Cybersecurity news headlines (January 20 – February 5)
In case you did not keep up with the world of cybersecurity in the past few weeks, we have compiled the biggest news headlines between January 20th and February 5th. There were multiple thefts carried out, we saw the biggest cryptocurrency hack in history and a fitness app revealed the locations of military bases all over the world. Without further ado, here’s what made major headlines in the last two weeks.
Tor proxy service stole $22,000 ransomware payments
When ransomware infects a computer, the victim is usually asked to pay in cryptocurrency and use Tor to access the payment sites. However, regular users have no need for the Tor browser and may have little idea about how to install/use it. To make it easier for victims to pay, some ransomware developers/distributors use a service called Tor proxy. It is essentially a website that allows users to access websites hosted on the Tor network via regular browsers, such as Internet Explorer, Google Chrome and Mozilla Firefox. Thus, victims can access the payment websites hosted on Tor via their regular browsers.
However, it seems that a certain Tor proxy service has figured out how to take advantage of the situation, and attempted to divert ransom payments into their own wallets. This behavior was noticed by the developers/distributors of the ransomware, who started warning victims to not use onion.top to pay the ransom as they are replacing the Bitcoin addresses and stealing the payments.
Reportedly, the service managed to steal around $22,000 worth of ransom payments, which means the people who paid will not be getting their files back. In the end, only the victims of ransomware are harmed in this situation.
Strava Fitness App revealed locations of military bases
Strava is a highly popular fitness app that allows users to track their running, cycling, swimming, etc. routes. The routes can be made public so that others can find different routes, exercise together or compete against each other.
Back in November, the company released a heatmap as part of the year review. It showed all routes taken by users who chose to share their location but one Australian student noticed that certain trails made it possible to identify secret military bases in different parts of the world. Bright spots in the heatmap were noticed in places like Syria, Afghanistan and Somalia, where military bases are known or thought to be located. While many of those bases were already revealed by Google Maps, the Strava heatmap shows exactly how potential military personal is moving about in that area, possibly endangering their safety. Undisclosed US installations could also be identified by looking at remote areas where there is a lot of activity.
Strava offers private mode which allows users to not disclose their location, but the function was not automatically turned on. Military personnel who did not choose to not share their location when exercising ended up unknowingly exposing possibly classified information.
$500 million worth of cryptocurrency stolen from Coincheck
Coincheck, the Tokyo-based cryptocurrency exchange service, suffered the biggest cryptocurrency hack in history, when more than $500 million worth of NEM tokens were stolen. Users first noticed something was wrong when Coincheck stopped NEM deposits, only to stop all NEM trading and payments soon after. The exchange service admitted to the hack, and stated that over 500 million NEM tokens were taken during the hack. That equals to more than 500 million dollars. According to Coincheck, only NEM tokens were taken.
Due to similarities to past attacks on cryptocurrency services, particularly ones in South Korea, speculations have arisen about North Korea being involved. South Korea’s National Intelligence Service is currently investigating the incident, with North Korea as a strong suspect.
New Adobe Flash Zero-Day spotted
South Korean Computer Emergency Response Team, or CERT in short, have identified a new Flash zero-day, which affects Flash Player 126.96.36.199 and earlier. If successfully deployed, the exploit could allow for remote code execution across various operating systems, including Windows, macOS and Linux. Adobe was made aware of the vulnerability and fixed it in an update.
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” Adobe representative said. “These attacks leverage Office documents with embedded malicious Flash content distributed via email.”
“Successful exploitation could potentially allow an attacker to take control of the affected system.”
North Korea is thought to be responsible for creating and deploying the zero-day, and according to a researcher from a security firm, is aiming to attack South Koreans who research North Korea.
More than $1 million worth of Ethereum stolen from Bee Token ICO investors by scammers
Scammers managed to steal around $1 million worth of Ether from Bee Token Initial Coin Offering (ICO) investors in rather simple phishing attack. Reportedly, hundreds of users fell victim to this scam, despite numerous warnings from the Bee team.
The Bee Token ICO ran from January 31st to February 2nd, during which they completed their goal of raising $5 million for a blockchain-based home rental app. In those 3 days, potential investors were sent emails from scammers posing as the Bee team, asking to invest in the project and send funds to wallets under their control.
The team became aware of the phishing attempts quickly, and sent out warnings to users, in which they clearly stated that funding addresses will never be communicated via email or any other platform, besides the official website. For whatever reason, whether is was because users were not aware of the alerts or did not read them, people still feel for the scam, and more than $1 million worth of Ether was transferred to scammers’ wallets.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.