Attacks on cryptocurrency users, the Colonial Pipeline case and other cybersecurity headlines

We have gathered the most important cybersecurity news from the past two weeks.

Phishers Target Trust Wallet and MetaMask Users

Users of crypto wallets Trust Wallet and MetaMask faced phishing attacks, reports Bleeping Computer.

According to the outlet, when users complained about wallet issues on Twitter, attackers replied to similar posts from the names of tech support or supposedly other people who faced similar problems and had been helped by “instant support.”

Subsequently, victims were asked to follow a link to contact support and enter their email address, name, and seed phrase, after which the scammers gained access to the wallet.

WeLeakInfo Operator Sentenced to Two Years in Prison

One of the operators of the data-leak access marketplace WeLeakInfo was sentenced to two years in prison (the second year suspended).

Through the site one could access nearly 12.5 billion records from over 10,000 databases for $2 per day, many of which included usernames and passwords.

Hackers Continued to Attack Cryptocurrency Users via Tor

Attackers continue to introduce malicious nodes into the Tor network to intercept traffic, said researcher Nusenu.

The attacks began in 2020 and primarily targeted cryptocurrency users. Nusenu объяснил that hackers substitute user traffic from HTTPS addresses to less secure HTTP and intercept transactions.

In February 2021, attackers controlled 27% of all exit nodes on Tor. Subsequently several servers were shut down, but by May hackers still controlled 4-6% of exit nodes.

Colonial Pipeline Paid Ransom in Cryptocurrency

The Colonial Pipeline заплатила хакерам ransom in cryptocurrency, reported by Bloomberg. According to The New York Times, the ransom amounted to 75 BTC.

The operation of the pipeline, disrupted by the attack, is being restored.

Colonial Pipeline can now report that we have restarted our entire pipeline system and that product delivery has commenced to all markets we serve. https://t.co/kpWNw0UQve pic.twitter.com/9r5hA2CLNn

— Colonial Pipeline (@Colpipe) May 13, 2021

Earlier reports linked the attack on Colonial Pipeline to DarkSide. The hacker group itself denied any state involvement.

President Joe Biden said the White House does not believe Russian authorities are behind the group.

Head of InfoWatch Natalia Kasperskaya speculated that the attack could have been carried out by a CIA special unit.

Later it became known that DarkSide lost control of its servers and the funds obtained from ransom payments.

Google Play Apps Will Be Required to Report Data Collection

From next year, developers on Google Play Market will be required to provide data on what information about users they collect and how they protect privacy, The Verge reports.

The requirements are similar to those recently introduced by Apple, notes experts.

Britain and the United States Issue Guidance on Protection from “Russian Hackers”

The United Kingdom’s National Cyber Security Centre (NCSC) published guidance on defending against cyberattacks from Cozy Bear (also known as APT29 and The Dukes). The group is believed to be connected to Russian intelligence services. The report links the group to the Russian Foreign Intelligence Service (SVR).

The document notes that hackers use various tools, “primarily targeting foreign governments, diplomatic structures, think tanks, healthcare and energy organizations worldwide to obtain information.” An example is the SolarWinds breach.

Fake Chrome App Stole User Data

Pradeo researchers discovered a malicious campaign involving phishing and malware that impersonates the Chrome app for Android.

Initial scams sent SMS demanding payment of customs duties for deliveries. If the victim clicked the attached link, they were offered to update the Chrome app. The update was, in fact, malware.

Subsequently, victims were asked to pay about $2. If they paid, attackers gained access to card data.

Additionally, the malware covertly sent about two thousand SMS per week to random phone numbers in the background.

To remain undetected, the malware disguises itself as Google Chrome but has nothing to do with the official app, researchers noted.

Irish Health Service Targeted by Ransomware

The Health Service Executive (HSE) Ireland faced a ransomware attack, resulting in the shutdown of computer networks.

There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.

— HSE Ireland (@HSELive) May 14, 2021

As of the time of writing, there were no reports of ransom demands.

Also on ForkLog:

• The hacker extracted токены на $30 млн from the Spartan DeFi protocol.
• Fraudsters под видом сабреддита WallStreetBets stole over $2 million in cryptocurrency.
• DeFi project Rari Capital lost около $11 млн in a hack.
• Owners of sites with an audience of over 500,000 Russians want to require they открывать филиалы в РФ.
• VKontakte and Telegram оштрафовали for not removing prohibited information.
• The Russian FSB key storage system for applications обсуждалась in the Ministry of Foreign Affairs.
• Vladimir Putin suggested discussing запрет анонимности в интернете after the Kazan shooting.
• According to the media, police data утекли в сеть due to refusal to pay $4 million in bitcoins.
• Unknown pохитил криптовалюту в Telegram on behalf of Kuna’s founder.

What to Read This Weekend?

Pressure on social networks in Russia continues to rise. How exactly the new “self-censorship” law for social networks works and what it means for users and companies, read the link below:

Read ForkLog Bitcoin news in our Telegram — crypto news, rates and analytics.