New hacker group named Royal Operation tracked / Swachh City platform hacked, 16M affected / Brave Browser to block cookie notifications

Plus: Report claims crypto hackers make $1 for every $53 they cost their victims

Inside.com Part of   Network September 29, 2022

Presented by

A new ransomware group named Royal Operation has been tracked by security researchers. The group is believed to have ties with numerous hacker groups that are now defunct. More: The group is believed to have been formed in January 2022. Researchers claim that the group uses phishing and social hacking as threat vectors. The group has created fake landing pages that lead users to believe they are renewing subscriptions for popular apps. The victims are advised to call a number, after which false help desk agents convince the victims to download a remote access software. Once the hackers gain access, they use tools such as Cobalt Strike to breach security walls, gain admin privilege credentials, and steal data.  Royal Operation reportedly asks for $250,000-$2M as ransom and uses TOR to communicate with the victims. While many details and even the legitimacy of these claims are not known yet, researchers advised enterprise admins to raise their awareness regarding this hacking campaign.

The Swachh City platform has been hacked by a threat actor tracked as LeakBase. The cyberattack has led to 16 million users having their data stolen. More: Swachh City is a platform where citizens in India send their complaints regarding issues that affect their daily local life. Information stolen from hackers includes: usernames, email addresses, password hashes, mobile numbers, last logged-in times, and IP addresses. Researchers believe that 101,718 unique email addresses and 15,835,111 unique mobile numbers have been breached. The platform is currently shut down, while authorities in India have not given a lot of details regarding the incident. Security researchers stated that the news regarding this cyberattack is likely authentic and that the campaign has been active since March 2022. Leakbase is also known as Chucky, Chuckies, Sqlrip, etc.

A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: Design through automating threat modeling Generating application security requirements Providing secure development Compliance best practices. The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Download the whitepapers

Brave Browser has announced that it will soon offer the ability to block cookie agreement notifications from popping up on users' screens, aiming to protect their privacy. The browser will deny agreeing with the cookie requirements rather than use auto-consent. More: The company stated that this feature will be optional and that users will be asked permission to activate it. Brave Browser's latest feature will be available in version 1.45, which is expected to be released in October. Those who use Brave Nightly, a version of the browser that automatically is updated with all of the latest changes from the company, already have this feature. Once released, the browser will block cookies for desktop and Android, while iOS cookies will be blocked later on.

According to a new report, crypto-hackers make $1 for every $53 they cost their victims in extra expenses. The statistics are published as cryptojacking has become more prevalent than ever. More: The report is based on a deep-dive analysis made about TeamTNT, a threat actor involved in numerous hacking campaigns. This threat actor had $8,210 in several crypto wallets. The hacking campaigns conducted by the group to steal these funds cost its victims over $400,000 in extra cloud expenses. Besides software spending, these hacking campaigns can become a burden for hardware devices that have to process large amounts of data, causing them to break down. Once all these expenses are factored in, the researchers calculated hackers make $1 for every $53 they cost the victims they breach. Cloud and containers are two of the most targeted segments by hackers.

A message from QUANTUM Save Your Data Before It Needs Saving - Air-Gapped Protection: Reliable and Cost-Effective Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo

Cybersecurity startup Onyxia has raised a $5M Seed round. The company is based in New York City. More: World Trade Ventures led the round, with participation from Silvertech Ventures. The company offers a platform that uses Artificial Intelligence to provide real-time data about different security KPIs. Companies can customize the platform so that it measures the KPIs the company believes are the most important. The company was founded by a former Israeli Defense Force member and is based in Israel.

Quick Hits: Build a real estate investment portfolio you won't lose sleep over when you use Doorvest.* A new malware that targets military contractors has been tracked. The malware targets, among others, F-35 fighter aircraft suppliers. A hacker group known for breaching ATMs and stealing credit card information has resurfaced. The Brazil-based threat actor has been inactive for over a year. Hackers continue to use the GO programming language as their first language of choice for creating malware, as the newly tracked Chaos malware is written in GO. The malware, which attacks Windows and Linux, has quadrupled in size in a short time. Cisco Talos, a cybersecurity company, has announced a new finding. The company has detected a hacking campaign that uses Cobalt Strike attacks to penetrate security protocols and hibernate. The malware could then be activated and deployed at a later period. *This is sponsored content.

Upcoming events at Inside: October 04 - Webinar: Shrink the Attack Surface (Register Here) * October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here) October 11 - AMA with Mike Malone (Smallstep)* (Register Here) October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here) October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here) November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here) December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here) *This is a sponsored listing.

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords.

Security Compass is on a mission to accelerate software time-to-market while managing risk.

With Quantum, we shift the focus from accumulating data to making it work for you.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.