AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/31/2020

US sues to recover cryptocurrency funds stolen by North Korean hackers

The United States government has filed a lawsuit today seeking to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds North Korean hackers stole from two cryptocurrency exchanges. Court documents did not identify the hacked exchanges, but officials said the two hacks took place in July 1, 2019, and September 25, 2019. During the first incident, North Korean hackers stole $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens, while in the second, hackers stole multiple virtual currencies, worth in total more than $2.5 million. US officials said they used blockchain analysis to track down stolen funds from two hacked exchange portals back to the 280 accounts.

 

Apple has kicked Epic off the App Store in ongoing dispute

Apple has terminated the App Store account of game developer Epic, as the two companies continue their legal fight over the rules for apps on iOS and iPadOS – particularly the 30% cut that Apple takes of any payments. You might have noticed – or maybe the kids in your house did – that Fornite has already been pulled from the App Store for violating policies around in-app payments, and now Epic Games has disappeared completely from the portal. It means that other Epic titles such as Battle Breakers and Infinity Blade can no longer be redownloaded to your iPhone or iPad, though they will still continue to work if you’ve already got them installed.

 

NYSE not susceptible to takedown like New Zealand exchange

After a new threat group claiming to be Fancy Bear and the Armada Collective used a DDoS attack to take down the New Zealand stock exchange, security experts say millions of dollars in infrastructure investment make it unlikely that major stock exchanges in New York, London or Hong Kong would suffer a similar take down, though the New Zealand attack could portend a larger attack. Not only have those high-end exchanges have invested in infrastructure, “they don’t run their trading applications on the public Internet,” said Barrett Lyon, CEO of Netography. “There’s very little chance a high-frequency trading platform in New York would sustain a DDoS attack, the network is too segmented,” he said. “I still don’t understand why the New Zealand exchange’s trading app got hit, it should be segmented from the public internet.”

 

Cloudflare says its Sunday morning problems were due to CenturyLink outage

Cloudflare said its Sunday morning outage affecting numerous websites was due to an IP outage by internet service provider CenturyLink. According to a tweet from CenturyLink, all affected services have been restored as of 11:15AM ET. “Today we saw a widespread Internet outage online that impacted many multiple providers,” a Cloudflare representative said in an email to The Verge. “This was not a Cloudflare-specific outage. Level 3/CenturyLink was responsible for an outage that affected many Internet services, including Cloudflare. Cloudflare’s automated systems detected the problem and routed around them, but the extent of the problem required manual intervention as well.”

 

TikTok parent ByteDance says it will ‘strictly follow’ China export controls

On late Friday, China’s Ministry of Commerce updated its export control categories to cover artificial intelligence technologies. AI is the anchor of ByteDance products including TikTok, which has thrived on customized content surfaced by machines. The next day, China’s official Xinhua news agency quoted scholar Cui Fan as saying the updated rules could apply to ByteDance. He advised companies with ongoing deals to “halt negotiations and transactions so as to conduct the relevant procedures.” On late Sunday, TikTok’s Chinese parent ByteDance  issued a statement saying it will “strictly follow” the new technology export rules and handle its “related export businesses.”

 

Cybercriminals Increasingly Exploitating Pandemic Trauma

The ancient military strategist Sun-Tzu wrote that “in the midst of chaos, there is also opportunity.” He was referring to the ability to point your opponent toward the direction of your choosing. Cybercriminals have taken this philosophy to heart: They use the personal and organizational disorder brought on by the COVID-19 pandemic trauma associated with lockdowns and business uncertainty to facilitate their attacks. Cybercriminals understand human nature and that uncertainty and doubt offers them an opening to exploit people and organizations for financial gain. Point3 Security’s VP of Strategy Chloé Messdaghi noted many cyber outlaws don’t just hack computers, they hack people. “They exploit our fears using an emotional exploit called ‘Amygdala Hijacking,’ which is when a strong negative emotion causes an individual to lose the ability to think rationally,” she said, noting attackers are using the current pandemic to trigger our anger and fears simultaneously to trick us into trusting their message and malicious links.

Related Posts