March Cyber Roundup

Hackers stole BTC worth 1.6 Million USD, exploiting a bug in General bytes ATMs →

A major security incident in the crypto field occurred between March 17-18th. Due to a vulnerability that was not caught before the event, unknown crypto hackers were able to drain 1.6 million USD (around 59 BTC) from Bitcoin ATMs owned by General Bytes - the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer. The hackers exploited a flaw uploading a dedicated java application through the master service interface used by terminals to upload videos, and gained access to funds in hot wallets and exchanges.

‍

Kovrr Insights: Cost of a Similar Incident

This kind of attack is not new to the cybersecurity landscape. Cybercriminals have been exploiting various vulnerabilities to steal large amounts of Bitcoin for over a decade. An interesting similar targeted hack attack found in Kovrr’s cyber incidents database - the attack on the Slovakian crypto exchange in September 2020, where the hackers (similar to how they acted in the aforementioned event) emptied several of the exchange’s hot wallets from about 5 Million USD. The attack also disabled all of the exchange activity for about 3 days, which probably added to its financial loss.

‍

‍

‍Ferrari admits they were victim of a ransomware attack that exposed customer data →

Italian sports car maker Ferrari claimed that a ransomware attack on the company exposed customer contact details, including names, addresses, email addresses, and phone numbers. Although Ferrari did not mention it in their statement, It is suggested that the “RansomEXX'' group is responsible for the attack, as the group claimed it had stolen and leaked 7 GB of data from the company last October. According to the Ferrari, the breach has not impacted its operational functions. In an earlier statement by the company, it said paying a ransom is against its policy.

‍

Kovrr Insights: Cyber Trends

Although not the most attacked industry in 2022, manufacturing took a respectable 12th place, as Kovrr’s cyber incidents database shows. In the first five places on the list of the number of attacks on various industries last year, we can find health care providers at the top, business support services right behind, and then government agencies, heavy construction and financial services. As an interesting statistic - the health care providers industry was attacked 270% more than the manufacturing industry last year.

‍

‍

‍

Chrome web malicious ChatGPT extension stole cookies thousands of Facebook accounts credentials →

A “Quick access to ChatGPT” malicious extension, was installed around 9,000 times before being taken down from the official Google Play app store. The extension, also advertised through sponsored Google search results, enabled the hackers access to the users’ Facebook cookies, and thus, to their account credentials. By changing the credentials, the hackers obtained exclusive control over thousands of accounts. According to evidence, it seems that the attackers were able to bypass the 2FA (Two-factor authentication) mechanism activated in the accounts.

‍

Kovrr Insights

This clearly shows several issues:

1. The fact that cybercriminal use global trends and popular websites for fraud-based malicious activities is not new. Many of the phishing, spear phishing and similar attacks could have been prevented if there had been more public awareness of these popular types of attacks. Unfortunately, the issue is not sufficiently present in public awareness and therefore attacks of this type are still among the most common, in addition to being relatively easy to carry out by not very sophisticated attackers.
2. The most popular and advanced way to secure accounts in social networks at the moment is by activating 2FA, which gives users an additional layer of protection against hacking their account. In this case, 2FA did not help prevent the hacks, which perhaps raises the thought that the invention of a more advanced security mechanism is needed. But until that happens, it is recommended not to install things that look suspicious, fake or from untrusted websites.

‍