Welcome reader to your Monday CybersecurityHQ report.

Headlines

MGM Resorts International's stock dipped 1% in after-hours trading as the company disclosed that its recent cyberattack will cost the company approximately $100 million. Cybersecurity insurance will most likely cover most of it, but the entire ramifications of the attack have yet to be calculated. The company insists that the impact will be entirely felt in the third quarter, which will be released in early November. MGM also stated that the incident would not materially affect its profitability for the year.

The September cyberattack compromised customer data, including Social Security numbers and passport details for some customers. MGM refused to pay the hackers a ransom, unlike Caesars Entertainment Inc., which reportedly paid around $15 million after a similar attack. The attack went viral, with images of malfunctioning slot machines being shared widely on social media.

A widespread fraud scheme dubbed ‘Webwyrm’ has been impersonating global companies, preying on job seekers, and possibly scamming them out of $100 million. The operation was recently by cybersecurity firm CloudSEK, which claims the group has already ensnared over 100,000 victims and approximately 1,000 companies. The scam uses platforms like WhatsApp and Telegram to target their victims, with some evidence suggesting they may be specifically targeting individuals from job search and recruitment portals.

Victims of ‘Webwyrm’ span more than 50 countries, but the United Kingdom, Canada, Singapore, Australia, Hong Kong, Indonesia, and India are the most heavily affected.

Blockchain analytics firm Elliptic revealed in a report released Thursday that up to $7 billion in cryptocurrency has been laundered through cross-chain criminal activities. This involves rapidly converting cryptocurrency assets across different tokens and blockchains to obscure their source.

The report also claims that the Lazarus Group, linked to North Korea, allegedly siphoned off around $900 million between July 2022 and July 2023. Elliptic's data indicates that their use of cross-chain bridges has led to a staggering 111% surge in the use of such services. The group is believed to have stolen nearly $240 million in cryptocurrency through attacks on various platforms, making it a significant player in the crypto crime landscape.

Interesting Read

PC Magazine ran an article recently on the 10 dumbest cybersecurity mistakes they’ve seen at large organizations. The list is a mix between the heartbreaking and the hilarious. Big issues include such obvious errors as failing to change default logins on IT systems.

Yes, it turns out that even at the largest enterprises, the simplest cybersecurity mistakes manage to slip through. Despite having, in some cases, hundreds of millions of dollars at stake, sometimes the simplest tasks end up being skipped — like not segmenting networks and lacking any credential hygiene requirements.

The read is fun and light, but if you are looking to dive into the information, you can check out the NSA’s full report here.

Cybersecurity Career Opportunities

• Network Systems Engineer (Expert)

  • Compatible Technology Solutions, Inc.

  • Full-time

  • Springfield, VA
    

• Associate Director, Security Architecture

  • Kyndryl

  • Full-time

  • Maryland, US
    

• Principal Engineer, Security & Privacy

  • Uber

  • Full-time

  • New York, NY

For the latest openings in cybersecurity careers, check CybersecurityHQ.