Japanese Exchange Bitpoint Hit By $32m Cyber-Attack

By: Phil Muncaster

Japan-based cryptocurrency exchange Bitpoint has become the latest to lose tens of millions of dollars in a cyber-attack.

The firm said it was forced on Friday to stop all services — including withdrawals, deposits, payments, and new account openings — while it investigated the incident. It has also notified the relevant authorities in Japan.

Hackers managed to steal funds not only from the firm’s hot wallets, but also its offline cold wallets. After first detecting an error in Ripple remittances, Bitpoint said it realized it had been the victim of a cyber-attack. It then took another three hours before the firm realized the attack also compromised funds stored in Bitcoin, Bitcoin Cash, Litecoin, and Ethereal.

A total of around 3.5 billion yen ($32 million) had been stolen, most ($23m) of which were customer-owned funds. The remainder belonged to Bitpoint, but it’s not clear at this stage whether the firm is planning to reimburse its customers.

The firm is the latest in a long line of cryptocurrency exchanges to come under the scrutiny of cyber-criminals. Last year, two Japanese exchanges were hit: Zaif lost 6.7bn yen ($60m) after hackers stole it from a hot wallet, while Coincheck lost 500m NEM tokens worth $530m at the time.

Just last month, Singaporean cryptocurrency exchange Bitrue was estimated to have lost around $4.5m in funds after hackers breached a hot wallet and moved the funds to other exchanges. A month previous, hackers stole in the region of $41m from Binance in a single hot wallet transaction.

More: https://www.infosecurity-magazine.com/news/japanese-exchange-bitpoint/

Who are the hackers who cracked the iPhone?

By: Dave Lee

Israel-based organization called NSO Group. / AFP PHOTO / JACK GUEZ

What do we know about the curious, secretive NSO Group? Very little – but after this week, an awful lot more than we did before.

The group, an Israeli-based but American-owned company, specialises in creating what it calls tools against crime and terrorism. But the security researchers call them something else: a cyber arms dealer.

On Thursday, the NSO Group was thrust into international headlines after being credited with creating malicious software capable of “jailbreaking” any iPhone with just one tap of the screen, and then installing vicious spyware.

Factfile: NSO

  • Founded in 2010 and has had several different names
  • Based in Herzliya, Israel, and owned by US investment firm Francisco Partners
  • Could be worth $1bn

Security-savvy human rights lawyer Ahmed Mansoor found himself targeted by the attack when his iPhone received a message promising “secrets” about torture happening in prisons in the United Arab Emirates.

Had he tapped on the link, the phone would have been plundered. Huge amounts of private data: text messages, photos, emails, location data, even what’s being picked up by the device’s microphone and camera.

Thankfully, he didn’t do that. Instead, he passed on the message to experts at Citizen Lab and Lookout, who peeled back the covers on what they described as one of the most sophisticated cyber weapons ever discovered. With it came evidence that it was the NSO Group’s expertise at the heart of it all.

Big money deals

Earlier this year, UK-based watchdog Privacy International launched a database tracking the global trade of cyber arms. Its intention was to track deals between cyber arms companies and governments.

According to the Surveillance Industry Index (SII), the NSO Group was founded in 2010 and is based in Herzliya, an attractive city north of Tel Aviv that is known as being a cluster of tech start-ups. The group was likely funded by the elite 8200 Intelligence Unit, an Israeli military-funded scheme for start-ups.

According to Forbes, the 8200 Intelligence Unit was heavily involved in providing expertise and funding for Stuxnet, a cyber attack on Iran that was a joint operation between the US and Israel.

More: https://www.bbc.com/news/technology-37192670

Potential global cyber attack could cause $85 billion-$193 billion worth of damage: report

By: Noor Zainab Hussain Tanishaa Nadkar

(Reuters) – A co-ordinated global cyber attack, spread through malicious email, could cause economic damages anywhere between $85 billion and $193 billion, a hypothetical scenario developed as a stress test for risk management showed.

Insurance claims after such an attack would range from business interruption and cyber extortion to incident response costs, the report jointly produced by insurance market Lloyd’s of London and Aon said on Tuesday.

Total claims paid by the insurance sector in this scenario is estimated to be between $10 billion and $27 billion, based on policy limits ranging from $500,000 to $200 million.

The stark difference between insured and economic loss estimates highlights the extent of underinsurance, in case of such an attack, the stress test showed. An attack could affect several sectors globally, with the largest losses in retail, healthcare, manufacturing and banking fields.

Regional economies that are more service dominated, especially the United States and Europe, would suffer more and are vulnerable to higher direct losses, the report said.

Cyber attacks have been in focus after a virus spread from here Ukraine to wreak havoc around the globe in 2017, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and even halting production at a chocolate factory in Australia.

Governments are increasingly warning against the risks private businesses face from such attacks, both those carried out by foreign governments and financially motivated criminals.

More: https://www.reuters.com/article/us-wirecard-stocks/wirecard-denies-ft-report-alleging-financial-wrongdoing-idUSKCN1PO25C

Hundreds of German Lawmakers Targeted in Mass Cyber Attack

By: David Gilbert

REUTERS/Wolfgang Rattay

A stolen cache of personal information belonging to nearly 1,000 German politicians — including outgoing Chancellor Angela Merkel — has been leaked, according to a report published Thursday.

The information includes everything from phone numbers and credit card details to private messages with family members, German media said.

The hack has impacted national, regional and EU politicians from all major parties except for members of the far-right Alternative for Germany (Alternative für Deutschland, or AfD) party. Journalists, musicians, comedians and activists were also targeted.

There is currently no indication of who was behind the attack, but the hacker or hackers leaked information for more than a month on Twitter before the media picked it up.

The scale of the hack was first reported by RBB, leading Justice Minister Katarina Barley to call it a “serious attack” Friday morning.

“The people behind this want to damage confidence in our democracy and institutions,” Barley said.

The federal office for information security (BSI) said Friday it was investigating, adding that government networks had not been affected.


Cybercrime Damages $6 Trillion By 2021

By: Steve Morgan

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades

The 2017 Official Annual Cybercrime Report is sponsored by Herjavec Group,  a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom. Download PDF

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

The cybercrime prediction stands, and over the past year it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally.

The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

More: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Cosmos Bank loses $13.5 million in cyber attack

By: Rajendra Jadhav

MUMBAI (Reuters) – Cyber criminals hacked the systems of India’s Cosmos Bank and siphoned off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police.

The co-operative bank said unidentified hackers stole customer information through a malware attack on its automated teller machine (ATM) server, withdrawing 805 million rupees in 14,849 transactions in just over two hours on Aug. 11, mainly overseas.

Apart from the ATM withdrawals, the hackers transferred 139 million rupees to a Hong Kong-based company’s account by issuing three unauthorised transactions over the SWIFT global payments network, the bank said in a police complaint, a copy of which was seen by Reuters.

SWIFT, whose messaging system is used to transfer trillions of dollars a day, said it did not comment on individual cases.

Cosmos Bank, based in the western city of Pune, said in a press statement that its main banking software receives debit card payment requests via a “switching system” but it was bypassed in the attack.

More: https://in.reuters.com/article/cyber-heist-india/cosmos-bank-loses-13-5-million-in-cyber-attack-idINKBN1KZ1J9

SingHealth Attack Potentially State-Linked

By: Kacy Zurkus

Last month’s cyber-attack on SingHealth, which resulted in the breach of 1.5 million health records, might have been the work of an advanced persistent threat group, according to information disclosed by S. Iswaran, Singapore’s minister for communications and information in Parliament today.

Though reluctant to provide any specifics about which state might be behind the attack, Iswaran said that the detailed analysis of the attack, done by the Cyber Security Agency (CSA) of Singapore, indicated that it was likely a state-linked group because of the level of sophistication used by the attackers.

According to a 20 July press release, “CSA has ascertained that the cyber-attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.”

When pressed to attribute the attack to a specific state, Iswaran reportedly said,“In this sort of matter, while one can have a high level of confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility, and this is the kind of evidentiary threshold that may not stand up in a court of law. But at the operational level, the agencies that are involved have a high level of confidence,” according to Today Online.

More: https://www.infosecurity-magazine.com/news/singhealth-attack-potentially/

Liberty Financial Services Confirms It Has Been Hacked

By: Abeerah Hashim

Hacking for ransom seems to be a constant methodology used by hackers these days. Lately, another company faced just this with a ransom demand. This time, the financial service company Liberty was the victim. After noticing suspicious activity, the company put up a notice on its website informing customers and shareholders of the situation.

Financial Service Company Liberty Hacked For Ransom

Saturday evening, South Africa’s financial service company Liberty Group faced a cyber attack. They have put up a notice on their website informing customers and stakeholders about the incident. Apparently, the motivations of the hackers was about money as the hackers demand ‘compensation’. Anyone accessing their website will first come across this notice.

Liberty group hacked

Besides informing people through the website, they also informed their customers through SMS. One such customer, who was shocked by the news, contacted them via their Facebook page. Fortunately, Liberty’s marketing team is actively communicating with it’s users to reassure them that they are working on remediating the problem.

More: https://latesthackingnews.com/2018/06/17/liberty-financial-services-confirms-it-has-been-hacked/

Effects of Cyber-Attack Still Unfold for Atlanta

By: Kacy Zurkus

Even though it’s been more than two months and $2.7 million since a major ransomware attack nearly crippled the city of Atlanta, the aftershock continues to impact municipal employees across several departments.

At a 6 June Department of Atlanta Information Management (AIM) meeting, a city official requested an additional $9.5 million to try and correct the affected systems. Infosecurity Magazine attempted to contact AIM but has not received a response.

The city continues to work with private and government partners to understand the full scope of the attack’s impact, but Atlanta’s interim chief information office, Daphne Rackey, reportedly said that the number of impacted applications is more than 30% of the 424 mission critical programs. That number “seems to grow every day,” Rackey reportedly told the Atlanta city council.

The attack, which came with the demand for $51,000 worth of Bitcoin that the city said it did not pay, encrypted city files, leaving customers unable to access city applications. Information on current city operations is available to residents, but whether any lost data has been restored is unclear because the city’s website has not updated information on the attack since 30 March.

Several different agencies are said to have told the city council on 6 June that their workplace has yet to return to normal. “This has been painful on many fronts,” Atlanta police chief Erika Shields told WSB-TV in a live interview on 1 June. Referring to the police dashcam data that was lost in the attack, Shields said, “That is lost and will not be recovered. That could compromise potentially a DUI case.”

It’s unclear what has been most painful for the department, however, because Shields also said that she is not overly concerned. “It’s a tool, a useful tool, but the dashcam doesn’t make cases for us.”

More: https://www.infosecurity-magazine.com/news/effects-of-cyber-attack-still/

With paper and phones, Atlanta struggles to recover from cyber attack.

By: Laila Kearney

(Reuters) – Atlanta’s top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper.

On an Easter and Passover holiday weekend, city officials labored in preparation for the workweek to come.

Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating “ransomware” virus attacks to hit an American city.

Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists attacked Atlanta’s computer network with a virus that scrambled data and still prevents access to critical systems.

“It’s extraordinarily frustrating,” said Councilman Howard Shook, whose office lost 16 years of digital records.

One compromised city computer seen by Reuters showed multiple corrupted documents with “weapologize” and “imsorry” added to file names.

Ransomware attacks have surged in recent years as cyber extortionists moved from attacking individual computers to large organizations, including businesses, healthcare organizations and government agencies. Previous high-profile attacks have shut down factories, prompted hospitals to turn away patients and forced local emergency dispatch systems to move to manual operations.

Ransomware typically corrupts data and does not steal it. The city of Atlanta has said it does not believe private residents’ information is in the hands of hackers, but they do not know for sure.

City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department.

More: https://mobile-reuters-com.cdn.ampproject.org/c/s/mobile.reuters.com/article/amp/idUSKBN1H70R0