Weekly News Digest #74

Malicious actors hijack your PC and webcam using NFT hype

Cybercriminals trick users to download password-stealing BitRAT malware during NFT hype to hijack infected machines. BitRAT is a remote-access Trojan that can bypass User Account Control, the feature designed to prevent unauthorized changes to the operating system. The functionality of this malware includes stealing credentials from browsers and applications, logging keystrokes, and uploading and downloading files.

Cybercriminals distribute Excel files among victims claiming it contains forecasts on NFT investments and the number of NFTs available. Excel file contains malicious macro by enabling which victims cause running of a PowerShell script that can retrieve and download malware. There is also a risk that this malware may secretly use the processing power of victims’ computers to mine cryptocurrency. 

Read more

More than 620M ransomware attacks were detected in 2021

According to SonicWall, 623M ransomware attacks were carried out in 2021 (a 105% increase vs. 2020). The calculations are based on the analysis of more than 1 million security sensors from 215 countries as well as third-party sources. Since 2019, the number of attacks has increased by a tremendous 232%. The most frequently attacked sectors are government, healthcare, and education. 

More than 400K never-before-seen variants were detected by SonicWall in 2021. The rapid increase in the number of ransomware attacks has motivated businesses out of cybersecurity to double their efforts to fight cybercrime. As a result, global cybersecurity spending is expected to increase by 12.4%. 

Read more

Ukraine hit by DDoS attacks

On Tuesday, Ukraine’s military and economic institutions were hit by DDoS attacks. Although the impact of these attacks was limited, the ramifications are not. According to the statement made by CrowdStrike senior vice-president of intelligence Adam Meyers, 99% of the attacking traffic were HTTPS requests. 

The attackers disrupted the availability of websites of state-owned banks and were also sending SMS to people containing fake information. These DDoS attacks seem to be the continuation of the DDoS offence against Ukraine that took place in January. The purpose of this malicious campaign is to cause instability in the country and disseminate panic among people. 

Read more

Illicit crypto wallets hold over $25B in virtual assets

The majority of these assets are the result of theft. The volume of funds from illicit sources has grown from $3B in 2020 to $11B in 2021 and 93% of them account for theft. The unregulated DeFi market is a growing concern for industry players. The list of other sources of illicit funds includes “darknet” marketplaces (448M), scams ($192M), fraud shops ($66M), and ransomware ($30M). 

Malicious actors try to rapidly cash out their holdings and the duration of the holding period has decreased by 75% vs. 2020. Among all illicit wallets, only 3.7% belong to criminal whales. The biggest concentration of criminal whale addresses is observed in Russia, South Africa, Iran, and Saudi Arabia. 

Read more  

KLAYswap crypto exchange losses $1.9M after BGP hijack

The South Korean crypto platform KLAYswap lost $1.9M as a result of the Border Gateway Protocol hack in the infrastructure of one of its suppliers. BGP enables the internet to exchange routing information between autonomous systems. BGP makes it possible peering to ensure communication between networks. The users connected to the exchange could download malicious code from the server sent by the criminal instead of a normal file. 

325 customers’ wallets were affected as a result of the attack. The issue is attributable to the upper-layer protocols. After the identification of the incident, the exchange blocked all functions and conducted an emergency check. The incident might have been avoided if the KLAYswap specialists had paid greater attention to developing appropriate security measures. 

Read more