Email Security News Round-Up [July 2022]
Data theft is an issue that big and small organizations face every day.
People and companies lose sensitive data, protected health information, personally identifiable information, intellectual property, governmental and industry information, and much more.
July was like any other month—with cybercrime making headlines and millions of dollars in losses due to data theft.
Check out July’s top news stories in our round-up below.
The non-fungible token-based online video game Axie Infinity lost $620 million in crypto after hackers implemented a simple phishing scam and social engineering tactics.
The trouble started when one game developer received a fake job offer from North Korean hackers via LinkedIn.
One senior engineer responded to the fake job offer and unknowingly downloaded an infectious PDF file onto a company computer.
The cybercriminals were then able to infiltrate the game’s Ethereum-linked sidechain, corrupt four token validators and one Axie DAO validator, and steal $620 million in cryptocurrency.
Two notorious groups: Lazarus and APT38, have been identified as the culprits.
While reverse engineering several mental health apps, security researcher Maia Arson Crimew discovered a vulnerability in the Feelyou mental health app, owned by Japan-based company Bajji.
The vulnerability exposed 78,000 users’ email addresses across more than 170 countries.
However, Bajji founder Noritaka Kobayashi stated that the app doesn’t collect the personal information of its users, like names, phone numbers, credit card info, etc.
Feelyou later announced that the vulnerability had been patched.
A threat actor identified as ChinaDan announced the sale of over 23 terabytes (TB) of stolen data for nearly $195,000.
The cybercriminal claims the data stems from the Shanghai National Police database, including one billion Chinese national residents’ names, addresses, national ID numbers, etc.
Binance CEO Changpeng Zhao tweeted that the company’s threat intelligence team found the records for sale on the dark web.
The alleged cause of the breach was a government developer who accidentally wrote a tech blog on CSDN and included the credentials.
The decentralized music streaming platform Audius lost $6 million worth of AUDIO tokens on Saturday, July 23rd. Cybercriminals exploited a smart contract vulnerability, allowing them to pass proposals without unilateral voting.
This, in turn, enabled the transfer of 18 million $AUDIO worth $6 million from Audius’ community pool to the hackers’ wallet. The malicious actors sold the tokens on Uniswap for $1.08 million.
The attackers somehow managed to change the platform’s control dynamics as well. The vulnerability has been live since October 2020, when the smart contracts were initially deployed.
Audius stated that it would take critical steps to enhance the incident response time and plans on implementing elevated automated tools to detect any suspicious activity.
July was no exception.
Big or small, organizations must enhance cybersecurity awareness and implement effective measures to protect their customers and data.