Last Week In Blockchain and Cybersecurity News – February 18, 2020

Emotet Hacks Nearby Wi-Fi Networks to Spread to New Victims

A recently discovered Emotet Trojan sample was found to exhibit a Wi-Fi worm module that allows the malware to spread to various devices connected to unsecured wireless networks. According to researchers at Binary Defense, the new strain begins the process by deploying wlanAPI.ddll calls to “discover wireless networks around an already infected Wi-Fi-enabled computer and attempting to brute-force it’s way in if they are password protected.”

Once the Trojan successfully connects to a device, it searches for other Windows devices with publicly available shares. Binary Defense researcher James Quinn explains that the Trojan then scans the devices and attempts to brute-force the password for the Administrator account. If the Trojan successfully breaks into an account, it drops a malicious payload as a service.exe binary and then installs a program to gain persistence on the system.

BleepingComputer

BleepingComputer

The Emotet campaign has become a significant threat to many organizations and companies throughout the world. Its malicious spam messages, ransomware, and Wi-Fi modules have evolved constantly and continue to spread.

Read more here

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

Over 500 malicious Chrome extensions have been removed from the browser’s store after a joint investigation by security researchers Jamila Kaya and Cisco-owned Duo Security revealed that 70 Chrome Extensions contain malicious code and were stealing data. Upon this discovery, Google identified an additional 430 malicious extensions. The Chrome add-ons were injecting malicious ads and stealing data, which was then sent to servers in control of the malicious actors.

The extensions looked like official promotions and advertising services but contained malicious code under the hood. The malicious campaign has been operating since January 2019 but has now been removed. In response to the increasing occurrence of malicious extensions, Google has requested that add-ons only ask for permissions that collect a minimal amount of data.

BleepingComputer

BleepingComputer

The Emotet campaign has become a significant threat to many organizations and companies throughout the world. Its malicious spam messages, ransomware, and Wi-Fi modules have evolved constantly and continue to spread.

Read more here

IOTA Cryptocurrency Shuts Down Entire Network After Wallet Hack

The nonprofit organization behind the IOTA cryptocurrency, IOTA Foundation, was forced to shut down its entire network after hackers exploited a flaw in the IOTA wallet application which allowed them to steal user funds.

As reports came that hackers were actively exploiting a vulnerability, the IOTA Foundation quickly shut down the “Coordinator” node, a node responsible for approving all IOTA currency transactions. The attacks began last Wednesday and eventually resulted in the unprecedented actions taken by the IOTA Foundation.

As of this writing, the entire IOTA network is still shut down, sparking praise and anger among its users. According to the IOTA Foundation, the hackers were able to exploit a “third-party integration” of Trinity, a wallet application developed by the IOTA Foundation.

Researchers and open-source reporting place the total value of IOTA coins stolen at around $1.6 million. Law enforcement officials have been notified and are now actively involved in tracking down the malicious actors.

The IOTA Foundation recommends that Trinity app users not open their wallets until an update has been released.

Get more information here

U.S. Charges Chinese Military Hackers for Equifax Breach

The U.S. Department of Justice has charged four individuals within the Chinese People’s Liberation Army for hacking and stealing data from Equifax in 2017. Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) allegedly broke into Equifax’s system and stole trade secrets alongside the personal information of almost half of all U.S. citizens.

According to the  indictment, “The PLA hackers obtained names, birth dates, and social security numbers for the 145 million American victims, in addition to driver’s license numbers for at least 10 million Americans stored on Equifax’s databases.”

FBI

FBI

Equifax is required to spend up to $425 million to help the breach victims (credit score monitoring, fraud alert programs, and more). Personal identifiable information belonging to almost a million citizens throughout the United Kingdom and Canada was also stolen. Investigations within the breach revealed that malicious actors were able to gain a foothold within the Equifax network by exploiting a vulnerability in an Apache Struts framework. The criminals then stayed hidden within Equifax’s network while stealing credentials and running almost 9,000 queries throughout Equifax’s databases.

Read more here

Altsbit Plans Exit After Hack Leaves Cryptocurrency Exchange out of Pocket

Cryptocurrency exchange Altsbit was attacked by hackers last week, leading to the theft of almost all funds from its BTC, ETH, ARRR, and VRSC wallets. The exchange utilized hot wallets for their customer funds, a hazardous practice that ultimately forced the company to shut down. As only a small portion of funds was protected in a cold wallet, hackers were able to siphon the following amounts of cryptocurrency from the exchange:

  • Bitcoin (BTC): 6,929 coins out of 14,782

  • Ethereum (ETH): 23,210 coins out of 32,262

  • Pirate Coin (ARRR): 3,924,082 coins out of 9,619,754

  • Verus (VRSC): 414,154 coins out of 852,726

  • Komodo (KMD): 1,066 coins out of 48,015

According to Altsbit, “7,853 BTC, or 53.1 percent, will be returned to users, alongside 9,052 ETH (28.06 percent), 5695672 ARRR (59.2 percent), 438572 VRSC (51.24 percent), and 46949 KMD (97.77 percent).”

The withdrawal date for users to obtain their partial refunds ranges from February 10 to May 8, 2020. Once the deadline passes, the exchange will be fully shut down. Information regarding the cyberattack has not been released, raising questions from individuals throughout social media who claim the “hack” is actually an exit scam.

Read more here

Leave a Reply

Your email address will not be published. Required fields are marked *