This Week in Security News - March 25, 2022
An investigation of cryptocurrency scams and schemes, and Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about cryptocurrency scams and schemes. Also, read about the recent developments surrounding Laspus$, the hacking group behind the hacks of Microsoft and Okta.
The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has enabled use of cryptocurrency to expand, interest and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency and non-fungible tokens (NFTs).
A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$. The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one.
Hive ransomware is one of the new ransomware families in 2021 that poses significant challenges to enterprises worldwide. Trend Micro takes an in-depth look at the ransomware group’s operations and discusses how organizations can bolster their defenses against it.
Okta says 366 corporate customers, or about 2.5% of its customer base, were impacted by a security breach that allowed hackers to access the company’s internal network. The authentication giant admitted the compromise after the Lapsus$ hacking and extortion group posted screenshots of Okta’s apps and systems, some two months after the hackers first gained access to its network.
2021 was an immensely profitable year for crypto investors. Unfortunately, however, it was also a very profitable year for crypto scammers, with them taking a record $14 billion. Trend Micro shares to learn how to avoid becoming another victim of crypto scammers.
The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents. IC3 handled 847,376 complaint reports last year which mainly revolved around phishing attacks, non-payment/non-delivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.
With tax season approaching, scammers are posing as the Internal Revenue Service (IRS) to steal money and personal information. Trend Micro shares the top 3 scams to avoid and tips on how to stay safe.
Researchers have exposed a Mustang Panda campaign that is taking advantage of the Russia-Ukraine conflict to spread new malware. Researchers from ESET said that Mustang Panda, a Chinese cyberespionage group also tracked as TA416, RedDelta, and Bronze President, has been spreading a new Korplug/PlugX Remote Access Trojan (RAT) variant.
Hackers associated with Russian internet addresses have been scanning the networks of five US energy companies in a possible prelude to hacking attempts, the FBI said in an advisory to US businesses. The FBI issued the notice days before President Joe Biden publicly warned that Kremlin-linked hackers could target US organizations as the Russian military continues to suffer heavy losses in Ukraine and as Western sanctions on the Kremlin begin to bite.
What did you think of the recent Okta and Microsoft breach? Tweet me on Twitter to continue the conversation: @JonLClay.