Tag Archive for: job’

Week in review: Spot deep-faked job candidates, data exfiltration via bookmarks, Patch Tuesday forecast

/in


Cybersecurity news

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel
Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make users’ lives easier, but may also allow hackers to establish a covert data exfiltration channel.

Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)
Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?

Cyberattack prevention is cost-effective, so why aren’t businesses investing to protect?
In this Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cybersecurity Strategy and Policy, AttackIQ, offers insight for CISOs – from talking to the Board to proper budget allocation.

August 2022 Patch Tuesday forecast: Printers again?
Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers.

How to minimize your exposure to supply chain attacks
Supply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat. Here are are several steps you can take to minimize your risk of being involved in a supply chain breach.

The most impersonated brand in phishing attacks? Microsoft
Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks.

6 ways your cloud data security policies are slowing innovation – and how to avoid that
As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. With more and more data migrating to the cloud, these policies must adapt to a wide range of data stores, locations, uses and environments.

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and…

Source…

There is a cybersecurity talent gap across the US. Here’s what to put on your résumé to a land high-paying job in the industry.

/in


“There certainly is a talent gap in the United States,” Kevin Bordlemay, senior manager of talent acquisition at computer security firm Mandiant, told Insider. “There is by no means enough talent to fulfill the roles that are out there.”

Source…

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

/in


The $540 million hack of Axie Infinity’s Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.

According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF.

“After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package,” the Block reported.

The offer document subsequently acted as a conduit to deploy malware designed to breach Ronin’s network, ultimately facilitating one of the crypto sector’s biggest hacks to date.

“Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised,” the company said in a post-mortem analysis in April.

“This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

In April 2022, the U.S. Treasury Department implicated the North Korea-backed Lazarus Group in the incident, calling out the adversarial collective’s history of attacks targeting the cryptocurrency sector to gather funds for the hermit kingdom.

Bogus job offers have been long employed by the advanced persistent threat as a social engineering lure, dating back as early as August 2020 to a campaign dubbed by Israeli cybersecurity firm ClearSky as “Operation Dream Job.”

CyberSecurity

In its T1 Threat Report for 2022, ESET noted how actors operating under the Lazarus umbrella have employed fake job offers through social media like LinkedIn as its strategy for striking defense contractors and aerospace companies.

While Ronin’s Ethereum bridge was relaunched in June, three months after the hack, the Lazarus Group is also suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

The findings also come as blockchain projects centered around Web 3.0 have lost more than $2 billion to hacks and exploits in the…

Source…

Hackers Used Fake LinkedIn Job Listing to Steal $625 Million from Axie Infinity

/in


Earlier in March this year, Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity and Axie DAO suffered the largest crypto hack against a decentralized finance network reported to date.

In May 2022, the United States issued an advisory according to which highly skilled hackers from North Korea were trying to get employed by posing as IT freelancers. Now, it has been revealed that Axie Infinity hacking was socially engineered in which North Korean government-backed hacker group Lazarus used a fake job offer to infiltrate Sky Mavis’ network by sending one of the company’s employees a PDF file containing spyware.

Lazarus’ involvement in such a high-profile hack should not come as a surprise. In January 2022, researchers from different crypto security firms concluded that North Korean hackers have so far stolen $1.3 billion from cryptocurrency exchanges across the globe, while their prime suspect in these hacks was the infamous Lazarus gang.

Axie Infinity Hack

The employee, an ex-senior engineer at the company, took the bait and thought that it was a high-paying job offer from another company and opened the PDF. However, in reality, this company didn’t exist. During the recruiting process, the ex-employee gave away critical personal information, which attackers used to steal from the company.

Sky Mavis explained that its employees are constantly threatened by “advanced spear-phishing attacks on various social channels.” In this instance, one employee was fooled, who doesn’t even work at Sky Mavis anymore.

It is worth noting that the play-to-earn game Axie Infinity is a Pokemon-inspired game developed by Sky Mavis and rakes in approximately $15 million in revenue daily.

How was Ronin Hacked?

According to The Block, when the hacking took place, Axie Infinity had nine validators from its proof-of-authority, an Ethereum-based sidechain Ronin.

“The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes,” Sky Mavis stated.

The attacker had to capture five out of nine validators to infiltrate the company’s networks. The…

Source…