Phishers target cryptocurrencies, Taiwan turns to IPFS, and other cybersecurity developments

We’ve gathered the week’s most important cybersecurity news.

WhatsApp announces new privacy features

Meta chief executive Mark Zuckerberg announced the rollout of new features in WhatsApp aimed at enhancing privacy.

Among them are the ability to adjust who can see your online status, leave groups without notifying all members, and restrict screenshots of messages.

Media revealed how Russia established internet control in the occupied Kherson

Weeks after Russia occupied Ukrainian Kherson, Russian troops visited local internet providers’ offices and demanded to relinquish control of their networks. The New York Times reports.

After that, Kherson mobile and internet traffic were redirected through Russian networks. Later, access to Facebook, Instagram and Twitter was blocked, and Ukrainian mobile networks were shut down, forcing residents to use Russian mobile operators.

The outlet noted that a similar situation has been observed in other cities occupied by Russian forces.

The authors noted that restricting internet access “is part of Russia’s strategy”:

“[It] has made these Ukrainian regions vulnerable to an extensive system of digital censorship and surveillance. Russia can monitor web traffic and digital communications, spread propaganda and control the news.”

Hackers attempted to attack the deBridge protocol

The cross-chain interaction and liquidity transfer protocol deBridge came under cyberattack. The Lazarus group is reportedly behind it, according to cofounder Alex Smirnov.

The attackers, posing as him, sent a letter to deBridge staff titled “New Salary Adjustments.” Most team members immediately flagged the suspicious email, but one downloaded and opened the file. The attack was not successful, but helped deBridge study its characteristics.

“The attack vector is as follows: the user clicks a link in the email, downloads and opens an archive, tries to open a PDF, but the PDF asks for a password. The user opens password.txt.lnk and compromises the entire system,” explained Smirnov.

The attack does not affect macOS users, but Windows-based systems remain at risk, he added.

Experts discuss a phishing campaign targeting Coinbase, MetaMask, Kraken and Gemini users

In 2022, attackers created phishing pages via Google Sites and Microsoft Azure to steal cryptocurrency wallets and accounts for Coinbase, MetaMask, Kraken and Gemini, Netskope Threat Labs reports.

In his threat research blog, Gustavo Palazolo from Netskope Threat Labs explores some new #phishing pages that abuse Google Sites and Microsoft Azure to steal #cryptocurrency wallets.

Dive in to learn how these phishing pages work:https://t.co/iBBGRjtcha

— Netskope (@Netskope) August 11, 2022

The phishing pages are promoted in comments on other sites, mainly blogs. The sites imitate various cryptocurrency platforms.

Subsequently, attackers gain access to victims’ seed phrases, logins and passwords that victims enter on fake pages.

“Netskope strongly recommends that users never enter credentials after following a link. Instead, always go directly to the site,” the specialists noted.

Taiwan begins using Ethereum-based IPFS technology to protect against cyberattacks

The Ministry of Digital Affairs in Taiwan has deployed the IPFS technology to safeguard its infrastructure, Decrypt reports.

The ministry noted that it launched the initiative on the same day China began military exercises near Taiwan following a visit by U.S. House Speaker Nancy Pelosi.

Hackers attacked Twilio and Cloudflare via phishing SMS

Twilio, the cloud software provider, reported a phishing attack against its staff. Subsequently, the attackers gained access to internal systems and data of Twilio’s clients.

Here’s the latest update on our investigation into the ongoing social-engineering phishing scam that has targeted numerous companies recently.https://t.co/BCvlOdtAAJ

— twilio (@twilio) August 11, 2022

The SMS messages purportedly came from the company’s IT department, inviting staff to log into the system via a link to update their password.

Upon detection, Twilio’s security team revoked access to the compromised accounts. Nevertheless, the attackers obtained data from about 125 of the firm’s clients.

Hackers used similar methods to target Cloudflare employees, but the attackers did not succeed in breaching Cloudflare’s systems.

Also on ForkLog:

• The gaming project Dragoma on Polygon became a rug-pull victim.
• The Beanstalk Farms team restarted the DeFi protocol four months after the breach.
• In Uzbekistan, almost all Bitcoin exchanges were blocked.
• Cybercriminals launched money laundering via the RenBridge cross-chain bridge for more than $540 million, Elliptic reports.
• Curve Finance users lost $573,000 due to a frontend attack. Later, Binance blocked $450,000 stolen from the protocol.
• In Slope they denied a link between the wallet bug and the Solana breach.

What to read this weekend?

Why Telegram is not the best solution for protecting privacy, as explained in our exclusive:

Read ForkLog’s bitcoin news in our Telegram — crypto news, prices and analysis.