Poly Network is the entity specializing in cryptocurrency transfers on Ethereum, Binance, and Polygon blockchains. The company was attacked and assets were transferred to hackers. The list of affected blockchain and crypto exchanges includes such famous brands as OKEx, HuobiGlobal, Uniswap, Binance, Tether, BitGo, and others. Poly Network has asked the miners of these affected exchanges to blacklist tokens transferred from the addresses to which stolen assets were sent. Namely, the assets stolen by Poly Network hackers were transferred to the following addresses:
According to Poly Network, attackers succeeded in exploiting the vulnerability between contract calls. By modifying the keeper of a contract a contract can execute a transaction. According to Slow Mist, a blockchain ecosystem security company, the attack was well planned and organized. This hack is likely to be the biggest amount of crypto assets stolen in the history of decentralized finance.
Cyber attackers actively target the objects of industrial infrastructure including oil and gas facilities, electricity grids, manufacturing plants, etc. The hackers targeting these objects are either criminal groups focused on making money or state-backed actors performing malicious activities for espionage purposes or just to cause serious disruptions. The list of recent cyberattacks against industrial networks includes the Colonial Pipeline ransomware attack and the cyberattack targeting the water-treatment plant in Florida. These cases have demonstrated the vulnerability of industrial networks to external attacks.
One of the key issues is that industrial networks have been operating on the same technologies for decades. By ignoring the importance of strengthening security, industrial networks are likely to experience huge damage since the scope of cybersecurity threats existing in the world is unprecedented. Actions in the security direction need to come from the top down. The Board of directors and senior management should lead security changes in industrial networks. Also, the role of a government is to push operators to imposed additional security measures.
The security oversight by SeniorAdvisor exposed personal data such as users’ surnames, phone numbers, and emails belonging to 3 million elderly people in the USA. These data were marked as “leads” or potential customers. The exposure was made possible due to the misconfiguration of the Amazon S3 bucket. According to researchers from the WizCase team, the main danger of this breach is the vulnerability of elder people to fraud such as phishing.
The WizCase team was trying to contact SeniorAdvisor in June 2021. Only after being contacted by journalists, SeniorAdvisor provided its reply on 5 August. There is no information on whether SeniorAdvisor informed the affected individuals of the breach. According to SeniorAdvisor spokesperson, the exposed data were 5 to 15 years old and, thus, the risks associated with this exposure were minimal.
Malicious actors motivated by business and tech interests infiltrated Israeli companies and government bodies while also targeting entities from the UAE and Iran. The US cybersecurity firm FireEye, on Tuesday, released the analysis stating that the Chinese group has been targeting Israeli IT providers, government institutions, and telecommunication firms since January 2019. The malicious actors were carrying out reconnaissance and data harvesting. Although FireEye did not report on the involvement of official Beijing in these malicious activities, the Chinese government was likely interested in targeting these entities.
The malicious group, while attacking Israeli entities, was also actively targeting targets in the UAE, Iran, and Kazakhstan. The Chinese espionage group UNC215 was firstly detected by FireEye in early 2019. During the attack, the group was using FOCUSFJORD and HYPERBRO, its custom malware tools. Upon breaking victims’ systems, the group stole users’ credentials and collected information such as keylogging and screen captures. The group was exploiting trusted third parties, taking measures to cover its tracks, and planting false flags to mislead security specialists.
For the past 12 months, 44 per cent of organizations have experienced or fallen victim to ransom-related distributed denial of service (RDDoS) based on the results of the survey conducted by Neustar International Security Council (NISC). For the same period, just 41 per cent of organizations have been targeted by traditional ransomware attacks, a figure that is lower than the one in the previous case. That is why DDoS attacks start becoming a tool in the hands of hackers used to extort money from the targeted entities or individuals. According to Rodney Joffe, NISC chairman, DDoS as a ransom vector is an easy way for malicious actors to reach their targets since they do not need to spend much time and huge efforts to infect organizations’ networks with malware as in case of performing ransomware attacks. Also, the advantage of DDoS attacks for bad actors is that they are hard to be tracked by security specialists.
36 per cent of organizations targeted by RDDoS admitted paying ransom to malicious actors. The most popular targets for RDDoS attacks are the entities functioning in online industries. However, bad actors have started actively targeting companies representing the telecommunication sector, government, and financial industry. Bad actors behind RDDoS attacks are likely to target their victims several times and that is why entities need to focus on strengthening their resistance to this type of security threats.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.