Last Week In Blockchain and Cybersecurity News – December 17, 2019

New Orleans Declares State of Emergency Following Ransomware Attack

Another ransomware attack has claimed a new victim; this time New Orleans has been forced to shut down its computers after a cyberattack. According to a press conference by Kim LaGrue, the city’s head of IT, suspicious activity was discovered around 5 a.m. last Friday. Once the city confirmed it was under attack, officials shut down its servers and computers.

Even though ransomware was detected throughout the organization, no ransom requests were made. According to BleepingComputer, the ransomware attack on the city of New Orleans was likely conducted by the Ryk Ransomware cybercriminals.

Memory dumps uploaded from a US IP address to VirusTotal contained several references to New Orleans and Ryuk. Colin Cowie of Red Flare Security discovered this, providing a picture showing that the ransomware encrypted New Orleans’s “Contracts and Revenue” file share.

Screen Shot 2019-12-17 at 11.36.10 AM.png

According to BleepingComputer and Cowie, the memory dump is for an executable named ‘yoletby.exe.’ It contains numerous “references to the City of New Orleans, including domain names, domain controllers, internal IP addresses, usernames, file shares, and references to the Ryuk ransomware.”

As of right now, it is unknown if the attackers have requested a ransom.

Read more here

Batch of 460,000+ Payment Cards Sold on Black Market Forum

Security researchers have discovered four databases containing credit card information throughout various underground markets.

Initially, two databases, each holding the information of over 30,000 credit cards, were available on the popular black-market forum, Joker. Each card was available for $3.00, and 85 to 90 percent of the cards were valid with the proper documentation necessary to purchase items online.

image.jpeg

According to Group-IB, a cybersecurity company based out of Singapore, the two databases are reportedly related to the Top 10 Turkish banks.

At the end of last month, two more databases opened up on the Joker’s Stash forum. Each database contained data for 190,000 to 205,000 credit cards, each costing $1.00.

Screen Shot 2019-12-17 at 11.36.21 AM.png

According to BleepingComputer, the data within each database includes the expiration date, CVV code (card verification value), card number, and the name of the owner as well as other information such as email addresses, names, and phone numbers.

The overall source of the data is still unknown; however, you should be mindful of your credit card bill to reduce the damage of any fraudulent activity.

Read more here

New Plundervolt Attack Impacts Intel CPUs

Last week, academics disclosed a new attack that affects the information inside Intel Software Guard eXtensions (SGX), a highly secured area of Intel CPUs. The attack, named Plundervolt, exploits the interface “through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows gamers to overclock their CPUs.”

By tampering with the amount of voltage a CPU receives, researchers were able to alter bits inside SGX, causing exploitable errors. A malicious actor can use this vulnerability to recover encryption keys or inject bugs in a (previously) secure software environment.

Intel SGX is a security feature present in all modern Intel CPUs which allows developers to isolate applications in secure environments. Doing so enables the applications to trust the CPU with sensitive information away from other applications running on the operating system.

Fortunately, this vulnerability cannot be exploited remotely as it needs to run with root privileges from an app on the infected host. Patches were released last week as part of security advisory INTEL-SA-00289, providing device administrators a new BIOS option to disable the volt-changing interface on their systems.

The vulnerability impacts Intel desktops, servers, and mobile CPUs. According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

  • Intel® 6th, 7th, 8th, 9th & 10th Generation CoreTM processors

  • Intel® Xeon® Processor E3 v5 & v6

  • Intel® Xeon® Processor E-2100 & E-2200 families

Get more information here

FIN8 Targets Card Data at Fuel Pumps

Fuel pumps at gas stations seem to be a new target for the notorious FIN8 cybercrime group. According to Visa’s online public alert, two separate payment card detail skimming campaigns have emerged in the past year.

The first attack compromises point-of-sale (PoS) systems by sending phishing emails to employees that include a malicious link which installs a remote access trojan on the merchant network. After gaining a successful foothold inside a network, the attacker moves laterally into the PoS environment and harvests payment card data.

The second type of attack targets similar gas-pump dispensers within North America; however, the initial compromise of the network is still unknown.

Gas stations have become an increasingly popular target for cyberattacks due to their typical lack of security.

Read more here

SEC Charges Shopin Founder with Fraud over Unregistered $42M ICO

The United States Securities and Exchange Commission (SEC) has charged Eran Eyal, the founder of Shopin, for allegedly running a scam initial coin offering (ICO). According to the SEC, Eyal defrauded investors in his initial coin offering which raised more than $42 million. He is also accused of operating an unregistered ICO without any proper documentation.

Shopin advertised a service consisting of universal shopper profiles on the blockchain. Additionally, the service would “track customer purchase histories across online retailers and recommend products based on the collected data.” However, according to the SEC, Shopin has not developed a functional platform for the product.

The SEC also alleges that Eyal “misappropriated investor funds for his personal use, including at least $500,000 used for rent, shopping, entertainment expenses, and a dating service.” Eyal pled guilty to criminal charges brought by the New York Attorney General’s office and pled guilty to operating three security fraud schemes, including Shopin.

CoinDesk states that around $450,000 in cryptocurrency will be turned over to the New York State Attorney General, and Eyal will have to step down from his role as CEO of Shopin as well as pay over $600,000 in fines and restitution due to his actions.

Read more here

Leave a Reply

Your email address will not be published. Required fields are marked *