Last Week In Blockchain and CyberSecurity News – July 2, 2019

Hackers Breach Cryptocurrency Exchange Bitrue for $4.2M in Ripple and Cardano

Bitrue, a Singapore-based trading platform, fell victim to a group of hackers who managed to steal over $4.5 million worth of cryptocurrency. The hackers stole “9.3 million Ripple (XRP) coins and 2.5 million Cardano (ADA) coins, worth $4.25 million and $225,000, respectively.” Bitrue administrators state that they tracked down the theft, linked to an unauthorized transaction which stole funds from the exchanges hot wallet, to other accounts at various cryptocurrency exchanges.

Earlier this year, Bitrue almost fell victim to a 51% attack when an attacker siphoned over 13,000 Ethereum Classic (ETC) coins worth over $100,000 from various accounts. Thankfully, their system halted the transactions. Bitrue promises to reimburse victims and is currently working with other exchanges in hopes of recovering some of the stolen crypto.

Read more here

Second Florida City Pays Hackers $500K Post-Ransomware Attack

Last week, a second Florida city, Lake City, paid hackers 42 bitcoin (roughly $460,000) to unlock their email systems and servers. This is the second of two June incidents in which a Florida city fell victim to a ransomware attack, voting to pay the hackers’ ransom. Earlier last month, Riviera Beach paid 65 bitcoin- worth around $600,000 to hackers for similar reasons.

The initial infection of Lake City occurred around two weeks ago, when an employee in city hall opened a malicious email that locked down the city’s server and email systems. Cities paying ransoms could incentivize hackers to conduct future attacks against various government entities.

Read more here

Cloud Hopper Operation Hit 8 of the World’s Biggest IT Service Providers

A report published by Reuters provides details regarding a long-running operation by China-linked hackers, tracked as Cloud Hopper. Hackers were able to break into “the internal networks on major companies, such as HPE and IBM” to steal “corporate data and trade secrets.” The hackers then used that information to target their customer systems.

Other breached companies include “Fujitsu, Tata Consultancy Services, Dimension Data, NTT, and Computer Sciences Corporation.”

The hackers conducted spear phishing attacks to trick employees into giving up their passwords or install malware. Once the hackers gained control of the employee accounts, they would move through the company’s servers and search for customer data. According to Reuters, “The hackers had total control over the HPE corporate network, [and] they also left messages taunting system administrators.”

Get more information here

The report can be found here

Billions of Records, Including Passwords, Leaked by Smart Home Vendor

Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive information from users all over the world. The publicly accessible Elasticsearch cluster database “includes over 2 billion logs that record everything from usernames, email addresses, and passwords, to precise locations.”

Orvibo specializes in providing clients with smart systems that offer security/energy management, as well as other smart home utilities. Customer information from China, Japan, Thailand, the US, the UK, Mexico, and more was easily accessible for any user to view. The information on the database includes:

  • Email addresses

  • Passwords

  • Account reset codes

  • Precise user geolocation

  • IP addresses

  • Username

  • UserID

  • Family name

  • Family ID

  • Device name

  • Device that accessed account

  • Recorded conversations through Smart Camera

  • Scheduling information

To make matters worse, researchers found that “the video feed from the smart cameras was easily accessible by entering the owner’s account with the credentials found in the database for users who added security cameras to their Orvibo smart home management accounts.”

Read more here

Contractor’s AWS S3 Server Leaks Data from Fortune 100 Companies: Ford, Netflix, TD Bank

Attunity, an IT firm that provides data management and replication services for some of the world’s biggest companies, exposed customer data by leaving three Amazon S3 buckets on the Internet without a password. Fortune 100 companies such as Ford, Netflix, and TD Bank were affected by the leaks.

The exposed data includes “backups of employees’ OneDrive accounts; email correspondence; system passwords; private keys for production systems; sales and marketing contact information; project specifications; employee personal data; and more.” Numerous backup files were found that contained private keys and passwords for companies’ internal networks. Attunity had its own credentials for their internal systems revealed, increasing the potential ramifications of securing the server without a password.

Read more here