Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Private Keys. Show all posts

Crypto Phishing Scams: $47M Lost in February

 


In February, cybercriminals orchestrated a series of sophisticated crypto phishing scams, resulting in a staggering $47 million in losses. These scams, often initiated through social media platforms like X (formerly Twitter), saw a dramatic 40% surge in victims compared to January, with over 57,000 individuals falling prey to their deceitful tactics. Despite the increase in victims, the overall amount lost decreased by 14.5%, indicating a slight reprieve amidst the relentless onslaught of crypto-related scams.

Leading the charge in terms of losses were Ethereum (ETH) and the layer-2 network Arbitrum (ARB), accounting for three-quarters and 7.4% of the total losses, respectively. ERC-20 tokens, a popular form of cryptocurrency, constituted a staggering 86% of the assets pilfered by cybercriminals, highlighting their preference for easily transferable digital assets.

At the heart of these scams lies a cunning strategy: impersonating legitimate entities, such as well-known crypto projects, to trick unsuspecting users into divulging sensitive information like private keys. These keys serve as a gateway to users' digital wallets, which are subsequently raided by the scammers, leaving victims reeling from substantial financial losses.

Scam Sniffer, a prominent anti-scam platform, shed light on the prevalent use of fake social media accounts in these fraudulent schemes. By impersonating X accounts of reputable crypto projects, phishers exploit users' trust in official channels, coaxing them into unwittingly surrendering their private keys.

The year 2023 witnessed a staggering $300 million in losses due to crypto phishing scams, ensnaring over 320,000 users in their intricate web of deception. In recent times, scammers have adopted a new tactic, luring users with enticing "airdrop claim" links, which, unbeknownst to the victims, serve as traps to drain their wallets of funds.

Even high-profile entities like MicroStrategy have fallen victim to these scams, with their social media accounts compromised to disseminate phishing airdrop links. Additionally, the email services of reputable Web3 companies have been hijacked to distribute fraudulent airdrop claim links, resulting in significant financial losses for unsuspecting victims.

To shield themselves from falling prey to these scams, users are urged to exercise utmost vigilance and meticulously scrutinise any suspicious communication. Signs such as typographical errors, content misalignment, and grammatical inconsistencies should serve as red flags, prompting users to exercise caution when engaging with crypto-related content online.

By staying informed and adopting proactive measures, individuals can practise safety measures against these malicious schemes, safeguarding their hard-earned assets from falling into the clutches of cybercriminals.


Private Keys for Intel Boot Guard Have Reportedly Been Leaked, Jeopardizing the Security of Many PCs

 

Every other day, hackers are out there committing a new attack, exploiting a vulnerability, or attempting to extort people with ransomware. MSI is the latest victim, with hackers disclosing material acquired from a last-month breach of MSI's systems. 

This has the potential to be a major situation. According to tweets from Binarly founder Alex Matrosov, at least some of the previously stolen 1.5TB of data has been vulnerable. Private keys, some of which seem to be Intel Boot Guard keys, are included in the data. The leak of such keys affects not only MSI computers but also those from other vendors like Lenovo and Supermicro. Supermicro reached out to PC Gamer stating that based on its current review, its products are not affected by this breach.

Boot Guard is a cryptographic system that prevents fraudulent UEFI firmware or modified BIOS from being executed on PCs. Bypassing these checks, an attacker could acquire complete access to a system, access secure data, or utilize it for any variety of illicit activities.

Given the potential of so-called secondary downloads, the use of UEFI keys is especially concerning. Using typical phishing or email delivery strategies, any malware produced as a result of a firmware update including these keys would appear genuine, and antivirus software would ignore it.

The data was released after a group called Money Message claimed responsibility for the hack of MSI's internal systems (via Bleeping Computer(opens in new tab)). MSI was ordered to pay the organization $4,000,000. The release of the data would suggest that MSI didn't pay up.

The consequences of this breach will take time to assess, not to mention the time it may take to devise mitigations. In the following days, we might expect statements from the relevant parties. Meanwhile, exercise caution and avoid downloading any BIOS, firmware, or system software from sources other than the authorized website. This is true of all system software, not just MSIs.  

Sushiswap Smart Contract Exploited in $3.3 Million Hack

Sushiswap, a popular decentralized cryptocurrency exchange, recently fell victim to a smart contract hack that resulted in a loss of $3.3 million. The hack highlights the need for stronger cybersecurity measures in the cryptocurrency industry and the importance of taking proactive steps to protect one's funds.

According to reports by Yahoo Finance, the hack involved an exploit in the smart contract of the exchange's lending platform, called Kashi. The attacker was able to use the exploit to transfer funds from the platform's vault to their own account, resulting in the loss of $3.3 million worth of cryptocurrency.

While the hack itself is concerning, what's more, concerning is the fact that the vulnerability in the smart contract was known to the Sushiswap team. A security audit had identified the vulnerability, but the team had not yet implemented the necessary fixes at the time of the attack.

In the aftermath of the hack, Sushiswap has urged its users to take steps to secure their accounts, such as changing their passwords and enabling two-factor authentication. Additionally, the exchange has promised to compensate users affected by the hack.

However, as a user of any cryptocurrency exchange, it's essential to take proactive steps to protect one's funds. This includes using a hardware wallet to store funds securely and never sharing private keys or passwords with anyone.

Moreover, it's crucial to conduct research and choose exchanges with strong cybersecurity measures in place, such as multi-signature authentication and cold storage of funds. It's also important to keep an eye out for any suspicious activity and report it to the exchange immediately.

The Sushiswap hack serves as a reminder that cybersecurity risks are prevalent in the cryptocurrency industry. It is essential to take proactive steps to protect your funds, such as using a hardware wallet and choosing exchanges with strong security measures. By staying informed and vigilant, users can reduce the risk of falling victim to cyber-attacks and safeguard their cryptocurrency investments.

This OpenSSL Flaw Could Lead to Remote Code Execution

 

A high-severity vulnerability in OpenSSL might allow a hostile actor to execute the malware on server-side devices. 

OpenSSL is a widely used encryption library that provides an open source version of the SSL and TLS protocols. It offers tools for, among other things, creating RSA private keys and performing encryption and decryption.  

An alert indicates that the OpenSSL 3.0.4 version introduced a "serious bug" in the RSA implementation for X86 64 CPUs supporting the AVX512IFMA instructions. Because of this flaw (CVE-2022-2274), the RSA implementation with 2048-bit private keys is incorrect, resulting in memory corruption during the computation. 

As a result of the memory corruption, an attacker may be able to perform RCE on the system performing the computation, OpenSSL maintainers said. On June 22, 2022, Xi Ruoyao, who also built the patch, reported this problem to OpenSSL. 

This problem affects SSL/TLS servers and other servers that use 2048-bit RSA private keys and operate on computers that implement AVX512IFMA instructions of the X86 64 architecture. 

“On a vulnerable machine, proper testing of OpenSSL would fail and should be noticed before deployment,” the advisory reads. 

Users using OpenSSL 3.0.4 should update to OpenSSL 3.0.5. This problem does not affect OpenSSL 1.1.1 or 1.0.2.