The Red Cross gets hacked and half a million are affected, $34 Million in Cryptocurrency is stolen in a hack, and the FBI warns about malicious QR codes! All that coming up now on ThreatWire.
Greetings!! I’m Shannon Morse and this is ThreatWire for January 25 2022 - this is your summary of the threats to our security, privacy and Internet freedom. THANK YOU to Erik for leveling up in the Alliance, and to Spyder and Sai for joining on Patreon.com/threatwire. Patrons get a new perk starting this month! Now, Alliance members on patreon will get early access to the show on youtube. And you keep this show ad free. January is a tough month because a lot of people drop out of Patreon after the holiday season so any contribution helps and you get perks so it’s a win win. We have some important hacks in the news this week so, onto the first story. According to a news release made by the International Committee of the Red Cross (ICRC) on Wednesday, a cyberattack targeting the Red Cross Red Crescent data affected over 515,000 Vulnerable people, and now they are asking the attacks not to share, sell, leak, or expose the information stolen. The data stolen includes personal information for more than 515,000 people who use this platform called Restoring Family Links to find missing persons who have been separated due to state conflicts, migrations, or natural disasters, along with people in detention. The data comes from 60 different Red Cross and Red Crescent National Societies across the globe, so it spans several countries. This also affected about 2000 login credentials belonging to staff and volunteers The attackers targeted the servers used to store ICRC data, not the Swiss company that hosted them which the committee clarified on Friday after incorrect reports. The data exists on this unnamed Swiss companies servers, but it was a direct attack on the ICRC data. While this wasn’t a ransomware attack, this did cause the ICRC to shut down the systems that operate the Restoring Family Links program while an investigation is underway. The Committee detected the attack last week. According to the ICRC’s director general, this program helps reunited 12 missing people per day on average and this cyberattack and ones like it “jeopardize that essential work”. We don’t know who is behind this attack or why they did it, but hopefully they’ll do the right thing and not put vulnerable people in harm's way. The ICRC is open to communicating with the attackers confidentially. The world’s third largest cryptocurrency trading platform was hit with a cyberattack last week that compromised 483 customer accounts and led to $34 million crypto to be withdrawn. Crypto.com was targeted and US $33.8 million was stolen, though the CEO stated in multiple interviews that customer funds are not at risk. The hack caused about $15 million in ethereum, $18.6 million bitcoin and $66,000 misc crypto to be stolen from the platform. The attack was detected on January 17th, at which time Crypto.com suspended withdrawals for about 14 hours. 2FA tokens were also revoked, So users had to re-sign in and set up new 2FA tokens for access. While this crypto was stolen via unauthorized withdrawals, the platform fully reimbursed affected users. Transactions resumed on January 18. According to a Crypto.com post, their risk monitoring systems detected the attack, and saw transactions being approved without 2FA authentication, meaning the 2FA was being bypassed by attackers. The company migrated to a completely new 2FA infrastructure in response. They also added that the company will be moving away from 2FA and moving to true multi factor authentication for end user security, and beefing up security with an Account Protection Program, which will offer better security for funds within the App and exchange. APP would also restore funds up to $250,000 in the event of unauthorized access. A lot of technical information regarding this attack has not been shared with the public. For example - who was behind this attack? How were they able to bypass 2FA Restrictions for withdrawals? What protocol was being used to implement 2FA and how does the new infrastructure fix these problems? Hopefully Crypto.com will share some of this information with their customers to ease some of the concerns shared via social media. Big shoutout to my Hush Puppy perk level patrons for sharing their fur baby photos and for the support. My patreon exclusive live video hangout happens this week, and you can access it if you join anytime before Thursday morning. Let’s finish out today’s episode with my Patreon pick for a top story, originally shared by my patron who goes by the name “the one who knocks their head on every bluming door lintol”. Let’s chat about QR Codes. The FBI wants you to know that QR codes are bad and scary. Ok, not entirely. But cybercriminals are using QR codes to steal money from victims, and the FBI released a statement warning folks about this. QR codes are those little squares made out of a bunch of pixels that can be recognized by a smartphone camera app. Restaurants have been using these for the past two years to direct customers to online menus due to the pandemic, and they’re often used in advertising or as quick links. This isn’t a new problem, but it’s become a popular threat vector, so the FBI was prompted to warn individuals about it’s use. QR Codes aren’t bad in essence, but if tampered with, they could be used for malicious purposes. In this case, the codes are being used by attackers redirect users to malicious sites, which prompt them to input login and financial information, which allows the attacker to potentially steal funds from victim accounts. These codes can also contain malware, allowing the attacker to gain access to the victims device. So, the FBI tells folks to proceed with caution. When you’re scanning a QR code that should simply take you to a checkout portal or an online menu, check the URL to make sure it look authentic and is spelled correctly, if a site asks you for login information after loading from a scanned QR code, practice caution. Don’t download apps from a QR code - go directly to your Google or Apple app Store instead. If you get an email saying a payment failed and to scan a QR code to try payment again, call the company to verify, and make sure you’re using a phone number found through a trusted site (for example, I use google maps to find business phone numbers). Use your phones built in camera app to scan QR codes instead of a third party app - of course, if you use an older smartphone, your camera app may not recognize QR codes. And if you need to make a payment to someone, go to their website address directly, bypassing the QR code. Scammers may use QR codes in emails crafted to steal data instead of using clickable links because these codes make it easier for them to bypass email filters. In the real world, don’t scan random QR codes you find in the wild, and if you see a QR code taped onto a menu or a sign, or printed on a sticker and placed somewhere, don’t scan it. All of this falls under the rule of using good security hygiene, but should be used as a good reminder of how this digital code can be used maliciously in the real world as well.
Post a Comment