Last Week In Blockchain and CyberSecurity News - January 18, 2019
Ethereum Developers Delay Constantinople Hard Fork Due To Security Fears
Ethereum’s Constantinople hard fork was delayed due to a newly discovered security vulnerability. If the Constantinople upgrade went as planned it would have brought cheaper gas costs(transaction fees) and as an unexpected side effect could have allowed reentrancy attacks via the use of certain commands in ETH smart contracts. A malicious user could have stolen cryptocurrency from a smart contract on a network by repeatedly requesting funds from it while providing false data about the malicious attacker’s actual ETH balance. The Ethereum hard fork coordinator has set an all-core-dev meeting on Jan. 18 to discuss future steps related to the newly discovered loophole. The Constantinople launch is expected to occur in the next few weeks.
Read more here!
773 Million Records Exposed In Massive Data Breach
A data breach called Collection #1 is shaping up to be the largest data breach in history. In raw form, Collection #1 includes email addresses and passwords totaling 2,692,818,238 rows. After duplicates are removed it still includes around one billion login details(email address and password combinations combined). The list includes more than 700 million unique email addresses and over 21 million unique passwords. Collection #1 appears to have been built up from numerous data breaches dating back to 2008. It is difficult to confirm exactly where all the information came from, some say it is a compiled list of over 2,000 leaked databases that contain passwords whose protective hashing has been hacked. The list seems to be designed for use in credential-stuffing attacks, where hackers will attempt to gain access to various sites or services by inserting email and password combinations. These attacks are usually automated and typically prey on those who reuse passwords on many different websites. Data breaches of this scale exhibit the importance of never reusing passwords across multiple sites as it increases the risk of personal accounts being infiltrated. The use of two-factor authentication will also be a good line of defense against breaches like these and will help you stay protected.
Read more about the breach here
New CryptoMining Malware Uninstalls Cloud Security Programs
A new form of cryptojacking malware with the ability to gain admin rights on targeted systems by uninstalling cloud security programs has been discovered. Public cloud infrastructures that are running Linux servers seem to be targeted to mine Monero. This malware contains attack patterns of many other cryptojacking methods as it is delivered by exploiting known vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion, and killing other cryptojacking processes. However, the new attack technique that has never been seen is the malware capability of evading from cloud security processes by shutting them down. The malware is uniquely built to not exhibit any malicious behavior as well as avoid any suspicion as it meticulously follows procedures described on the services provider's websites as to how to uninstall the Cloud Host Security product. Attacking unpatched servers seem to a target for attackers to distribute this type of malware. This type of evolution indicates that malicious attackers are now attempting to specifically evade security products on different types of platforms. As this malware has a unique evasion behavior, a new trend which targets public cloud infrastructure will likely occur. Having up-to-date systems and correctly patched servers is an excellent first line of defense against malware like this.
Read more here
New Zealand Police Investigate ‘Complex’ $2.4 Million ETH Cryptopia Hack
Unfortunately, another exchange seems to have been a victim of a breach costing them millions of dollars. New-Zealand-based Cryptopia has admitted they experienced a security breach and that it is a “complex” matter. The small-scale cryptocurrency exchange which handles just over $2 million in daily transaction volume before the incident has lost between $2.5 million to $3.5 million worth of Ether (ETH) and Centrality (CENNZ) tokens according to estimates. An official amount has not yet been released. The estimates derived from many security professionals who observed around 19,870 ETH transferred from Cryptopia wallets to different addresses as the exchange was in a “maintenance” period. No information has been given on how the security breach occurred as police have taken over the investigation. Those who have tracked the payments say the attacker may be related to the one from the 2017 Etherdelta attack. This theory was developed after some ETH from the source of funds used for the Etherdelta attack was sent to the same address as a likely recipient of the Cryptopia hack. Cryptopia now holds the distinction of being the first crypto-exchange to be hacked in 2019 joining many others who have been attacked and breached in the past several years.
Get more info here
Millions Of Files From The Oklahoma Government Leaked Including Details OF FBI Investigations
An enormous amount of data belonging to the Oklahoma Department of Securities was left unsecured on a server leaking 3 terabytes of data. Millions of sensitive Government files and years worth of sensitive FBI investigations were leaked. Documents included social security numbers, names, and addresses for over a hundred thousand brokers, credentials for remote access to ODS workstations, and communications meant for the Oklahoma Securities Commission. Using the information, an attacker has the ability to remotely access the state agencies workstations and many internet services. The server also included backups for emails from 1999-2016. The exact date of how long the storage server was left exposed online is not clear, however, according to the Shodan search engine it has been publicly open since November 30, 2018. The data stored on the server was not properly secured with a password, allowing anyone to access and download the information The Oklahoma securities department has the matter “under investigation” and the server has now been secured. However whether or not the information has been downloaded or misused is not yet known. If the data makes its way to the public, this is a huge cause for concern as this represents a compromise of the entire integrity of Oklahoma's Department of Securities’ network. Incidents like this show how simple methods such as protecting servers with passwords have still not been implemented yet, allowing the possible compromise of sensitive information and government facilities.
Get more information here