in the letter Last year, thieves working for the North Korean government stole nearly $400 million in digital cash in a coordinated attack to steal and launder as much money as possible.
One Report Attackers are tracking investment firms and currency exchanges to steal funds and return them to Glorious Leader’s vaults, Chainalysis from blockchain biz found. They then use mixing software to make a large number of micropayments to the new wallet, then merge them again into a new account and transfer the funds.
Bitcoin used to be the number one target, but ether is now the most stolen currency, accounting for 58 percent of stolen funds, the researchers said. Bitcoin is only 20% down, down more than 50% since 2019 – although part of the reason may be that they are so valuable now that people care more about them.
“These actions paint a portrait of a nation that supports cryptocurrency crime on a massive scale,” the report found. “The systematic and sophisticated North Korean government — whether through the Lazarus Group or other criminal groups — has cemented itself in 2021. Advanced persistent threat to the cryptocurrency industry.”
Football fans furious after FIFA 22 after top players’ accounts are taken over
Electronic Arts (EA) has confirmed that some of the top players in the FIFA 22 football (free speech football) game have been taken over after conceding the ball.
“Through our initial investigation, we can confirm that some accounts have been compromised through phishing techniques,” EA said in a statement statement.
“Utilizing threats and other ‘social engineering’ methods, malicious individuals were able to exploit human error within our customer experience team to bypass two-factor authentication to access player accounts.”
In response, EA said it has enhanced its account verification process and is training employees to be on the lookout for behavior that indicates foul play. It said it would take time and could lead to delays in support, but asked fans not to show red cards.
U.S. government warns of online intrusions by Russia and Iran, exposes tools
It’s been a busy week for those monitoring government hacking threats, beginning with warnings from the FBI, NSA and CISA that Russian state online spies are breaking into U.S. systems, followed by a U.S. Cyber Command report on Iran’s online adversaries.
Russians first target U.S. government, energy and infrastructure companies Advisory warning, and is using advanced strategies to do so. Key protection, they suggest, is frequent logging and checking of network activity, but also watch out for unexpected device activity, such as unplanned reboots, and multiple failed account login attempts.
Not to be outdone, U.S. Cyber Command released a report to an online gang called MuddyWater, which the agency says operates under the auspices of Iran’s Ministry of Intelligence and Security. Primarily an intelligence-gathering group, it has been targeting other Middle Eastern countries but is now expanding operations in the United States and Western Europe.
MuddyWater is good at using open source tools and sideloading DLLs, and they are also good at using tunnels to shield their activity. VirusTotal has been notified that you can get full details here.
Texans hit by QR code phishing campaign
Residents of the Lone Star State have been continuous attack From a QR code phishing scam using a flow meter designed to collect credit card information.
Police in Austin, Houston and San Antonio are warning of unidentified people attaching fake QR codes to parking meters to redirect users to elaborate phishing sites. When meter users try to pay for their parking, they simply hand over their card information to criminals.
What makes this form of attack particularly bizarre is that none of the target cities actually use QR codes on their meters. “We’ve spoken to industry professionals who have warned us about the use of QR codes, which is why we simply don’t use QR codes on our infrastructure,” said Jason Redfern, Parking Enterprise Manager, Austin tell fox 7.
Still using WordPress? Plugin vulnerabilities increased 142% last year
WordPress is a very popular platform, but security is not one of its strengths, as a review of its progress in 2021 shows.
Research Risk-Based Security Findings The number of vulnerabilities discovered in WordPress plugins jumped 142% last year, with 77% containing known public vulnerabilities and 73% remotely exploitable. While the average rating for flaws using the Common Vulnerability Scoring System is 5.5, there are still some pretty nasty issues to fix.
“There are more than 58,000 free plugins available for download, and tens of thousands more available for purchase,” the report warns. “Unfortunately, few are designed with security in mind, so a single vulnerability could affect millions of users.”
