Most companies without regard to the field in which they operate fail to detect early indicators of insider cyberattacks. Namely, according to the information collected by the cybersecurity company DTEX Systems and the think tank Ponemon Institute, more than 50% of companies face serious difficulties when trying to prevent insider attacks. The most frequent indicators of possible insider attack are an unusual amount of opened files, circumvention of security controls by employees, relocation of files to unusual locations, and suspicious attempts to use USB devices.
The forms of insider threats may vary but, in most cases, insider attacks aimed at stealing confidential information are committed by employees who plan to leave for another company. However, there are also cases when employees work with malicious groups and carry out insider attacks to get money from these groups. In case malicious groups stand behind insider attacks, there is a risk that subsequent ransomware attacks can take place. Before committing an attack, an insider completes such procedures as reconnaissance, aggregation, circumvention, exfiltration, and others.
Mozi emerged 2 years ago and continues spreading although its suggested author has been arrested. Mozi was discovered by 360 Netlab in 2019 as a small operation and since then has grown into a botnet accounting for a high percentage of IoT traffic. According to the information provided by 360 Netlab, Mozi has accounted for over 1.5 million infected nodes, the majority of which are linked to China. Mozi is a P2P botnet that uses the DHT protocol. Weak telnet passwords and known exploits are abused by botnet in order to spread thereby targeting IoT, networking devices, video recorders, and other internet-connected tools.
The botnet enslaves devices to launch DDoS attacks, steal data, and execute system commands. Also, man-in-the-middle attacks can take place in case routers are infected. One of the key strong features of the P2P network is its robustness. In case some nodes go down, the remaining nodes continue infecting targeted devices and the whole network is carrying on. The botnet is also used to make cash through illegal cryptocurrency mining.
According to the new report by Barracuda Networks, close to 39% of all internet traffic is comprised of “bad bots”. E-commerce assets are at the highest risk. The share of automated traffic including social media bots and search engine crawlers in all Internet traffic today is 64%. However, among all this automated traffic, only 25% may be referred to as “good bots” since the other 75% are the result of automated scripts aimed at web scraping, account hijacking, etc.
AWS and Azure are the public clouds from which most of the analyzed traffic came. Malicious actors do not face serious difficulties when setting up their accounts to perform bot activity. When speaking about the geographic distribution, North America accounts for 67% of all bad bot traffic and this region is followed by Europe and Asia. In Europe, malicious bots come from residential IPs or hosting services. These attacks follow a normal workday despite being automated and are aimed at blending into other traffic.
Banksy’s website directed users to an auction where they could buy his digital piece of art for more than $300,000. However, this digital art was not authentic. The bought piece of art was an image containing an avatar resembling CryptoPunks, a very popular NFT collectible. Presumably Banksy’s digital piece of art that could be bought by art lovers at an auction is called “Great Redistribution of the Climate Change Disaster.” The redirection to the auction was added to Banksy’s page on Tuesday but was deleted on the same day thereby giving rise to suggestions that the page could have been hacked.
The listing was posted on OpenSea marketplace. The price of the digital piece of art was set at the level of 100 Ethereum tokens worth $336,000 in real money. Pest Control, Banksy’s agency, confirmed the non-authenticity of the sold piece of art. However, the agency did not provide any information on whether Banksy’s webpage was hacked. However, the situation ended positively for the individual who bought the non-authentic piece of art. All assets were returned to him by the actor behind this incident. It’s likely that an ethical hacker may have performed all these activities.
The new joint corporation will allow these 3 exchanges to abide by the anti-money laundering standard that is also called the travel rule that was extended to crypto exchanges in 2019 by FATF (Financial Action Task Force). This organization is responsible for setting standards aimed at preventing money laundering. According to the travel rule, exchanges are obliged to share some customer information with each other in case the transfer of assets between them takes place. Namely, financial institutions and crypto exchanges have to gather names and account numbers of both senders and recipients of digital assets. Local exchanges will have to follow this rule starting from March 2022.
The new corporation will allow the mentioned exchanges to jointly develop systems to meet the requirements set up by FATF. The newly established body is called COnnect Digital Exchanges (CODE) and the volume of its funding equals 900 million won ($776,000). Each of these exchanges has an equal share and the same voting rights in this body. The new corporation will be led by Coinone CEO Cha Myung-hoon and the appointment of a new CEO will take place every 2 years.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.