Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: A DeFi platform enables the perfect crime, CISA discovers cyber sabotage tools aimed at US energy sector, and a reminder that we need to keep all software up to date, not just Windows.
This week’s action: Tell your staff about the brands the bad guys love.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1: Discovery of cyber sabotage tools aimed at US energy sector
“Multiple U.S. government agencies issued a joint alert warning of the discovery of a suite of malicious cyber tools created by unnamed advanced threat actors that are capable of sabotaging the energy sector and other critical industries. [..] The Cybersecurity and Infrastructure Security Agency, which published the alert, declined to identify the threat actor. [..] The U.S. government has warned critical infrastructure industries for possible cyberattacks from Russia as retaliation for severe economic sanctions imposed on Moscow in response to its Feb. 24 invasion of Ukraine. Officials have said that Russian hacker interest in the U.S. energy sector is particularly high.”
Read more: https://apnews.com/article/technology-business-north-america-malware-300f886c2757a9e6bd96f1ee20a8f5db via Secure The Village
2: You may focus on Windows updates. But you should keep up with browser updates too.
A recent post on the Naked Security blog discusses the latest vulnerabilities discovered in Chromium-based browsers.
“For the third time this year, Google’s Chrome browser has quietly received a security update together with the dreaded words, “Google is aware that an exploit […] exists in the wild.”
In other words, the bad guys are already using the vulnerability in their attacks.
The vulnerability is in a component that is also used by other Chromium-based browsers, such as the Microsoft Edge browser. The solution is to upgrade to the latest version of the software.
This is a useful reminder about the importance of keeping all software up to date, not just the operating system.
Read more: https://nakedsecurity.sophos.com/2022/04/16/yet-another-chrome-zero-day-emergency-update-patch-now/
3: Cryptocurrency, DeFi and the perfect crime.
The second Naked Security article this week discusses what looks like the perfect crime, assuming it could even be regarded as a crime.
Naked Security provides an excellent and plain English explanation of how events unfolded on the Beanstalk De Fi platform to enable an unidentified individual to walk away with USD $76 million of other people’s money. In response, the only thing Beanstalk could do was to ask for the money back. In return, they have offered the individual 10% of the original sum as a reward for revealing the underlying flaws in Beanstalk’s operating model.
Where boring ‘TradFi’ firms like banks have boring things like vaults with time-locks, cool NewFi organisations have source code.
Read more: https://nakedsecurity.sophos.com/2022/04/19/beanstalk-cryptocurrency-heist-scammer-votes-himself-all-the-money/
2: $615 million
USD $615 million is the value of cryptocurrency stolen during an attack on Axie Infinity, a popular blockchain game which lets players earn cryptocurrency while they play.
“North Korean state-backed hacking collective Lazarus Group is linked to [the] massive cryptocurrency hack [..] North Korea has attempted to use crypto as a way to evade U.S. sanctions on numerous occasions, according to cybersecurity experts, raising concerns about the possible use of digital assets for Russian sanctions evasion amid the Ukraine war.
“Proponents of cryptocurrencies say they are an ineffective tool in laundering ill-gotten gains, since activity is recorded on a public ledger known as the blockchain. However, criminals have a number of techniques at their disposal to launder crypto.”
According to blockchain analytics firm Elliptic, the cyber attackers have already managed to launder almost 20% of the stolen funds (over $100 million), mainly through unregulated exchanges and mixers.
Read more: https://www.cnbc.com/2022/04/15/ronin-hack-north-korea-linked-to-615-million-crypto-heist-us-says.html via Secure The Village
“LinkedIn accounted for 52% of all phishing-related attempts analyzed by Check Point” in Q1 2022. LinkedIn takes over from DHL, which held the top spot in the previous quarter. “Beyond LinkedIn and DHL, other brands that appeared on the list included Google, Microsoft, FedEx, WhatsApp, Amazon, Maersk, AliExpress and Apple.”
Read more: https://www.techrepublic.com/article/linkedin-most-exploited-brand-phishing
1: Tell your staff about the brands favoured by the bad guys
If you haven’t spoken to your staff recently about how the bad guys target them with phishing emails, now is a good time to do it. Based on Check Point’s analysis, remind staff to watch out for emails that appear to come from well-known platforms and brands – LinkedIn, DHL, Google, Microsoft, WhatsApp, Amazon, Apple, FedEx – to name just a few.
If you want to put comprehensive cyber training and testing in place so your staff are no longer your weakest link, my training solutions might be a good fit.