Car theft via USB cable, record-breaking DDoS attack and other cybersecurity events

We’ve gathered the week’s most important cybersecurity news.

Cloudflare recorded the largest DDoS attack in history

Cloudflare blocked DDoS-attack, which it says is the largest in history to date. The peak wave reached 71 million requests per second.

По данным аналитиков, атака исходила более чем с 30 000 IP-адресов, принадлежащих нескольким облачным провайдерам. Целью DDoS стал ряд игровых провайдеров, платформы облачных вычислений, криптовалютные компании и хостеры.

Предыдущий рекорд зафиксирован в июне 2022 года. Тогда неназванный клиент Google Cloud Armor подвергся DDoS-атаке по протоколу HTTPS, которая достигла мощности 46 млн запросов в секунду.

Lazarus hackers switch to a new mixer for laundering cryptocurrency

После блокировки Blender и Tornado Cash северокорейская хакерская группировка Lazarus стала использовать для отмывания средств новый криптовалютный миксер Sinbad. Об этом сообщает Elliptic.

🌪️ Blender is back! Elliptic research found that a coin mixer sanctioned for helping Lazarus Group launder tens of millions of dollars is likely to have re-launched as Sinbad and has laundered close to $100m in Bitcoin from hacks attributed to Lazarushttps://t.co/qSUPwIgPpq

— elliptic (@elliptic) February 13, 2023

In particular, hackers laundered through it part of the assets stolen in June 2022 during the Harmony protocol cross‑chain bridge breach.

Analysts say Sinbad was launched in autumn 2022 by Blender operators who had previously vanished, allegedly taking $22 million in Bitcoin. Transactions between the operators’ ‘service’ wallets across both services support this link.

Moreover, Blender operators’ wallet was used to pay for advertising the new mixer and to finance nearly all initial transactions totaling about $22 million that passed through Sinbad.

According to Chainalysis, Lazarus laundered around $25 million in cryptocurrency through the new service.

Hyundai and Kia to roll out updates after TikTok-promoted car-theft method goes viral

Hyundai and Kia, after numerous user complaints about the possibility of stealing a car with a USB cable, will roll out emergency updates. The wave of outrage followed a TikTok post outlining the simple attack vector and the subsequent rise in car thefts in the United States.

The issue lies in a logic flaw that allows the ‘turn-key-to-start’ system to bypass the immobilizer, which authenticates the key’s immobilizer, transponder key code on the engine control unit. Attackers can forcibly activate the ignition with any USB cable and start the car.

The vulnerability affects about 3.8 million Hyundai and 4.5 million Kia vehicles.

In the United States the free update will be installed by official dealers. How the issue will be resolved in Russia remains unknown.

For models without engine immobilizers that cannot receive the update, the manufacturer will cover the cost of steering-wheel locks.

Kia also promised to roll out updates soon, but details were not yet disclosed.

Russia’s Prosecutor-General’s Office has charged Hydra personal-data sellers

The Russian Prosecutor-General’s Office has charged in the criminal case concerning the sale of personal data of individuals and legal entities on the dark-net marketplace Hydra.

According to investigators, from February 2018 to February 2020 the criminal group repeatedly copied information from databases of the Russian tax service, the Pension Fund, the credit history bureau, the interior ministry and credit institutions. Subsequently, these data were sold to customers.

The incident affected no fewer than 6,500 individuals.

Depending on the role of the defendants, they were charged with organizing a criminal group, unlawful access to computer information, and illegal obtaining and disclosure of information constituting tax and banking secrecy.

The criminal case will be heard by the Vsevolozhsky City Court in the Leningrad region.

Chinese hackers attacked Russian companies

Group-IB specialists reported phishing cyberattacks on dozens of leading Russian IT and information-security (IS) companies that occurred in June 2022.

For the malicious distribution, attackers used a fraudulent mail account registered with the free GMX Mail service.

The correspondence itself was conducted in the name of a real IS-company employee, who allegedly sent a ‘meeting protocol’ discussing cloud infrastructure security.

In studying the campaign, researchers found evidence of involvement by the state-linked Chinese hacking group Tonto Team.

Its main aim is espionage and theft of intellectual property, so victims include organisations in the government, military, technical and research sectors.

Experts blocked 151,000 attempts to access resources mimicking Telegram

In January, Kaspersky Lab solutions blocked 151,000 attempts by users in Russia to navigate to phishing resources masquerading as Telegram. This is 37 times higher than in the same period last year.

If someone messages you in Telegram asking you to vote in the “Best Children’s Drawing” contest, think before you click the link. There’s a risk that along with your vote you’ll also give away your account data… pic.twitter.com/P1pDHcMt4m

— Kaspersky (@Kaspersky_ru) February 16, 2023

The spike in such phishing attacks was recorded in November 2022.

In most cases, the goal of phishers is to harvest credentials: a phone number and a verification code. The obtained access to accounts can be used for theft of confidential information, blackmail, and sending fraudulent messages.

Also on ForkLog:

• The SEC filed charges against Do Kwon.
• Chainalysis: almost 10,000 tokens were used in Pump & Dump schemes.
• Bloomberg: top creditor Mt.Gox chose bitcoin for restitution.
• The court did not rule out the return of Sam Bankman-Fried to prison.
• The DeFi protocol Platypus on Avalanche lost $8.5 million in a hack.
• Norwegian authorities confiscated $5.9 million stolen from Axie Infinity.
• The developer of Tornado Cash was denied bail.
• Binance and Huobi frozen assets stolen in the Horizon bridge hack.
• In Kazakhstan a Russian’s assets on Binance were seized for dealing with an illegal exchange.
• Bitzlato named the date for resuming withdrawals of funds.
• The Wormhole hacker moved $46 million in assets.
• The MetaMask team warned users about phishing.
• The founder of the crypto platform EminiFX pleaded guilty to $248 million fraud.

What to read this weekend?

In the educational section ‘Kryptorium’ we explain what a vampiric attack is and the projects affected by it.