Tag Archive for: Thefts

Mailchimp hack potentially leading to crypto wallet thefts

/in




AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Email marketing firm Mailchimp confirms that hackers used one of its own internal tools to access accounts of customers working in finance and cryptocurrency — and a follow-up attack could lead to crypto wallet draining.

In total, some 319 Mailchimp accounts were reportedly viewed, and data from 102 of them was downloaded. Among the affected users was the Trezor cryptocurrency app, which has since tweeted advice for its customers.

Trezor goes into further detail in a blog post which says the hacker or hackers gained access through targeting Mailchimp employees with a social engineering attack.

In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack “exceptional in its sophistication,” Trezor says the fake email directed users to download what was a “very realistic” clone of the Trezor Suite wallet app.

Users who downloaded this fake update and then entered their cryptocurrency seed information into the app, could lose funds.

According to Bleeping Computer, Mailchimp’s Chief Information Security officer Siobhan Smyth says the company has warned the affected users.

“On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” Smyth told the publication. “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

“We acted swiftly to address the situation,” continued Smyth, “by terminating access for the compromised employee accounts and took steps to…

Source…

Hackers With China Ties Linked to Global Password Thefts

/in


WASHINGTON – A U.S. cybersecurity firm says a hacking group possibly linked to China has breached nine global organizations including at least one in the United States.

The report by Palo Alto Networks of Santa Clara, California, said it found malicious actors were actively stealing passwords from target organizations with the goal of maintaining long-term access.

The report said from September 22 into early October, the hackers compromised at least nine entities in sectors such as technology, defense, health care, energy and education. None is unidentified in the report. One organization is in the United States.

Ryan Olson, vice president of threat intelligence at Palo Alto Networks, said that “any company doing business with the Pentagon could have a range of data in their emails about defense contracts that could be of interest to foreign spies.”

Nicholas Eftimiades, an assistant teaching professor at Penn State University and a former CIA intelligence officer, told VOA Mandarin the tactics used in these attacks are usually employed against foreign governments. In this case, the hacking group used the tactics against commercial interests on a global scale.

Eftimiades added that if these attacks had not been detected, the threat group would have gained access to thousands of companies and been able to conduct espionage from those companies.

The report was released on the Palo Alto Networks website on November 7. The Chinese Ministry of State Security did not respond to VOA’s request for comment.

Olson told CNN, which first reported the breach, that “in aggregate, access to that information can be really valuable,” adding, “even if it’s not classified information, even if it’s just information about how the business is doing.’

Palo Alto Networks said it detected two programs that were used, Godzilla and NGLite.

Both included instructions in Chinese “and are publicly available for download on GitHub,” said the firm’s report. GitHub is used by millions of developers and companies worldwide for many things including sharing computer code.

The cybersecurity firm added that the tactics used in the attacks appear similar to those used by Emissary Panda, a Chinese threat group that has been…

Source…

Cyber Security Today – More ransomware gangs now using DDoS attacks, more data thefts and an ADT technician admits spying on women

/in


More ransomware gangs now using DDoS attacks, more data thefts and an ADT technician admits spying on women

Welcome to Cyber Security Today. It’s Monday January 25th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:

There’s a new ransomware tactic going around: Launching distributed denial of service (DDoS) attacks against websites, then demanding organizations pay up to get decryption keys for scrambled data or the attack will continue. Denial of service attacks are like someone knocking on a door for hours. The door is a website. Too many knocks and the website crashes, and the organization has trouble doing business. Last fall the Bleeping Computer news service said two ransomware gangs started using this strategy. Now, it says, a third gang is doing it.

Organizations used to ignore ransomware attacks by restoring data from backups. Then gangs began stealing data in addition to encrypting it, as extra leverage: Pay for decryption keys to unscramble the data or you’ll be embarrassed by the release of the stolen data. The distributed denial of service attack is a variation of this threat.

Organizations should consider adding denial of service defences to their cybersecurity strategies. Typically these services blunt denial of service attacks by spreading the huge wave of knocks across the Internet.

Separately a security firm called Radware warned last week that other gangs continue to launch denial of service extortion attacks against websites and demand bitcoin to stop. These gangs don’t use ransomware. Their weapon is the denial of service attack alone.

Where do denial of service attacks come from? They come from huge numbers of internet-connected devices like computers that are unknowingly infected and chained together into a botnet that a crook can weaponize. Then the power of thousands or tens of thousands of devices are fired at a web site. Those devices usually get infected because they haven’t got the latest security updates installed, or they haven’t been configured right. Last week a security vendor called Netscout warned that Windows computers that haven’t properly secured their…

Source…

Joe Biden says China’s thefts of US technology have increased on Donald Trump’s watch – PolitiFact

/in

Joe Biden says China’s thefts of US technology have increased on Donald Trump’s watch  PolitiFact

Joe Biden has made attacking Donald Trump a key part of his 2020 campaign, arguing that Trump has squandered the achievements of the Barack Obama …

“china espionage” – read more