Last Week In Blockchain and CyberSecurity News - May 7, 2019

$356 Million in Cryptocurrency Stolen in First Three Months of 2019 

According to a report by CipherTrace, cryptocurrency thieves have stolen at least $356 million and hacked five cryptocurrency exchanges within the first quarter of 2019. These hacks combined with Bitfinex’s alleged fraud involving the loss of $851 million could tally to more than $1.2 billion in cryptocurrency thefts, scams, and fraud. The exchanges losses include: 

  • Cryptopia~$16 million 

  • CoinBene and DragonEx~$46 million 

  • Bithumb~$19 million 

  • Coinbin~$26 million 

  • QuadrigaCX~$190 million 

  • CipherTrace’s report categorized the QuadrigaCX mystery as theft, rather than a hack or exit scam.  

  • Other thefts, scams, and fraud: $59 million + 

Read more

Dell Laptops and Computers Vulnerable to Remote Hijacks 

An application that comes pre-installed on most Dell laptops and computers Dell ships exposes Dell users to a critical remote attack. The remote attack “can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users' systems.” According to security researcher Bill Demirkapi, the attack relies on an attacker luring users to a malicious web page where JavaScript code tricks the Dell SupportAssist tool into downloading and running files from an attacker-controlled location. As the Dell SupportAssist tool runs with admin privileges, the attacker would have full access to the targeted systems. The attacker would need to be on the victim’s network to successfully exploit the vulnerability, and in this case, public WIFI or large enterprise networks would be targeted. Other than tricking users into accessing a malicious page, the attack requires no user interaction. Dell has patched CVE-2019-3719 and has released SupportAssist v3.2.0.90.  

Read more here

D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream 

According to ESET researchers, critical flaws in D-Link’s consumer WIFI cameras allow hackers to intercept and view recorded video, as well as manipulate the device’s firmware. The issue lies in the lack of encryption throughout the transmission of the video stream between D-Link’s cloud network to the camera, and the user client-side viewing app. In a report outlining the flaw, researchers state: “The viewer app and the camera communicate via a proxy server on port 2048, using a TCP tunnel based on a custom D-Link tunneling protocol. Unfortunately, only part of the traffic running through these tunnels is encrypted, leaving some of the most sensitive contents – such as the requests for camera IP and MAC addresses, version information, video, and audio streams, and extensive camera info – without encryption.” After exploiting this vulnerability, an attacker would be able to capture streamed video content for playback and obtain the current audio or video stream from that camera. A second bug can allow an attacker to replace the legitimate D-Link software firmware with their own backdoored version. ESET advises owners to ensure port 80 on their router is not exposed to the public internet. D-Link has addressed some of the flaws within their product; however, the vulnerabilities are not fully patched. 

Get more information here

Hackers Used Microsoft Email Accounts to Steal User’s Cryptocurrency  

The breach that affected Microsoft’s email services like Outlook, Hotmail and MSN have allegedly given hackers access to several cryptocurrency wallets. Hackers have used the breached email accounts to reset exchange passwords and then siphon cryptocurrency located on the exchange wallets. One victim on a Dutch tech forum claimed they lost over 1 bitcoin (~$5,400 at the time). Others have experienced similar issues and have complained on social medias such as Reddit and Twitter. Microsoft’s hack allowed hackers to access email metadata, read email content, and much more. This incident shines a light on the importance of utilizing 2-factor authentication with applications such as Google Authenticator or Authy to further secure sensitive information.  

Read more here
 

Attackers Wiped GitHub/GitLab Repos and Left Ransom Notes 

Individuals who use multiple Git-repository management platforms have been targeted by a wave of attacks from cyber criminals. The attacks targeted GitHub, GitLab, and Bitbucket users by wiping code and commits from multiple repositories and allegedly leaving ransom notes. After the attacker wipes all the commits, they leave a “warning” ransom note, stating:  

  • “To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don't receive your payment in the next 10 Days, we will make your code public or use them otherwise.”  

According to GitLab’s company Director of Security Kathy Wang, GitLab has “strong evidence that the compromised accounts [had] account passwords stored in plaintext on a deployment of a related repository,” and encourages the use of password management tools to store passwords more securely. As of when this blog post was written, no one has paid the ransom to the cyber criminals.  

Read more here