Last Week In Blockchain and CyberSecurity News – October 15, 2019

Visa, Mastercard, Stripe, and eBay All Quit Facebook’s Libra in Same Day

Libra has had a rough time dealing with an uphill fight against regulators in the United States and overseas. To make matters worse, last week, PayPal quit the Libra Association, and this week, four additional payment processors and one merchant followed their steps. Stripe, Visa, Mastercard, Mercado Pago, and eBay have all withdrawn from Libra Association.

Libra’s first official meeting on October 14 may have been responsible for the organizations’ departures. In the meeting, members of the association were asked to make binding agreements to the project. In total, 22 companies have revoked their membership from the Libra network, forcing Libra to face non-regulatory road bumps before their launch.

On the regulatory side, they must clearly explain how they plan to comply with a tremendous range of regulations both here in the United States and overseas. Those regulatory hurdles combined with skepticism from policymakers and users who aren’t convinced that Facebook can be trusted have caused trouble for the project.

Many supporters of conventional cryptocurrencies such as Bitcoin and Ethereum also have their doubts, citing Libra’s lack of decentralization.

Read more here

29 Countries Vulnerable to Simjacker Attacks

Adaptive Mobile, which previously disclosed the Simjacker attack has now provided a list of countries vulnerable to those attacks. In these countries, mobile telecom companies sell SIM cards that are exposed to SimJacker.

The range of countries span five continents which include:

Central America:

  • Mexico

  • Guatemala

  • Belize

  • Dominican Republic

  • El Salvador

  • Honduras

  • Panama

  • Nicaragua

  • Costa Rica

South America:

  • Brazil

  • Peru

  • Colombia

  • Ecuador

  • Chile

  • Argentina

  • Uruguay

  • Paraguay


  • Ivory Coast

  • Ghana

  • Benin

  • Nigeria

  • Cameroon


  • Italy

  • Bulgaria

  • Cyprus


  • Saudi Arabia

  • Iraq

  • Lebanon

  • Palestine

Simjacker allows an attacker to send a specially formatted SMS to a victim’s phone number and run malicious commands without the user’s knowledge. Attacks include retrieving the targeted device’s location and IMEI information, performing denial of service attacks by disabling the SIM card, opening a browser, and more.

Read more here

New Microsoft NTLM Flaws May Allow Full Domain Compromise

Researchers Yaron ZInar and Marina Simakov have disclosed two security vulnerabilities in Microsoft’s NTLM authentication protocol that allows attackers to bypass the Message Integrity Code protection. This bypass enables attackers to downgrade NTLM security features, which can lead to a full compromise of a domain network.

As a part of the Patch Tuesday security updates last week, Microsoft patched the two NTLM flaws.

NTLM is used for authentication purposes throughout the client/server. It authenticates remote users and provides session security for app protocols when needed.

The researchers were able to discover further flaws in the mitigations Microsoft developed to circumvent NTLM relay attacks. Attackers can abuse these flaws to “relay authentication attempts which have successfully negotiated signing to another server, while tricking the server to entirely ignore the signing requirement.”

The bypass is tracked as  CVE-2019-1166 – Drop The MIC 2. The CVE impacts all in-support Windows versions. The second flaw also bypasses the MIC protection against NTLM relay attacks and is tracked as CVE-2019-1338.

Get more information here

Alabama Hospital Chain Paid Ransom to Resume Operations After Ransomware Attack

Ransomware attacks have compromised a hospital chain in west Alabama, hindering many operations throughout the organization. During the 10-day long attack, the hospitals kept treating current patients but sent new patients to other hospitals in Birmingham or Mississippi.

The hospitals’ systems were hit with a variant of the Ryuk ransomware, forcing internal staff to utilize paper files. To restore systems, the hospital chain opted to pay the ransom and have now restored normal operation.

The ransom amount has not been disclosed; however, it seems as if the hospitals’ cyber insurance covered the payment cost.

Ransomware attacks have claimed numerous victims this year. In August, at least 23 Texas local governments fell victim to targeted attacks. And in June, Riviera Beach City paid $600,000 in ransom to decrypt its systems.

Read more here

Singapore Man Faces 34 Years for Amazon AWS Cryptomining Fraud

Last week, Ho Jun Jia (Matthew Ho) was charged under a 14-count indictment for allegedly mining cryptocurrency using stolen Amazon AWS and Google Cloud Computing power and services. Matthew Ho is accused of stealing numerous victims’ personal information along with credit card information to open accounts and obtain access to computing services. Matthew apparently registered the accounts using stolen identities “of a prominent California game developer, an Indian tech company founder, and a Texas resident.”

You can find the indictment here.

 Some of the stolen AWS accounts | BleepingComputer Some of the stolen AWS accounts | BleepingComputer

After he mined the cryptocurrency, Ho used the crypto on various forums or exchanged them for traditional currency via online exchanges. In total, Ho’s operation lasted five months and affected multiple victims, racking up around $5 million in unpaid cloud computing bills.

The DoJ press release revealed that Ho’s mining operation “was one of Amazon Web Services (AWS) largest consumers of data usage by volume” for a brief period. Ho is currently facing a minimum of 34 years in prison, up to 20 years per wire fraud count, and 10 years for each access device fraud count.

Read more here