Last Week In Blockchain and Cybersecurity News – October 29, 2019

Man Sues AT&T, Claiming $1.8M Cryptocurrency Loss from Sim Card Attack

Seth Shapiro is accusing an AT&T employee of allowing a hacker access to his cell phone number, resulting in a compromise of highly sensitive personal and financial data. The criminal then used the confidential information to take over $1.8 million in cryptocurrency from his accounts.

The situation described in Shapiro’s story is called SIM swapping. According to ZDNet, SIM swapping is “a type of ATO (account takeover) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim’s phone number to their own SIM card.” As customers can legitimately request new SIM cards to be added to their accounts, this process has been a popular tactic for malicious actors.

According to Shapiro, the hackers were able to reset his account passwords (as they were tied to his phone number) and then siphon his funds from various exchanges. The exchanges include KuCoin, Bittrex, Wax, Coinbase, Huobi, Crytopia, LiveCoin, HitBTC, Coss.io, Liqui, and Bitfinex. According to the lawsuit, Shapiro states that “AT&T gives this responsibility to their lowest level of employees,” and “[i]t’s absolutely unacceptable that AT&T faces no responsibility” when a SIM swap attack occurs.

AT&T is continuing to enhance safety measures to mitigate SIM swap attacks, such as building new tools to make it more difficult for attackers to pretend they’re someone else.

Read more here

7+ Million Adobe Creative Cloud User Records Exposed Online

An unprotected Elasticsearch database exposed the information of around 7.5 million Adobe Creative Cloud users. The database was not password protected, allowing any individual access to the data. Security researchers Bob Diachenkpo and Paul Bischoff discovered the leak and emphasized the high-risk of spear-phishing attacks on the affected users.

Exposed details include:

  • Adobe member ID’s

  • Email addresses

  • Country of origin

  • What Adobe products they were using

  • Account creation date

  • Subscription and payment status

  • Whether the account belonged to an Adobe employee

  • Last login date

The company blames the unprotected database on a misconfiguration of a “prototype environment” it implemented. Adobe is no stranger to database leaks; in 2013, the company was breached, compromising payment details and other information regarding nearly 38 million users.

Read more here

FBI Updates Initiative to Protect U.S. Elections from Cyberattacks

Upgrades and tool expansions have been developed to help political campaigns, private businesses, and others mitigate risks caused by foreign entities during the 2020 U.S. election season.

Through the Protected Voices initiative, political campaign managers and their staff receive information regarding potential cybersecurity vulnerabilities to help inform them of possible risks to the legitimacy of data. The FBI, DHS, and DNI have released videos containing information and guidance explaining “the nature of foreign influence and social engineering, highlight common areas of vulnerability, and offer cybersecurity measures to help campaigns, companies, and individuals protect themselves against common Internet-enabled crimes.”

The FBI highlights the three common foreign influence methods the initiative attempts to mitigate

  • Cyberattacks against political campaigns and government infrastructure

  • Secret funding or influence operations to help or harm a person or cause

  • Disinformation campaigns on social media platforms that confuse, trick, or upset the public

Get more information here

Experts Find 17 Apps with Clicker Trojan Infection in Apple App Store

Security researchers at Wandera have discovered 17 iOS applications on the Apple App Store that contain a click trojan infection. The trojan utilizes a Command and Control (C&C) server to simulate user interactions, allowing malicious actors to collect ad revenue. C&C servers allow some apps to bypass security checks as it communicates with an attacker outside of Apple’s reach.

A blog post published by Wandera further explains the scheme, stating that actions such as “continuously opening web pages or clicking links without any user interaction,” are spammed throughout the day to mimic an authentic user.

Clicker trojans generate revenue for the malicious party by inflating website traffic. The apps themselves were published to various categories in the App store and were published by the same developer-AppAspect Technologies Pvt. Ltd.

Below are the infected applications:

  • RTO Vehicle Information

  • EMI Calculator & Loan Planner

  • File Manager – Documents

  • Smart GPS Speedometer

  • CrickOne – Live Cricket Scores

  • Daily Fitness – Yoga Poses

  • FM Radio – Internet Radio

  • My Train Info – IRCTC & PNR (not listed under developer profile)

  • Around Me Place Finder

  • Easy Contacts Backup Manager

  • Ramadan Times 2019

  • Restaurant Finder – Find Food

  • BMI Calculator – BMR Calc

  • Dual Accounts

  • Video Editor – Mute Video

  • Islamic World – Qibla

  • Smart Video Compressor

Read more here

City of Johannesburg Held for Ransom by Hacker Gang

Shadow Kill Hackers have taken South Africa’s largest city for ransom. The group is threatening to make stolen data public if they don’t receive their four-bitcoin ransom demand. The ransom note states that all passwords and sensitive data such as “finance and personnel population information” has been compromised.

The city of Johannesburg responded by shutting down all IT infrastructure, including payment portals, websites, and more. The hackers went to Twitter to post screenshots showing evidence that they had access to the city’s active directory server.

image.jpeg

Some city officials suggest the incident could be the work of a disgruntled ex-employee. It’s unclear if city officials plan to pay the ransom demanded.

Read more here

Leave a Reply

Your email address will not be published. Required fields are marked *