Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Breach. Show all posts
Security Breach
Crypto Exchange Crypto Hack cryptocurrency Cyber Attacks Digital Assets Lazarus Group Security Breach

Bybit Crypto Exchange Hacked for $1.5 Billion in Largest Crypto Heist

 

Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack, now considered the largest in crypto history, compromised the exchange’s cold wallet—an offline storage system designed to provide enhanced security against cyber threats. 

Despite the breach, Bybit CEO Ben Zhou assured users that other cold wallets remain secure and that withdrawals continue as normal. Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen funds as they were quickly moved across multiple wallets and laundered through various platforms. Most of the stolen assets were in ether, which were liquidated swiftly to avoid detection. 

The scale of the attack far exceeds previous high-profile crypto thefts, including the $611 million Poly Network hack in 2021 and the $570 million stolen from Binance’s BNB token in 2022. Investigators later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for targeting cryptocurrency platforms. The group has a history of siphoning billions from the digital asset industry to fund the North Korean regime. 

Experts say Lazarus employs advanced laundering techniques to hide the stolen funds, making recovery difficult. Elliptic’s chief scientist, Tom Robinson, confirmed that the hacker’s addresses have been flagged in an attempt to prevent further transactions or cash-outs on other exchanges. However, the sheer speed and sophistication of the operation suggest that a significant portion of the funds may already be out of reach. The news of the breach sent shockwaves through the crypto community, triggering a surge in withdrawals as users feared the worst. 

While Bybit has managed to stabilize outflows, concerns remain over the platform’s ability to recover from such a massive loss. To reassure customers, Bybit announced that it had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations. The Lazarus Group’s involvement highlights the persistent security risks in the cryptocurrency industry. Since 2017, the group has orchestrated multiple cyberattacks, including the theft of $200 million in bitcoin from South Korean exchanges. 

Their methods have become increasingly sophisticated, exploiting vulnerabilities in crypto platforms to fund North Korea’s financial needs. Industry experts warn that large-scale thefts like this will continue unless exchanges implement stronger security measures. Robinson emphasized that making it harder for criminals to profit from these attacks is the best deterrent against future incidents. 

Meanwhile, law enforcement agencies and crypto-tracking firms are working to trace the stolen assets in hopes of recovering a portion of the funds. While exchanges have made strides in improving security, cybercriminals continue to find ways to exploit weaknesses, making robust protections more crucial than ever.
Read more »
Security Breach
browser hijacking Chrome Extension Cyber Security Cybersecurity Data Theft Google Workspace Hacking phishing Security Breach

New 'Browser Syncjacking' Attack Exploits Chrome Extensions for Full Device Takeover

 

'Browser Syncjacking,' which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim's device—all through a seemingly harmless Chrome extension.

This stealthy multi-stage attack requires minimal permissions and almost no user interaction beyond installing a malicious Chrome extension. The attack begins with:

1. Fake Google Workspace Setup – Attackers create a fraudulent Google Workspace domain with pre-configured user profiles where security features like multi-factor authentication are disabled.

2. Publishing a Malicious Extension – A Chrome extension, disguised as a useful tool, is uploaded to the Chrome Web Store.

3. Social Engineering Trap – Victims are tricked into installing the extension, which then secretly logs them into an attacker's managed Google Workspace profile via a hidden browser session.

4. Sync Activation – The extension opens a legitimate Google support page and injects content instructing users to enable Chrome Sync. Once activated, attackers gain access to stored credentials, browsing history, and other sensitive data.

5. Full Browser Takeover – Using deceptive tactics, such as a fake Zoom update prompt, the extension delivers an executable file containing an enrollment token. This grants attackers full control over the browser.

"Once enrolled, the attacker gains full control over the victim's browser, allowing them to silently access all web apps, install additional malicious extensions, redirect users to phishing sites, monitor/modify file downloads, and many more," explains SquareX researchers.

By leveraging Chrome's Native Messaging API, attackers establish a direct communication channel between the malicious extension and the victim's operating system. This enables them to:
  • Browse directories
  • Modify files
  • Install malware
  • Execute commands
  • Capture keystrokes
  • Extract sensitive data
  • Activate the webcam and microphone
The Browser Syncjacking attack is difficult to detect. Unlike traditional extension-based threats that require extensive social engineering, this method operates with minimal user interaction.

"Unless the victim is extremely security paranoid and is technically savvy enough to constantly navigate the Chrome settings to look for managed browser labels, there is no real visual indication that a browser has been hijacked," the report warns.

Recent incidents, including hijacks of legitimate Chrome extensions, have demonstrated that browser extensions pose significant cybersecurity risks.

BleepingComputer has reached out to Google for comments on this new attack and will provide updates as soon as a response is received.
Read more »
Security Breach
CNI Email malware phishing Security Breach

Email Attacks Target 80% of Key Infrastructure Firms, Study Reveals

 


Strong security for emails is one of the top concerns of CNI dealing companies. According to a recent OPSWAT report, 80% of CNI companies reported an email-related security breach in the past year. Malicious emails are being exploited to target essential services, and email-based attacks are increasingly used as a key strategy for gaining unauthorised access.

CNI organisations, such as utilities, transportation, telecommunications, and data centres, are prime targets for cybercriminals. The appeal lies in the widespread disruption a successful attack can cause. For example, a report from Malwarebytes highlighted that the services industry, which includes many CNI sectors, has been heavily impacted by ransomware, accounting for nearly a quarter of global attacks.

Email attacks prove to be particularly effective, according to a report by OPSWAT, which polled 250 IT and security leaders of CNI firms. For instance, CNI organisations experienced 5.7 phishing incidents, 5.6 account compromises, and 4.4 instances of data leakage per year for every 1,000 employees. Yet still, more than half of the respondents assumed that email messages and attachments were safe by default.

Why Cybercriminals Target Emails

Emails are a straightforward way for attackers to deliver phishing scams, malicious links, and harmful attachments. Once opened, these can give hackers access to critical systems. More than 80% of CNI organisations believe that email threats will increase or stay the same over the next year, with phishing, data theft, and zero-day malware attacks being the most likely.

As operational technology (OT) and IT systems become more connected, the risk grows. The report warns that fewer OT networks are isolated from the internet today. This interconnection means a single email attack could spread from IT to OT systems, causing further damage and enabling attackers to launch new attacks from within the network.

UK Steps up Data Center Security End

Data centres have just been designated by the UK government as critical national infrastructure, thus putting them in a category qualifying for further protection from growing cyber threats. This is the first new CNI designation since 2015. The measure aims to enhance the security of these critical facilities that guarantee the running of all services across the country pretty slickly.

This change also means that data centres will receive more government support in the event of cyber incidents, including access to the National Cyber Security Centre and emergency services when necessary. However, the increased designation also comes with tighter regulations, including the need for physical security measures, audits, and updated contingency plans.

Despite the serious threat email attacks pose, most CNI companies struggle with compliance. As revealed in the OPSWAT report, 65% of leaders admit that their organisations do not meet regulatory standards. However, for EMEA companies, this number goes down to 28%. Poor compliance leaves these organisations more vulnerable to attack.

Recent data shows that cyber attacks on CNI organisations are on the rise. The NCC Group’s latest Threat Pulse found that in July alone, 34% of ransomware attacks targeted CNI, up from 32% in June. Experts suggest that cybercriminals may now feel less concerned about consequences from law enforcement. Initially, ransomware groups avoided high-profile targets like hospitals to avoid severe crackdowns. However, recent attacks on CNI suggest they are no longer holding back.

Legacy Technology: The Soft Underbelly 

One of the biggest issues facing CNI companies is their reliance on outdated technology. The National Cyber Security Centre’s 2023 Annual Review noted that many critical infrastructure organisations still use legacy systems that are not regularly updated, making them easy targets for cyber attacks. These systems are often decades old and lack basic security features, making it easier for attackers to exploit them. A Microsoft report from May supported these findings, showing that security measures for OT systems are often inadequate, making attacks on water and other key infrastructure systems both attractive and easy for hackers. As cyber threats continue to rise, the need for CNI companies to update their technology and strengthen their security protocols becomes increasingly urgent. 

As email attacks continue to plague critical infrastructure organisations, it’s clear that a stronger approach to email security is needed. OPSWAT’s report stresses the importance of prevention, urging CNI companies to prioritise email security measures to protect their networks. With cybercriminals targeting these vital systems more than ever before, improving defences against email-borne threats is essential for ensuring the security and stability of national infrastructure.

CNI companies are facing a growing threat from email-based cyber attacks. As technology develops and attackers become more sophisticated, it’s crucial for organisations to update their security measures and comply with regulations to safeguard their operations. Email remains a key entry point for cybercriminals, and without the necessary precautions, the consequences could be severe.



Read more »
Security Breach
Cyber Attacks Gas Industry Oil Firm SEC Security Breach

Oil Giant Halliburton Hit by Cyberattack, Certain Systems Affected

 

On Friday, oil firm Halliburton revealed further details to regulators regarding a recent attack that forced the shutdown of critical systems. The company told news outlets that it was struck by a cyberattack on Wednesday, which disrupted operations at its Houston headquarters. 

In an 8-K filing filed Thursday with the Securities and Exchange Commission (SEC), the firm stated that attackers "gained access to certain of its systems." The firm is currently investigating the matter with the assistance of contractors. 

“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality,” Halliburton vice president Charles Geer noted in the report. 

Geer also stated that they are in contact with users and other stakeholders as they try "to identify any effects of the incident." According to Reuters, following the cyberattack, some employees were instructed not to access the company's internal network. No group claimed responsibility for the incident as of Friday afternoon. 

Halliburton, known for its controversial role in the Iraq War, is one of the world's major oil field service businesses, with almost 48,000 employees. The firm generated $5.8 billion in revenue in the first quarter of 2024. Businesses in the oil and gas industry continue to be targeted by hackers and ransomware gangs because they have a history for paying ransoms. 

While no cases have been confirmed, ransomware gangs have discovered at least five oil and gas businesses on their leak sites since June. For the past three years, oil and gas firms have been impacted by a number of cyber incidents, however the attacks on Colonial Pipeline and Shell have garnered the most media attention. 

It has become a major issue that G7 members in June have "committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world." 

In May, the Transportation Security Administration (TSA) updated cybersecurity standards for operators of potentially dangerous liquid and natural gas pipelines, as well as liquefied natural gas installations. 

The regulations, which have been in place since the Colonial Pipeline attack, require operators to confirm to TSA that they have implemented a variety of cybersecurity policies, including an incident response plan, the establishment of a cybersecurity coordinator position, vulnerability inspections, network segmentation, and more.
Read more »
VPN security
CISA Cyber Attacks Ivanti Ivanti security flaws Ivanti VPN Exploitation Security Breach VPN VPN security

Lessons from the Ivanti VPN Cyberattack: Security Breaches and Mitigation Strategies

 

The recent cyberattack on Ivanti’s VPN software has prompted swift action from the Cybersecurity and Infrastructure Security Agency (CISA). This incident not only highlights the need for stronger cybersecurity measures but also raises important questions about exploit techniques, organizational responses to security breaches, and the escalating costs associated with downtime. 

The vulnerabilities in Ivanti’s VPN gateway allowed threat actors to bypass authentication and gain unauthorized access. Attackers could send maliciously crafted packets to infiltrate the system without needing to steal credentials, giving them access to user credentials, including domain administrator credentials. A second vulnerability enabled the injection of malicious code into the Ivanti appliance, allowing attackers to maintain persistent access, even after reboots or patches. Security researchers, including Mandiant, identified that Ivanti’s initial mitigations were insufficient. 

CISA warned that Ivanti’s interim containment measures were not adequate to detect compromises, leaving systems vulnerable to persistent threats. This uncertainty about the effectiveness of proposed mitigations necessitated CISA’s prompt intervention. The ability of attackers to gain persistent access to a VPN gateway poses significant risks. From this trusted position, attackers can move laterally within the network, accessing critical credentials and data. The compromise of the VPN allowed attackers to take over stored privileged administrative account credentials, a much more severe threat than the initial breach. In response to the breach, CISA advised organizations to assume that critical credentials had been stolen. 

Ivanti’s failure to detect the compromise allowed attackers to operate within a trusted zone, bypassing zero-trust principles and exposing sensitive data to heightened risks. The severity of the vulnerabilities led CISA to take the unusual step of taking two of Ivanti’s systems offline, a decision made to protect the most sensitive credentials. Despite later clarifications from Ivanti that patches could have been applied more discreetly, the miscommunications highlight the importance of clear, open channels during a crisis. Mixed messages can lead to unnecessary chaos and confusion. System-level downtime is costly, both in terms of IT resources required for shutdown and recovery and the losses incurred from service outages. 

The exact cost of Ivanti’s downtime remains uncertain, but for mission-critical systems, such interruptions are extremely expensive. This incident serves as a warning about the costs of addressing the aftermath of a cyberattack. CISA’s decision to shut down the systems was based on the potential blast radius of the attack. The trusted position of the VPN gateway and the ability to export stored credentials made lateral movement easier for attackers. 

Building systems based on the principle of least privilege can help minimize the blast radius of attacks, reducing the need for broad shutdowns. The Ivanti VPN cyberattack underscores the pressing need for robust cybersecurity measures. Organizations must adopt proactive infrastructure design and response strategies to mitigate risks and protect critical assets. Reducing the number of high-value targets in IT infrastructure is crucial. Privileged account credentials and stored keys are among the highest value targets, and IT leaders should prioritize strategies and technologies that minimize or eliminate such targets. 
Read more »
Vulnerabilities and Exploits
CVE-2024-29510 Cybersecurity Ghostscript flaw Ghostscript security Ghostscript vulnerability infosec PDF interpreter security Remote Code Execution Security Breach Vulnerabilities and Exploits

New Ghostscript Vulnerability Alarms Experts as Major Breach Threat

 

The information security community is buzzing with discussions about a vulnerability in Ghostscript, which some experts believe could lead to significant breaches in the coming months.

Ghostscript, a Postscript and Adobe PDF interpreter, allows users on various platforms including *nix, Windows, macOS, and several embedded operating systems to view, print, and convert PDFs and image files. It is commonly installed by default in many distributions and is also utilized by other packages for printing or conversion tasks.

This vulnerability, identified as CVE-2024-29510 and given a CVSS score of 5.5 (medium) by Tenable, was first reported to the Ghostscript team in March and was addressed in the April release of version 10.03.1. However, the researcher's blog post that uncovered this flaw has recently sparked widespread interest.

Thomas Rinsma, the lead security analyst at Codean Labs in the Netherlands, discovered a method to achieve remote code execution (RCE) on systems running Ghostscript by bypassing the -dSAFER sandbox. Rinsma highlighted the potential impact on web applications and services that use Ghostscript for document conversion and preview functionalities.

Ghostscript's extensive use in various applications, such as cloud storage preview images, chat programs, PDF conversion, printing, and optical character recognition (OCR) workflows, underscores its importance. Stephen Robinson, a senior threat intelligence analyst at WithSecure, noted that Ghostscript's integral role in many solutions often goes unnoticed.

To enhance security, the Ghostscript development team has implemented increasingly robust sandboxing capabilities, with the -dSAFER sandbox enabled by default to prevent dangerous operations like command execution. Detailed technical information and a proof of concept (PoC) exploit for Linux (x86-64) can be found on the researcher's blog. The PoC demonstrates the ability to read and write files arbitrarily and achieve RCE on affected systems.

Rinsma confirmed that the PoC may not work universally due to assumptions about stack and structure offsets that vary by system. The PoC, shared by Codean Labs, is an EPS file, and any image conversion service or workflow compatible with EPS could be exploited for RCE, according to Robinson.

Tenable's assessment of the CVE as a local vulnerability requiring user interaction has been questioned by experts like Bob Rudis, VP of data science at GreyNoise. Rudis and others believe that no user interaction is needed for the exploit to succeed, which could mean the severity score is underestimated.

Accurate severity assessments are crucial for the infosec industry, as they guide organizations on the urgency of applying patches and mitigations. The delayed recognition of this vulnerability's severity highlights the importance of precise evaluations.

Rudis expects several notifications from organizations about breaches related to this vulnerability in the next six months. Bill Mill, a full-stack developer at ReadMe, reported seeing attacks in the wild and emphasized the need for organizations to prioritize applying patches.

This is the second notable RCE vulnerability in Ghostscript within 12 months. Last July, CVE-2023-36664, rated 9.8 on the severity scale, made headlines after Kroll's investigation. Ghostscript's widespread use in modern software, including 131 packages in Debian 12 and applications like LibreOffice, underscores the critical need for security measures.


Read more »
Technology
Artifcial Intelligence ChatGPT OpenAI Security Breach Technology

Breaking the Silence: The OpenAI Security Breach Unveiled

Breaking the Silence: The OpenAI Security Breach Unveiled

In April 2023, OpenAI, a leading artificial intelligence research organization, faced a significant security breach. A hacker gained unauthorized access to the company’s internal messaging system, raising concerns about data security, transparency, and the protection of intellectual property. 

In this blog, we delve into the incident, its implications, and the steps taken by OpenAI to prevent such breaches in the future.

The OpenAI Breach

The breach targeted an online forum where OpenAI employees discussed upcoming technologies, including features for the popular chatbot. While the actual GPT code and user data remained secure, the hacker obtained sensitive information related to AI designs and research. 

While Open AI shared the information with its staff and board members last year, it did not tell the public or the FBI about the breach, stating that doing so was unnecessary because no user data was stolen. 

OpenAI does not regard the attack as a national security issue and believes the attacker was a single individual with no links to foreign powers. OpenAI’s decision not to disclose the breach publicly sparked debate within the tech community.

Breach Impact

Leopold Aschenbrenner, a former OpenAI employee, had expressed worries about the company's security infrastructure and warned that its systems could be accessible to hostile intelligence services such as China. The company abruptly fired Aschenbrenner, although OpenAI spokesperson Liz Bourgeois told the New York Times that his dismissal had nothing to do with the document.

Similar Attacks and Open AI’s Response

This is not the first time OpenAI has had a security lapse. Since its launch in November 2022, ChatGPT has been continuously attacked by malicious actors, frequently resulting in data leaks. A separate attack exposed user names and passwords in February of this year. 

In March of last year, OpenAI had to take ChatGPT completely down to fix a fault that exposed customers' payment information to other active users, including their first and last names, email IDs, payment addresses, credit card info, and the last four digits of their card number. 

Last December, security experts found that they could convince ChatGPT to release pieces of its training data by prompting the system to endlessly repeat the word "poem."

OpenAI has taken steps to enhance security since then, including additional safety measures and a Safety and Security Committee.

Read more »
Source Code leak
Apple data breach AppleConnect SSO AppleMacroPlugin dark web post Data Breach IntelBroker internal tools Security Breach Source Code leak

Infamous Hacker IntelBroker Breaches Apple's Security, Leaks Internal Tool Source Code

 

A prominent threat actor known as IntelBroker, notorious for orchestrating several high-profile data breaches, has now set its sights on Apple.

The hacker successfully leaked the company’s source code associated with several internal tools, announcing this development through a post on the dark web.

According to reports from IntelBroker, the iPhone maker experienced a significant security breach, leading to this exposure. The threat actor claims to have obtained the source code for various internal tools, including AppleConnect SSO and AppleMacroPlugin.

While details about these tools are scarce, it is known that AppleConnect SSO is a system used for authentication, allowing employees to access specific applications within the network.

These systems are integrated with the company's database, providing a secure form of access to its resources.Within iOS, apps launched by employees can use AppleConnect SSO for login purposes, where users set up patterns instead of passcodes for easier access.

The threat actor has not provided further details, but it is speculated that this data might be for sale, although this remains unconfirmed. Importantly, such breaches are localized internally and do not affect the company’s customer data.

A source familiar with these matters noted that dark web forums have strong vetting processes to filter out scammers attempting to sell leaked content. However, IntelBroker has managed to navigate these processes and has a reputation for successfully doing so.

This group has a history of hacking attempts, including attacks on American governmental institutions and websites, demonstrating its capabilities. Apple has yet to release a statement regarding this breach and the theft of its source code.
Read more »
Truist Bank
Data Breach financial risks Security Breach Sensitive data Truist Bank

Truist Bank Confirms Data Breach After Information Surfaces on Hacking Forum


 

Truist Bank, one of the largest commercial banks in the United States, has confirmed a cybersecurity breach after stolen data appeared for sale on a hacking forum. The breach, which occurred in October 2023, was brought to light when a threat actor, identified as Sp1d3r, posted the bank’s data online.

Details of the Breach

Headquartered in Charlotte, North Carolina, Truist Bank was formed in December 2019 through the merger of SunTrust Banks and BB&T (Branch Banking and Trust Company). The bank, now with total assets of $535 billion, offers a variety of financial services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payment services.

The breach reportedly involves sensitive information from 65,000 employees, including bank transactions with names, account numbers, balances, and the source code for Truist’s Interactive Voice Response (IVR) system. Sp1d3r is attempting to sell this data for $1 million, according to DarkTower intelligence analyst James Hub, who first spotted the listing.

In a statement, a Truist Bank spokesperson confirmed the October 2023 cybersecurity incident and emphasised that it was swiftly contained. The bank worked with external security consultants to investigate the breach, enhance security measures, and notify affected clients. Initially, only a small number of clients were informed, but additional clients have been notified as the investigation continues to uncover new information.

The spokesperson clarified that this incident is not connected to the ongoing Snowflake attacks, stating, "We have found no evidence of a Snowflake incident at our company." They also noted that Truist Bank regularly collaborates with law enforcement and cybersecurity experts to safeguard its systems and data. To date, there have been no indications of fraud resulting from this breach.


Other Breaches Linked to Sp1d3r

Sp1d3r is also selling data stolen from the cybersecurity firm Cylance for $750,000. This data reportedly includes 34 million customer and employee emails, along with personally identifiable information. Cylance confirmed that the stolen data is from 2015-2018 and was taken from a third-party platform.

In another incident, Sp1d3r had previously listed 3TB of data stolen from Advance Auto Parts, a provider of automotive aftermarket parts, on the same hacking forum. This data was reportedly taken from Advance’s Snowflake account.

The confirmation of Truist Bank’s data breach highlights the persistent threat of cyberattacks on major financial institutions. Truist Bank remains committed to securing its systems and protecting client information as investigations continue. In the era of digitalisation it is highly imperative to stay three steps ahead of how technology is being leveraged towards attacking sensitive data and institutional information. 




Read more »
Security Breach
Bitcoin cryptocurrency Cyber Security Elliptic Security Breach

Bitcoin Heist Hits Japanese Exchange DMM Bitcoin

 



In a security breach, Japanese cryptocurrency exchange DMM Bitcoin announced the theft of approximately 4,502.9 Bitcoin, valued at around 48.2 billion yen (approximately $304 million). The incident marks one of the largest cryptocurrency heists in recent history.

The breach was detected on May 31, 2024, at approximately 1:26 p.m. when DMM Bitcoin identified an unauthorised leak of Bitcoin from its wallets. The exchange immediately took steps to mitigate the leak and implement additional security measures to prevent further unauthorised access. The company is still investigating the full extent of the damage.

DMM Bitcoin has reassured its customers that their Bitcoin deposits will be fully guaranteed despite the breach. However, the exchange has implemented several temporary restrictions on its services to enhance security. These measures include the suspension of new account openings, the processing of cryptocurrency withdrawals, and the placing of new buy orders for spot trading. Only sell orders will be accepted for spot trading, and new open positions for leveraged trading are also suspended, with only settlement orders being processed.


Impact on Customers

The company has informed customers that existing limit orders for both spot and leveraged trading will remain unaffected. However, withdrawals of Japanese yen may experience delays. DMM Bitcoin has apologised for the inconvenience caused and assured customers that their assets are secure.


Response and Analysis

Cryptocurrency security firm Elliptic has reported that this heist ranks as the eighth-largest crypto theft of all time. It is the most significant since the $477 million hack suffered by FTX in November 2022. Elliptic has also confirmed the identification of the wallets involved in the DMM Bitcoin attack.


Ongoing Investigation

DMM Bitcoin continues to work on understanding the details of the attack and has not yet provided specific information about how the breach occurred. The company remains focused on ensuring the security of its platform and protecting customer assets.

The broader cryptocurrency community will be closely monitoring the developments of this case and the measures taken by DMM Bitcoin to prevent future incidents.


Read more »
Zero-Day Vulnerabilities
APT Group cyber intrusion forensic analysis Incident response Ivanti Connect Secure malware nation-state actor NERVE environment Security Breach Zero-Day Vulnerabilities

MITRE Links Recent Attack to China-Associated UNC5221

 

MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker's actions.

In April 2024, MITRE announced a breach in one of its research and prototyping networks. Following the discovery, MITRE's security team swiftly initiated an investigation, ejected the threat actor, and enlisted third-party forensics Incident Response teams for independent analysis alongside internal experts. It was revealed that a nation-state actor had infiltrated MITRE's systems in January 2024 by exploiting two Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887).

The intrusion was detected when MITRE noticed suspicious activity from a foreign nation-state threat actor targeting its Networked Experimentation, Research, and Virtualization Environment (NERVE), which is utilized for research and prototyping purposes. MITRE promptly took NERVE offline and commenced mitigation procedures. Although investigations are ongoing to ascertain the extent of compromised information, MITRE has informed relevant authorities and affected parties while endeavoring to restore alternative collaboration platforms.

Despite MITRE's adherence to industry best practices, vendor recommendations, and governmental directives to bolster its Ivanti system, oversight led to unauthorized access into its VMware infrastructure. However, MITRE emphasized that neither its core enterprise network nor its partners' systems were impacted by the breach.

MITRE researchers identified indicators of compromise associated with UNC5221, a China-linked APT group, coinciding with the security breach. The hackers gained initial access to NERVE on December 31, deploying the ROOTROT web shell on Internet-facing Ivanti appliances.

On January 4, 2024, the threat actors conducted reconnaissance within the NERVE environment, leveraging compromised Ivanti appliances to access vCenter and communicate with multiple ESXi hosts. Subsequently, the attackers utilized hijacked credentials to infiltrate accounts via RDP, accessing user bookmarks and file shares to probe the network and manipulate VMs, compromising the infrastructure.

Further malicious activities ensued, including deploying the BRICKSTORM backdoor and the BEEFLUSH web shell on January 7, 2024, facilitating persistent access and arbitrary command execution. The hackers maintained control through SSH manipulation and script execution, exploiting default VMware accounts and establishing communication with designated C2 domains.

Additional payloads, such as the WIREFIRE (aka GIFTEDVISITOR) web shell and the BUSHWALK web shell for data exfiltration, were deployed on the target infrastructure. Despite attempts at lateral movement between mid-February and mid-March, the threat actors failed to compromise other resources beyond NERVE.

MITRE concluded its update with malware analysis and Indicators of Compromise for the involved payloads, highlighting the adversary's persistent attempts to infiltrate and maintain control within the network.
Read more »
VPN
Bitcoin BTC Chivo Wallet Code Leak cryptocurrency Cyberattacks CyberCrime Cybersecurity El Salvador Privacy Security Breach Technical Breach VPN

Cryptocurrency Chaos: El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk

 


There was a security breach with El Salvador's state Bitcoin wallet, Chivo, after hackers from the group CiberInteligenciaSV leaked a part of its source code to a hacking forum. In the earlier leak of personal data belonging to nearly all of El Salvador's adults, the code from Chivo Wallet ATMs as well as VPN credentials had been exposed. According to the wallet administration, there has been no compromise with the security of the wallet's data. 

Chivo Wallet had several challenges since it was revealed that it would be the official Bitcoin storage tool after its launch, so this event has become another blight on the Chivo Wallet. President Nayib Bukele set Bitcoin (BTC) as legal tender in El Salvador in 2021 to make digital payments more convenient. However, security breaches and technical issues have made the adoption of Bitcoin (BTC) difficult. 

The Chivo Wallet has been criticized by consumers for its slow operation, app crashes, vulnerabilities to exploitation, and lack of official backing, despite its official backing. The Chivo Wallet company has responded to allegations that it was linked to a data breach in which over 5 million Salvadorans' personal information was allegedly exposed. 

In addition to full names, unique identifiers, dates of birth, addresses, phone numbers, emails, and photographs, all of this data was leaked. The data had been rumoured to be related to the KYC processes that the Salvadoran government required its citizens to complete before they could be offered incentives, such as $30 in Bitcoin at the wallet’s launch, by the Salvadoran government. 

On April 6, the hacker group CiberInteligenciaSV compromised 5.1 million Salvadoran data. Recently, the same hackers leaked the source code for Chivo Wallet and the VPN credentials for the ATM network. The Chuvo Bitcoin wallet, backed by the government, has caused controversy among peer-to-peer money enthusiasts and crypto punks alike for its custodial status. 

In a press release published on X (formerly Twitter) on April 24, the company commented on the matter, describing it as “fake news.” Furthermore, a group of individuals from the Salvadoran community who downloaded the wallet have released over 144 GB of data containing their personal information. Even though it was available for purchase on various channels since August, it was only leaked for download on April 5. 

This data includes a user's full name, unique identifier, date of birth, address, and a high-definition picture of their face, as well as their full name, unique identifier, and date of birth. Also included in this week's leaked information was the file Codigo.rar, which contained information on El Salvador's Chivo ATM network, including the code and VPN credentials for the network.

Government officials have yet to come out with a formal statement regarding either of the hacks that took place this month. As a result of the leak of the code and VPN details of the source, the Chivo wallet system is at risk of being compromised, making hackers able to gain access to users' accounts or control them unauthorizedly. 

The particularity of the data exposed previously affects almost the entire adult population of El Salvador, which makes them fear identity theft and fraud as a result of the exposure of personal data previously exposed. In light of these breaches, security experts advise users to be vigilant and to monitor their accounts for any suspicious behaviour if they see anything strange. 

El Salvador is a country where incompetence is prevalent and there is a good chance that this will have a significant impact on the financial ecosystem as well, as trust in the government's digital solutions might wane as a result. In the beginning, the Chivo software was plagued with numerous software bugs and technical glitches as users reported numerous problems with the software. 

Despite the President's promise to give them $30 for downloading the Chivo wallet, some people were not able to withdraw money from Chivo because some had trouble getting it. The Salvadoran government announced last year that over 100 ATMs across the country will be equipped with lightning network technology in Q4 2024. 

Over 100 ATMs across the country will be equipped with this technology. In theory, this technology could allow Salvadorians to withdraw and deposit Bitcoins in an easier and faster manner with a lower fee. It was reported in October by a Salvadoran newspaper that only about 2% of the Salvadoran population was making remittance payments through the wallet, which had been its main selling point for a long time. 

It has yet to be decided whether or not the Salvadoran government will declare a policy on this issue or formally address the issue. The state of El Salvador has become the first in the world to adopt Bitcoin as a legal tender in 2021, promoting the Chivo wallet as one of the official mediums used to engage with Bitcoin by its citizens. 

The fact that these security issues exist in addition to the absence of communication from the authorities leaves the Salvadorans with an uncomfortable sense of uncertainty as to whether or not their personal information is safe and if this digital wallet offered by the state is reliable.
Read more »
Security Breach
Avast Cyber Attacks DLL hijacking eScan GuptiMiner malware Hackers HTTP Malware Attack North Korea Hackers Security Breach

The GuptiMiner Attack: Lessons Learned from a Five-Year Security Breach

 

In a startling revelation, security researchers from Avast have uncovered a sophisticated cyberattack that exploited vulnerabilities in the update mechanism of eScan, an antivirus service, for a staggering five years. The attack, orchestrated by unknown hackers potentially linked to the North Korean government, highlights critical flaws in cybersecurity infrastructure and serves as a cautionary tale for both consumers and industry professionals. 

The modus operandi of the attackers involved leveraging the inherent insecurity of HTTP protocol, enabling them to execute man-in-the-middle (MitM) attacks. By intercepting the update packages sent by eScan's servers, the perpetrators clandestinely replaced genuine updates with corrupted ones containing a nefarious payload known as GuptiMiner. This insidious malware facilitated unauthorized access and control over infected systems, posing significant risks to end users' privacy and security. 

What makes this breach particularly alarming is its longevity and the level of sophistication exhibited by the attackers. Despite efforts by Avast researchers to ascertain the precise method of interception, the exact mechanisms remain elusive. However, suspicions linger that compromised networks may have facilitated the redirection of traffic to malicious intermediaries, underscoring the need for heightened vigilance and robust cybersecurity measures. 

Furthermore, the attackers employed a myriad of obfuscation techniques to evade detection, including DLL hijacking and manipulation of domain name system (DNS) servers. These tactics, coupled with the deployment of multiple backdoors and the inclusion of cryptocurrency mining software, demonstrate a calculated strategy to maximize the impact and stealth of their operations. 

The implications of the GuptiMiner attack extend beyond the immediate scope of eScan's compromised infrastructure. It serves as a stark reminder of the pervasive threat posed by cyber adversaries and the imperative for proactive defense strategies. Moreover, it underscores the critical importance of adopting industry best practices such as delivering updates over secure HTTPS connections and enforcing digital signing to thwart tampering attempts. 

For users of eScan and other potentially affected systems, vigilance is paramount. Avast's detailed post provides essential information for identifying and mitigating the threat, while reputable antivirus scanners are likely to detect the infection. Additionally, organizations must conduct thorough security assessments and implement robust cybersecurity protocols to safeguard against similar exploits in the future. 
 
Ultimately, the GuptiMiner attack serves as a wake-up call for the cybersecurity community, highlighting the pressing need for continuous innovation and collaboration in the fight against evolving threats. By learning from this incident and implementing proactive measures, we can bolster our defenses and mitigate the risk of future breaches. Together, we can strive towards a safer and more resilient digital ecosystem.
Read more »
Vulnerabilities and Exploits
CISA cyber threat DLL hijacking North Korea North Korea Hackers Security Breach Vulnerabilities and Exploits

Navigating the Complex Landscape of Cyber Threats: Insights from the Sisense Breach and North Korean Tactics

 

In the intricate tapestry of cybersecurity, recent events have thrust vulnerabilities and threats into the spotlight once again. The breach of data analytics powerhouse Sisense, coupled with the emergence of novel sub-techniques utilized by North Korean threat actors, underscores the dynamic and relentless nature of cyber warfare. Let's delve deeper into these incidents and glean valuable insights for bolstering our defenses against evolving cyber threats. 

Sisense, a formidable player in the realm of business intelligence software, recently found itself ensnared in a security breach that rippled through critical infrastructure organizations. With offices sprawled across strategic locations such as New York City, London, and Tel Aviv, and a prestigious clientele including Nasdaq, ZoomInfo, Verizon, and Air Canada, Sisense's allure to cyber adversaries is palpable. 

The breach, currently under scrutiny by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the precarious balance between innovation and security in today's digital landscape. At the heart of the Sisense breach lie two sub-techniques that have become favoured tools in the arsenal of North Korean threat actors. The first involves the manipulation of Transparency, Consent, and Control (TCC), a foundational security protocol governing application permissions on Apple's macOS. 

Despite the robustness of security measures such as Full Disk Access (FDA) and System Integrity Protection (SIP), attackers have exhibited a remarkable ability to circumvent these controls, gaining unfettered access to macOS environments. This tactic underscores the imperative of continuous monitoring and adaptive security strategies to thwart the nefarious designs of cyber adversaries. 

The second sub-technique, colloquially known as "phantom" Dynamic Link Library (DLL) hijacking, sets its sights on Windows environments, leveraging nonexistent DLL files referenced by the operating system. By capitalizing on this loophole, threat actors such as the Lazarus Group and APT 41 can inject malicious code undetected, posing a grave threat to system integrity. 

The clandestine nature of this tactic exemplifies the ingenuity and adaptability of cyber adversaries in navigating the labyrinthine landscape of cybersecurity defenses. Mitigating these sophisticated threats necessitates a multifaceted approach that encompasses both technical fortifications and user awareness initiatives. For macOS users, safeguarding the integrity of System Integrity Protection (SIP) and exercising caution with app permissions are imperative steps in mitigating the risk of TCC manipulation. 

In Windows environments, proactive monitoring, robust application controls, and preemptive measures to block remote DLL loading are indispensable in thwarting phantom DLL attacks. Moreover, fostering a culture of collaboration and information sharing between industry stakeholders and government agencies is paramount in confronting the ever-evolving threat landscape. 

By pooling resources, sharing threat intelligence, and adopting a unified front against cyber adversaries, organizations can amplify their collective resilience and fortify their defenses against emerging threats. 

In conclusion, the Sisense breach and the intricate tactics employed by North Korean threat actors serve as poignant reminders of the relentless onslaught of cyber threats. By remaining vigilant, proactive, and collaborative, organizations can navigate the turbulent waters of cybersecurity with resilience and fortitude, safeguarding their digital assets and preserving the integrity of our interconnected world.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberattacks CyberCrime Cybersecurity Cyberthreats Security Breach Software update UAE Vulnerabilities and Exploits

Security Advisory: Protecting Mobile Devices for UAE Residents

 


In a security update released by Microsoft on Thursday, 61 high-risk vulnerabilities, including critical ones, were addressed. The cyber threat actor may be able to exploit some of these vulnerabilities to gain control of a computer that has been affected. To prevent the breach or leak of information or personal data, UAE Cyber Security Wednesday advised users to implement Microsoft updates. 

The UAE authorities have emphasized the importance of heightened awareness of the vulnerability of their devices and the need for proactive measures to combat it. As the digital world is increasing, it has become increasingly important to secure users' mobile devices to ensure that they are protected against potential risks.

By taking proactive steps, residents can mitigate these threats and protect their data. The Cyber Security Council has provided a real-life example to educate residents regarding the dangers posed by online disrupters. A report issued by the UAE Cyber Security Council and CPX Holding jointly published in 2024 on UAE's cybersecurity highlights a worrying reality. 

There are currently 155,000 cyber assets in the UAE that are vulnerable, with over 40 per cent of them over the age of five. In light of the escalating cyber threats, including sophisticated attacks such as ransomware, the need for advanced cybersecurity measures is urgent, particularly now that the nation has faced an increase in cyberattacks. 

In general, software updates are not thought to be solely relevant to smartphones. However, they play an important role in ensuring security across all types of devices and applications - computers, tablets, smart appliances and even wearables - as well as ensuring security and protecting the user's data. It is imperative to keep devices up to date to ensure security and safeguard them, particularly when they are intertwined with a variety of aspects of life for users.

Users who prefer to update their devices and apps via Wi-Fi might want to set a reminder for when they need to update their apps so they don't have to consume their data plan while doing so. Tips for making updating software a more secure decision: 

To ensure that the data is protected, it is important to periodically update your device's operating system and applications. Ensure that you are up-to-date on software updates from the appropriate source to avoid cyber attacks. Back up important files to prevent losing updates. Ensure that automatic updates are enabled on the device so that manual intervention is minimized. It is important to consider updates for all devices, including smartphones, laptops, wearables, and tablets, when updating software and apps.
Read more »
sensitive files
confidential documents Data Breach Data protection data security European Union Europol Investigation Law Enforcement Personal Information Security Breach sensitive files

Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

 

A significant security breach has impacted the European Union's law enforcement agency, Europol, according to a report by Politico. Last summer, a collection of highly confidential documents containing personal information about prominent Europol figures vanished under mysterious circumstances.

The missing files, which included sensitive data concerning top law enforcement officials such as Europol Executive Director Catherine De Bolle, were stored securely at Europol's headquarters in The Hague. An ongoing investigation was launched by European authorities following the discovery of the breach.

An internal communication dated September 18, revealed that Europol's management was alerted to the disappearance of personal paper files belonging to several staff members on September 6, 2023. Subsequent checks uncovered additional missing files, prompting serious concerns regarding data security and privacy.

Europol took immediate steps to notify the individuals affected by the breach, as well as the European Data Protection Supervisor (EDPS). The incident poses significant risks not only to the individuals whose information was compromised but also to the agency's operations and ongoing investigations.

Adding to the gravity of the situation, Politico's report highlighted the unsettling discovery of some of the missing files by a member of the public in a public location in The Hague. However, key details surrounding the duration of the files' absence and the cause of the breach remain unclear.

Among the missing files were those belonging to Europol's top executives, including Catherine De Bolle and three deputy directors. These files contained a wealth of sensitive information, including human resources data.

In response to the breach, Europol took action against the agency's head of Human Resources, Massimiliano Bettin, placing him on administrative leave. Politico suggests that internal conflicts within the agency may have motivated the breach, speculating on potential motives for targeting Bettin specifically.

The security breach at Europol raises serious concerns about data protection and organizational security measures within the agency, prompting an urgent need for further investigation and safeguards to prevent future incidents.
Read more »
Security Breach
Cyber Security Fujitsu Japan malware ProjectWEB Tool Security Breach

Is Your Data Safe? Fujitsu Discovers Breach, Customers Warned

 


Fujitsu, a leading Japanese technology company, recently faced a grave cybersecurity breach when it discovered malware on some of its computer systems, potentially leading to the theft of customer data. This incident raises concerns about the security of sensitive information stored by the company.

With a workforce of over 124,000 and an annual revenue of $23.9 billion, Fujitsu operates globally, providing a wide range of IT services and products, including servers, software, and telecommunications equipment. The company has a strong presence in over 100 countries and maintains crucial ties with the Japanese government, participating in various public sector projects and national security initiatives.

The cybersecurity incident was disclosed in a recent announcement on Fujitsu's news portal, revealing that the malware infection compromised several business computers, possibly allowing hackers to access and extract personal and customer-related information. In response, Fujitsu promptly isolated the affected systems and intensified monitoring of its other computers while continuing to investigate the source and extent of the breach.

Although Fujitsu has not received reports of customer data misuse, it has taken proactive measures by informing the Personal Information Protection Commission and preparing individual notifications for affected customers. The company's transparency and swift action aim to mitigate potential risks and restore trust among stakeholders.

This is not the first time Fujitsu has faced cybersecurity challenges. In May 2021, the company's ProjectWEB tool was exploited, resulting in the theft of email addresses and proprietary data from multiple Japanese government agencies. Subsequent investigations revealed vulnerabilities in ProjectWEB, leading to its discontinuation and replacement with a more secure information-sharing tool.

Fujitsu's response to the recent breach highlights the urgency of safeguarding sensitive data in these circumstances. The company's commitment to addressing the issue and protecting customer information is crucial in maintaining trust and credibility in the digital age.

As Fujitsu continues to investigate the incident, it remains essential for customers and stakeholders to remain careful and implement necessary precautions to mitigate potential risks. The company's efforts to enhance security measures and improve transparency are essential steps towards preventing future breaches and ensuring the integrity of its services and systems.


Read more »
Security Breach
CNIL cyber attack Cybercricme Cybersecurity CyberThreat Data Disaster Healthcare Breach Security Breach

Data Disaster: 33 Million French Citizens at Risk in Massive Leak

 


A massive security breach at two third-party healthcare payment servicers has exposed the information of nearly half of all French citizens by way of a major breach of personal information, the French data privacy watchdog revealed last week. As the National Commission on Informatics and Liberty (CNIL) warned in late January, the two leading payment processing outfits, Viamedis and Almerys, both suffered breaches of their systems, resulting in the theft of data belonging to more than 33 million customers from their systems. 

The information that has been compromised includes information such as the date of birth, marital status, social security number, and information about insurance coverage of customers and their families. According to the CNIL, the company did not compromise any banking information, medical records, or contact information. 

As a result of the sophisticated phishing attack that compromised the Almeras and Viamedis third-party payment portals late last month, both payment portals were affected as well. There was no further information provided on the causes of Almery's loss, but there is a high probability that it was a similar incident. 

As Viamedis reported, the attacks occurred within a matter of five days around the beginning of February. Hackers obtained login credentials for health professionals via phishing attacks and gained unauthorized access to the system as a result. 

Even though the exposed information does not include personal financial data, it is still sufficient to increase the likelihood of individuals being targeted by phishing scams, social engineering, identity theft, and insurance fraud as they are exposed to the information. 

According to CNIL, they will ensure Viamedis and Almerys inform impacted individuals personally and directly, to prevent them from falling victim to phishing scams in the aftermath of the attack in compliance with the General Data Protection Regulation (GDPR). In the meantime, Almerys clarified that the central system was not compromised, but the health professional portal had been infiltrated by hackers. 

As confirmed by CNIL, the compromised data includes sensitive information about the affected individuals, including their marriage status, date of birth, social security numbers, insurance details, and insurance coverage, among others. 

As the attackers accessed the two companies' systems in a targeted raid, they were using credentials stolen from healthcare professionals. Following the General Data Protection Regulation of the European Union, the CNIL is working with Viamedis and Almerys to reach out to all affected individuals. Due to the sheer number of customers involved, the process of completing the project will take some time since there are so many of them. 

The third-party payment system which allows patients to not pay for their medical services in advance will not be available for providers for some time as a result of this attack, but users will still be able to access the system. 

Since the massive amount of compromised data has now been in the wrong hands, the French data authority has issued an alert to beware of phishing attacks, and while a detailed investigation is ongoing to determine exactly how the massive breach happened and if Viamedis or Almerys is to blame, a new warning has been issued regarding phishing attacks.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberhacking Gaming Community Security Breach Vulnerabilities and Exploits

Playdapp's $31M Token Heist and Silent Reward Controversy

 

In a surprising and concerning turn of events, the gaming world faced a significant security breach as Playdapp, a prominent gaming platform, fell victim to a cyber intrusion. The breach resulted in a hacker successfully minting tokens with an estimated worth of $31 million. Adding an intriguing twist to the incident, the gaming platform has chosen an unconventional approach by offering a reward for silence, sparking debates over transparency and cybersecurity practices. 
 
Playdapp, known for its interactive and immersive gaming experiences, recently faced a severe security breach. A cyber intruder managed to exploit vulnerabilities within the platform, orchestrating a complex attack that allowed them to mint tokens valued at an astonishing $31 million. The scale and sophistication of the breach have raised concerns not only within the gaming community but also across the broader cybersecurity landscape. 
 
The hacker responsible for the Playdapp breach successfully capitalized on the compromised security, minting tokens that hold substantial monetary value. This financial windfall poses not only an immediate threat to the platform but also highlights the potential long-term repercussions for both Playdapp and its user base. Adding an unusual twist to the narrative, Playdapp has opted to issue a reward for silence regarding the breach. 

This decision has sparked controversy and ignited discussions about the ethical considerations surrounding such incentives. Critics argue that this approach may compromise transparency and hinder the dissemination of crucial information that could benefit the broader cybersecurity community. As Playdapp grapples with the aftermath of the breach, the incident sheds light on the vulnerabilities prevalent in online gaming platforms. 

The industry, already a lucrative target for cybercriminals due to the value associated with in-game assets, now faces heightened scrutiny regarding the robustness of its security measures. The breach serves as a stark reminder for gaming platforms and other online services to reevaluate and fortify their cybersecurity protocols. 

With a surge in cyber threats targeting the gaming community, the need for robust defense mechanisms and proactive security measures has never been more apparent. Playdapp's decision to offer a reward for silence introduces an ethical quandary. While the platform may argue that such incentives are intended to protect users and prevent panic, critics contend that transparency is paramount in building trust. Striking a balance between safeguarding sensitive information and providing users with the transparency they deserve becomes a pivotal challenge in the aftermath of such breaches.
Read more »
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
Subscribe to: Posts (Atom)