Blog Post
March 30, 2023
A major security incident in the crypto field occurred between March 17-18th. Due to a vulnerability that was not caught before the event, unknown crypto hackers were able to drain 1.6 million USD (around 59 BTC) from Bitcoin ATMs owned by General Bytes - the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer. The hackers exploited a flaw uploading a dedicated java application through the master service interface used by terminals to upload videos, and gained access to funds in hot wallets and exchanges.
This kind of attack is not new to the cybersecurity landscape. Cybercriminals have been exploiting various vulnerabilities to steal large amounts of Bitcoin for over a decade. An interesting similar targeted hack attack found in Kovrr’s cyber incidents database - the attack on the Slovakian crypto exchange in September 2020, where the hackers (similar to how they acted in the aforementioned event) emptied several of the exchange’s hot wallets from about 5 Million USD. The attack also disabled all of the exchange activity for about 3 days, which probably added to its financial loss.
Italian sports car maker Ferrari claimed that a ransomware attack on the company exposed customer contact details, including names, addresses, email addresses, and phone numbers. Although Ferrari did not mention it in their statement, It is suggested that the “RansomEXX'' group is responsible for the attack, as the group claimed it had stolen and leaked 7 GB of data from the company last October. According to the Ferrari, the breach has not impacted its operational functions. In an earlier statement by the company, it said paying a ransom is against its policy.
Although not the most attacked industry in 2022, manufacturing took a respectable 12th place, as Kovrr’s cyber incidents database shows. In the first five places on the list of the number of attacks on various industries last year, we can find health care providers at the top, business support services right behind, and then government agencies, heavy construction and financial services. As an interesting statistic - the health care providers industry was attacked 270% more than the manufacturing industry last year.
A “Quick access to ChatGPT” malicious extension, was installed around 9,000 times before being taken down from the official Google Play app store. The extension, also advertised through sponsored Google search results, enabled the hackers access to the users’ Facebook cookies, and thus, to their account credentials. By changing the credentials, the hackers obtained exclusive control over thousands of accounts. According to evidence, it seems that the attackers were able to bypass the 2FA (Two-factor authentication) mechanism activated in the accounts.
This clearly shows several issues: