In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.
A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader’s coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.
Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 – although part of the reason might be that they are now so valuable people are taking more care with them.
“These behaviors paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale,” the report finds. “Systematic and sophisticated, North Korea’s government — be it through the Lazarus Group or its other criminal syndicates — has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021.”
Football fans furious after FIFA 22 after top players’ accounts taken over
Electronic Arts (EA) has confirmed that some of the top players of the FIFA 22 football (soccer in Freedom Language) game have had their accounts taken over after it dropped the ball.
“Through our initial investigation we can confirm that a number of accounts have been compromised via phishing techniques,” EA said in a statement.
“Utilizing threats and other ‘social engineering’ methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts.”
In response EA says that it has strengthened its account verification process and is training up staff to be on the lookout for behavior that indicates someone is playing foul. It says this will take time and may lead to support delays, but asks fans not to show it the red card.
US government warns of Russia and Iranian online intrusion, makes tools public
It has been a busy week for those monitoring government hacking threats, beginning with a warning from the FBI, NSA and CISA about Russian state online spies are breaking into US systems, followed by a report from US Cyber Command on Iranian online foes.
The Russians are targeting US government, energy and infrastructure companies, the first advisory warns, and are using advanced tactics to do so. The key protection is frequent logging and examination of network activity, but also watch for unexpected equipment activity like unplanned reboots, and multiple failed login attempts on accounts, they advise.
Not to be outdone, US Cyber Command released a report into an online gang called MuddyWater, which the agency says operates under the auspices of the Iranian Ministry of Intelligence and Security. It’s primarily an intelligence collection group and had been targeting other Middle Eastern states, but is now expanding operations in the US and Western Europe.
MuddyWater specialize in using open-source tools and side-loading DLLs, and they also are adept at using tunneling to shield their activities. VirusTotal have been informed and you can get the full details here.
Texans hit by QR code phishing campaign
Residents of the Lone Star state have been under sustained attack from a QR code phishing scam using traffic meters that is designed to harvest credit card information.
Police in Austin, Houston and San Antonio have warned that persons unknown are attaching fake QR codes to parking meters that redirect users to a carefully crafted phishing site. When the meter user tries to pay for their parking that are simply handing over their card information to the criminals.
What makes this form of attack particularly odd is that none of the cities targeted actually use QR codes on their meters. “We’ve talked to industry professionals who have warned us about using QR codes, and that’s why we do not utilize QR codes on our infrastructure at all,” Austin Parking Enterprise Manager Jason Redfern told Fox 7.
Still using WordPress? Plugin vulns rose 142 per cent last year
WordPress is a very popular platform but security isn’t one of its strengths, as a review of its progress in 2021 has shown.
Research by Risk Based Security found that last year the number of vulnerabilities found in WordPress plugins shot up 142 per cent, 77 per cent of them contained known public exploits and 73 per cent were remotely exploitable. While the average rating for flaws using the Common Vulnerability Scoring System was 5.5 there are still some very nasty issues out there that need to be addressed.
“There are over 58,000 free plugins for download, with tens of thousands more available for purchase,” the report warns. “Unfortunately, few of them are designed with security in mind, so one vulnerability could potentially affect millions of users.”