Last Week In Blockchain and CyberSecurity News – January 25, 2019

ThreatList: The Average Cost Of A Cyber-Attack is $1.7M

According to Readware’s 2018-2019 Global Application and Network Security Report, the average real cost of an attack has increased significantly to $1.67 million. The report surveyed vendor-neutral data from 790 IT executives and established that many factors can be directly tied to the aftermath of cyberattacks. Quantifiable monetary losses can be tied to “the aftermath of cyberattacks in lost revenue, unexpected budget expenditures, and drops in stock values,” according to the report. “Protracted repercussions are most likely to emerge as a result of negative customer experiences, damage to brand reputation and loss of customers.” As the cost of attacks continues to increase, so do the number of organizations under attack. The report also stated that most organizations experience some type of attack within the course of a year, with only 7% of respondents claiming to not have experienced an attack whatsoever. “A fifth (21 percent) reported daily attacks, representing a significant rise from 13 percent last year. And yet, a third (34 percent) said they don’t have a cybersecurity emergency response plan in place.” Not having a cyber emergency response plan can further increase the cost of a cyber attack, and as cyber threats evolve every day, it is always important to be prepared

Read more about the report here

Security Flaws Found In 26 Proof-Of-Stake Cryptocurrencies

Two high-risk flaws, dubbed as ‘Fake Stake’ attacks have been discovered in 26 Proof-of Stake(PoS) cryptocurrencies. The flaws allow a network attacker with a very small amount of stake to crash rival network nodes to gain a 51% majority, and conduct fraudulent operations or steal user funds. The vulnerabilities that can lead up to the “Fake Stake Attacks” are due to improper PoSv3 implementations. More specifically the attacks work because the PoSv3 implementations are not adequately validating network data before committing precious resources(disk and RAM). The incorrect implementations can thus allow an attacker without much stake to cause a victim node crash by filling up its disk ram with bogus data. The list of impacted cryptocurrencies include the names of NavCOIN, Qtum, Emercoin, HTMLCOIN, ReddCoin, CloakCoin, BitBay, Linda, Phore, PotCoin and more.

Read more about the threats security flaws here

The medium post addressing the vulnerabilities can be found here

Online Casino Group Leaks Information On 108 Million Bets, Including User Details

A server that was left unprotected belonging to an online casino group resulted in over 108 million bets, including details about customers’ personal information, deposits, and withdrawals to be leaked. An ElasticSearch server was left exposed without a password and is to blame for the massive data leak. ElasticSearch is a “portable, high-grade search engine that companies install to improve their web apps’ data indexing and search capabilities.” Companies tend to utilize ElasticSearch servers to improve web apps, search capabilities, customer transactions, and other personal data from users. The servers call for secure and offline use as many may contain sensitive data. An analysis of the URL’S spotted in the server’s data concluded that all domains were running online casinos where users could place bets on classic cards and slot games. Data leaked included real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, and much more. The 108 million records also contained information on current bets, wins, deposits and withdrawals(including payment card details). The information leak can result in scams, extortion schemes, and other malicious activity, and as it is not clear how long the servers have been left unsecured it is difficult to estimate the damages. It seems ridiculous that so much information can be kept unencrypted, however, incidents like these tend to occur more often than you think, further indicating the importance of protecting user data.

Read more here

Fallout Exploit Kit Malware Back With Some New Tricks

The fallout exploit kit has returned ready for 2019 with some new tools under its belt. New additions include a new Flash exploit, HTTPS support, a new landing page format, and the capability to deliver payloads using Powershell. The exploit kit provides cybercriminals with various Internet Explorer and Flash player exploits that they can use to distribute malware. Common infection methods include malvertising, which targets high-traffic torrent and streaming sites and redirects users towards malicious payloads. The new Flash exploits appeared last month, and once exploited, CVE-2018-15982 allows attackers to execute arbitrary commands on vulnerable machines where Flash Player up to is installed. As many devices are unlikely to have been patched correctly, many are still at risk. The exploit kit developers seem to be monitoring the scene for new vulnerabilities and are attempting to quickly take advantage of new zero-days’.

Get more info here

Check out the Malwarebytes blog post about the Fallout Exploit Kit here

Millions Of Sensitive Mortgage Documents Exposed In A Massive Data Breach

A data leak involving more than 24 million mortgage and bank loan documents exposed sensitive consumer information from several major U.S. lenders this week. An unprotected online server that lacked a password seems to be the cause of the leak, allowing anyone online to access millions of pages of sensitive documents. Exposed data included mortgage and loan mortgage agreements, amortization schedules. Other sensitive financial documents that revealed borrowers’ names, addresses, phone numbers, Social Security numbers, and birth dates, among other data were also leaked. The documents found dated back to 2008(or earlier) and included files from CitiFinancial (formerly a lending finance division of Citigroup), HSBC Life Insurance, Wells Fargo, CapitalOne and some federal agencies, including the U.S. Department of Housing and Urban Development. Having highly sensitive information such as Social Security numbers, and other details included in a mortgage report can be a gold mine for cyber criminals to commit fraudulent activities.

Get more information here