearly 400,000 cyberattacks in 2020. Since the start of the war in March 2022, the country has consistently been hit with Russian hacking campaigns.
- Russia has targeted government agencies, the military, critical infrastructure, etc. Russian cyberattacks recently managed to shut down the energy grid in certain parts of Ukraine.
- Only a few days ago, Microsoft stated that Russia was launching ransomware attacks against Ukraine and NATO-member Poland.
- A new report from security researchers claims that Russians are using their access to U.K. and U.S. networks to attack Ukraine.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Explore role-based, language-specific, secure developer training that meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. Choose over 50 cybersecurity courses covering topics including: - AppSec Fundamentals
- Secure Coding
- Secure Mobile
- Compliance, PCI-DSS, CCPA, HIPAA
- Operational Security, like DevSecOps Fundamentals and DevSecOps for Managers
Influence developers to adopt secure coding without getting in their way. Learn more
| |
Four hackers who stole information from U.S. government employees have been arrested in England and Sweden. The four men are accused of transnational wire fraud and identity theft. More: - The hackers obtained unauthorized access to United States businesses' computer servers, participated in stealing U.S. residents' personally identifying information from those servers, and used that information to file false and fraudulent IRS forms, seeking income tax refunds with the IRS.
- These hackers used an illegal marketplace known as xDedic Marketplace to gain access to U.S. government networks by purchasing passwords that were stolen through brute-force attacks.
- This marketplace was taken down in 2019 in an operation led by the FBI, the IRS-CI, and the U.S. Attorney's Office for the Middle District of Florida.
- If convicted, each suspect could be sentenced to a maximum penalty of 20 years in federal prison for the wire fraud count, as well as additional penalties for the remaining counts.
Zoom Out: - In 2021, it was reported that Russian hackers, backed by the Russian government, had managed to steal information from the U.S. Treasury and Commerce.
- In 2016, it was reported that Chinese hackers stole information from over 22,000,000 government records. The case resulted in several resignations from high-ranking government officials and a $63M lawsuit.
| |
The Swiss government wants to make reporting cyberattacks on critical infrastructure mandatory. The proposal comes shortly after the U.S. and EU updated their cybersecurity legislation and adopted similar proposals. More: - Under the proposed legislation, all reports would be analyzed by the National Cybersecurity Centre.
- According to a decision reached by the Federal Council, mandatory reporting would provide the NCSC with a clearer picture of the cyberattacks that have occurred in Switzerland and the way these cyberattacks were deployed. This could help NSCS report the threat before companies or organizations are hit by hackers.
- The NSCS would require that those who report fill out an electronic form.
- This proposal not only obliges companies to help protect against cyberattacks but also requires the NCSC to offer support in dealing with cyberattacks.
Zoom Out: - The European Union recently adopted new cybersecurity regulation that aims to make the union more secure from external threats. The new steps mentioned in the bill oblige companies and institutions to take more serious measures to strengthen their defense and report any time they are hacked.
| |
 A message from REALPHA Invest In the Startup Turning Airbnbs Into An Asset Class Short-term real estate has 70% higher revenue potential than long-term, but massive barriers to entry have kept the everyday investor out. reAlpha’s mission is to give millions of people the opportunity to become part-owners in property through their app-based platform. The company uses machine learning and AI to select the most viable investments, renovate them, maintain them, and allow users to buy shares of them like stocks. But even before they launch their platform, you can invest in the company itself. Along with it's $6 million seed led by multi-billion-dollar real estate group, reAlpha is already revenue generating and has: - A portfolio of vacation properties with a new $200M financing deal (one of the largest in industry history)
- $40.8 million in equity to acquire more properties
- Demand-side community of 50,000
- The only platform giving people an easy way to access the the $1.2 trillion vacation rental market.
Now is your chance to join 50,000 others in the community alongside industry titans as they revolutionize real estate for good. Become a reAlpha shareholder before the December 8th deadline. Invest Here
| |
Saporo has raised a $4.1M funding round to protect SMEs from cyberattacks using its AI platform. The company is based in Lausanne, Switzerland. More: - Saporo aims to reduce the chances of a company being hacked by reducing the number of users that have access to key systems.
- The company offers a platform that analyzes millions of attack paths and presents them in graphs. The attack paths are ranked based on the impact that they may have on the company if they were to be exploited.
- Its product can be integrated with Azure, and Amazon Web Services, while integration with Google Cloud is expected to be rolled out soon.
- Saporo claims that clients who have used the product have been able to reduce their attack surface by 80%.
- The company launched in January 2022.
- XAnge led the funding round with participation from Session VC and Lightbird Ventures.
| |
Quick Hits: - Final days to invest in the startup disrupting the $1.2T vacation rental industry. Become a reAlpha shareholder before 12/8.*
- Blackbird Ventures has led a $3.6M Pre-Seed funding round for cybersecurity company SafeStack. NAB Ventures, Carthona Capital, and Jelix Ventures also participated in the round.
- Google has fixed 81 vulnerabilities in its December security update, including four high-severity flaws, CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, and CVE-2022-20498.
- A hacker group known as BackdoorDiplomacy is targeting countries in the Middle East. The group is believed to be located in China and uses a number of tools, such as Quarian backdoor, Debug View, Putty, etc.
- Human Rights Watch has reported that at least 20 individuals are being targeted by Iranian hackers. At least three of the 20 targets were breached and had their email content stolen.
- Taking care of yourself matters, and BetterHelp connects you to a therapist within 48 hours without having to leave home. Get 25% off your first month.*
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| |
