Uber hack, Europe’s record DDoS attack and other cybersecurity events

We round up the week’s most significant cybersecurity news.

Uber was the target of a hacking attack

American Uber Technologies faced a hacking incident that forced it to shut down several internal systems.

On September 15, company employees received a message from the hacker on Slack. The attacker listed several databases he had compromised. To prevent data leakage, Uber disabled Slack and several other internal systems.

According to the latest information, the hacker who claimed responsibility for the breach was 18 years old. He said that by social engineering he obtained an employee’s password and VPN credentials.

As of writing, it was unclear what data fell into the attacker’s hands and how many people were affected.

Uber is cooperating with law enforcement authorities to investigate the incident.

American senator reveals third-party access to CBP data

The U.S. Customs and Border Protection (CBP) collects from Americans’ phones and other devices a vast database accessible to thousands of Department of Homeland Security (DHS) personnel, according to Senator Ron Wyden.

According to him, at the border, customs officers download the contents of devices, including text messages, images, and other personal information.

The entire content is then stored for 15 years in a central database accessible to about 2,700 DHS staff; viewing it does not require a stated reason.

Wyden said his office learned of CBP’s ‘egregious’ actions during agency briefings.

The total number of Americans whose data are stored in this database, and the frequency of queries, is not disclosed. However, in June, CBP estimated that it stores information from fewer than 10,000 phones per year.

Wyden urged the agency to present a written plan to address the issue by October 31.

1inch uncovers vulnerability in Profanity address generator

1inch Network co-founder Anton Bukov said that hundreds of Ethereum accounts created via Profanity are at risk.

The report states that keys to such addresses can be brute-forced. The service uses a 32-bit vector to fill 256-bit private keys.

Expanding the search space progressively significantly reduces the total number of hidden keys. Analysts at 1inch concluded that many of the addresses allegedly created by Profanity have already been replaced with hacked ones.

Using the exploit, hackers could covertly siphon funds for years. The exact amount of damage is unknown.

Akamai reports new record-breaking DDoS attack in Europe

On September 12, Akamai, the U.S.-based content delivery network, recorded a powerful DDoS attack against an unnamed client in Eastern Europe. The peak flood of requests reached 704.8 million packets per second.

Experts at the company identified and blocked 201 attacks originating from 1,813 IP addresses.

The incident beat the previous anti-record set during July’s similar incident. At that time, the company faced a sequence of DDoS attacks, split into waves. The peak powers reached 853.7 Gbit/s and 659.6 million packets per second.

The motives of the hackers are unknown.

Russian hackers used new malware to steal data from Ukrainian organizations

The Russian hacking group Gamaredon developed new malware aimed at Ukrainian organisations, researchers from Cisco Talos said.

The malware is capable of extracting specific information from victims’ computers. In particular, it has explicit instructions to steal files with extensions: .doc, .docx, .xls, .rtf, .odt, .txt, .jpg, .jpeg, .pdf, .ps1, .rar, .zip, .7z and .mdb.

The info stealer can also upload additional files from the command-and-control server with instructions on handling the stolen data.

Hackers deliver the software via phishing emails containing Microsoft Office documents with malicious VBS macros.

According to Cisco Talos, Gamaredon targets critical infrastructure, defence, security and law enforcement agencies.

The Gamaredon info-stalker was added to the VirusTotal database just over a month ago and is currently detected by no fewer than 50 antivirus engines. As of writing, the hacker campaign is active.

To protect against attacks, Cisco Talos recommended that organisations employ the IoC principle.

Group-IB records fivefold growth in domains for Bitcoin scams in H1 2022

Security researchers from Group-IB documented a fivefold rise in domain names for crypto scams via fake streams on YouTube channels impersonating Elon Musk, Vitalik Buterin and El Salvador’s President Nayib Bukele in the first half of 2022.

63% of fresh fake domains are registered with Russian registrars, but almost all resources target Western crypto investors.

Over six months the fake cryptocurrency airdrop scheme scaled up: experts found more than 2,000 domain registrations for fraudulent promo sites.

On average, the number of viewers of such YouTube streams ranges from 10,000 to 20,000, counting inflated bot views.

Also on ForkLog:

• AI tracked Instagram bloggers by cameras in public places.
• A wave of scams about The Merge on Twitter impersonating Vitalik Buterin.
• In the Netherlands, a suspect in Bitcoin wallet Electrum fraud was arrested.
• The Cream Finance hacker converted stolen $1.75 million to Bitcoin.
• In Australia, there was a rise in Bitcoin scams recorded.

What to read this weekend?

Let’s recall the biggest DeFi incident of 2020 and read how hackers muddied the traces after the Harvest Finance attack.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.