Weekly Email Security News Recap #2 [July 2022]
Ready to catch up on July’s second week of cybersecurity and email news?
This recap starts off with shocking news stories—one of which is the world’s richest man being sued. The other topic covers the news about a $625 million theft from the gaming company Axie Infinity.
Twitter filed a lawsuit against Elon Musk on Tuesday, accusing him of not following his obligations under their agreement.
The company aims to hold Musk to his obligations under the contract.
The world’s richest man is trying to exit the $44 billion purchase deal. He claims that Twitter has not satisfied his requests regarding spam and bot activity on the platform.
Twitter chose to file a lawsuit to enjoin Musk from other violations. The lawsuit was filed in the Delaware Court of Chancery, where the company is incorporated. It seeks to get Musk to fulfil his legal responsibilities, but legal experts say the outcome could go either way.
The court could force Musk to abide by the agreement or pay a hefty $1 billion break-up fee. Renegotiation or settlement is also possible.
Twitter board chairman Bret Taylor said the lawsuit is meant to hold Elon Musk accountable.
Musk responded to the situation by tweeting, “Oh, the irony, lol.”
The merger agreement with Musk has an October 24th “drop-dead” expiration date; therefore, Twitter wants its case heard before the deadline.
Fake Job Interviews Caused $620 Million Steal from Axie Infinity
A rather simple type of phishing attack caused Axie Infinity to lose $620 million in crypto.
It all started when one game developer received a fake job offer from North Korean hackers. This news comes after our mid-May news recap, which included a story on the US government issuing a warning on illicit actions of North Korean I.T. workers.
The threat actors have been identified as two notorious groups: Lazarus and APT38. These hackers are reportedly involved in various cryptocurrency thefts for the North Korean government.
Some sources state that the cybercriminals contacted staff at Sky Mavis over LinkedIn and showed interest in hiring them.
One senior engineer at Axie Infinity responded to the fake job offer attracted by the generous salary and went through multiple interviews. The engineer received a PDF file describing the position, which was actually the hackers’ way into the Ronin systems.
The employee downloaded the infectious file on a company computer, enabling the hackers to infiltrate Axie Infinity’s Ethereum-linked sidechain (Ronin), which supports the NFT-based online game.
After that, the cybercriminals corrupted four token validators and one Axie DAO validator, making off with $620 million in cryptocurrency.
Sky Mavis’s financial damage was fundamental; they are still in the process of compensating the affected players.
Organizations of every size, industry and nation-state have faced attacks that include infected devices, stolen information, and disrupted systems.
Cyberattacks take place every day, and there’s only one solution: to affirm your security measures.