Source: The now-defunct Baller Ape website

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair • July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Breach Notification

How to Implement PAM Across Multiple Companies

Latest

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Leadership & Executive Communication

Okta to Spend $1M Helping Nonprofits Improve Their Security

Michael Novinson • July 1, 2022

Identity titan Okta has awarded $1.02 million in grants to groups focused on linking nonprofits with the talent needed to configure and manage security technology. Nonprofits have limited access to infrastructure and human capital to address their cybersecurity needs, and Okta hopes to change that.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

Email Security & Protection

OpenSea Customer Emails Exposed in Third-Party Breach

Mihir Bagwe • June 30, 2022

Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.

Governance & Risk Management

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Marianne Kolbasuk McGee • June 30, 2022

Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion.

Biometrics

Token Snags Ex-OneSpan Revenue Leader John Gunn as New CEO

Michael Novinson • June 30, 2022

Token selected former OneSpan CRO John Gunn as CEO to scale the organization and prepare its wearable authentication ring for large-scale production. Gunn is tasked with sourcing the critical components needed to manufacture the ring and building a base of paying clients for the biometric tool.

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair • June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.

Email Security & Protection

The Criticality of Reporting Cybercrimes

Anna Delaney • June 30, 2022

For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

Fraud Management & Cybercrime

Zero Trust Architecture: No Firewalls or VPNs

Anna Delaney • June 30, 2022

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019.

Endpoint Security

CyGlass Separates From Nominet, Pursues XDR Partnerships

Michael Novinson • June 29, 2022

CyGlass completed a management buyout from Nominet just two years after being acquired and wants to build an EDR stack via partnerships. Board and management changes at Nominet in 2021 resulted in the company returning to its registry roots and gave CyGlass workers the chance to buy the company.

Cybercrime

Ransomware Groups Pursue Fresh Monetization Strategies

Mathew J. Schwartz • June 29, 2022

Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.