Russian group Gamaredon cyberattacks a NATO country / FTC fines Epic Games $520M / Russian hackers breach the JFK Airport taxi dispatch system

Plus: The FDA is asking for more medical device security funding from Congress

Inside.com Part of   Network December 20, 2022

A new report claims that the Russian hacker group Gamaredon tried to hack oil refineries in a NATO state but ultimately failed to do so. The cyberattack happened on Aug. 30, 2022. More: The group has traditionally targeted Ukrainian entities with Ukrainian language lures, but in this campaign, the group also attempted to hack its target with lures in the English language. Gamaredon is known for using fast flux DNS as a way to increase the resilience of its hacking operations. The group has previously used its hacking campaigns for cyberespionage while it used advanced methods such as DNS bypassing, phishing, geoblocking, etc. At this stage, it is still unclear what country was targeted by the hacker group.

The FTC has fined videogame publisher Epic Games $520M over several children's privacy charges. The company is believed to have violated the Children's Online Privacy Protection Act. More: Epic Games is known for creating games such as Fortnite. According to the regulatory authority, Epic Games made it too easy for kids to purchase online items and broke their privacy rules by automatically enabling voice communication features. The FTC has directed the company to pay two separate fines: a $275M fine for breaking privacy rules and a second one that amounts to $245M, which should be a refund for its customers who were billed unfairly by the company. This refund fine will be the largest in the history of the FTC. With the new changes set in place, if a player registers with a birth date that places them below their country's age of digital consent, then certain features are turned off.

Russian hackers managed to breach the taxi dispatch system at JFK International Airport in cooperation with two New York residents. The scheme lasted two years until the scammers were caught by law authorities in the U.S. More: The two individuals charged taxi drivers $10 for each time they skipped ahead of other drivers and gave them waivers from the $10 fee if they recruited others. The two men each face two counts of conspiracy to commit computer intrusions, which could mean a maximum sentence of 10 years in prison. In cooperation with Russian hackers, the men bribed someone to insert a flash drive into computers connected to the system used to dispatch the taxis and then took advantage by exposing the system to threat vectors. The scheme enabled the scammers to complete as many as 1,000 taxi rides per day, meaning the Russian hackers could have made $100,000 in a short period of time.

The FDA is asking for more medical device cybersecurity funding from Congress. The agency is waiting for the approval of a $5M security program. More: Medical device hacking has become more common recently as medical devices have become more reliant on technology. Devices such as heart defibrillators work with external signals, making them a potential target for threat actors who want to cause as much damage as possible by being as far away from the target as they can. Healthcare attacks are seen as an effective way to achieve this goal. The FBI warned in September that hundreds of vulnerabilities in widely-used medical devices are making patients and healthcare organizations prime targets. Congress has previously passed medical device cybersecurity legislation, but healthcare actors involved in the process have expressed their dissatisfaction with the current legal framework, claiming that it leaves space for threat actors to take advantage of unnecessary flaws that have been left unfixed.

Foundation Devices has raised a $7M Seed funding round to design safe crypto hardware wallets. The company is based in Boston, Massachusets. More: The company claims its devices are air-gapped and safe from threats that take advantage of flaws in technologies such as Bluetooth. The devices are sold for $259 and have built-in firmware that uses open-source code found on GitHub. Foundation Devices produces its hardware crypto wallets in the U.S., something that the company believes will entice its users to purchase the devices even more. Polychain Capital led the funding round, with participation from Greenfield Capital, Lightning Ventures, Third Prime, Warburg Serres, Unpopular Ventures, and Bolt.

Quick Hits: No more waiting weeks to find a therapist. Sign up with BetterHelp and you can get matched with a therapist in less than 48 hours.* Toronto's Hospital for Sick Children has been hit with a cyberattack by an unknown threat actor. The hospital has struggled with phone calls and web page interactions. BlackBerry's CEO has stated that it expects its revenue from cybersecurity services to remain flat throughout H1 '23 but that the same would pick up in H2. Cybersecurity is still seen as a top tech budget priority by executives, according to this report. *This is sponsored content.

Upcoming events at Inside: January 07 - AMA with TripActions - Corporate Travel and Expense Management Solutions w/ Ram Bartov (Watch Here) January 07 - AMA with Security Compass - Building Secure Compliant Software for the Public Sector w/ Jay Ryan (Watch On Demand) January 07 - AMA with Smallstep - Secured Distributed Systems of the Future w/ Mike Malone (Watch On Demand) January 07 - AMA with Synthesis AI - Synthetic data for more efficient and ethical model development w/ Yashar Behzadi (Watch On Demand) January 07 - AMA with Teamflow - Sales Development Representative Management + Career Development w/ Joshua Garrison (Watch On Demand) January 07 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand) January 07 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand) January 10 - Inside Startups Coffee Break (Register Here) January 17 - Inside Marketing Coffee Break (Register Here) January 31 - Growth Summit 2023 (Register Here)

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.