Treasury sanctions Tornado Cash
The Office of Foreign Assets Control issued the sanctions against the popular virtual currency mixer. Tornado Cash combines various types of cryptocurrency assets in attempts to mask their origins. Researchers have found evidence of it being used to launder money for Lazarus Group and other threat actors. The Treasury reports it’s been used to launder over $7 billion in cryptocurrency since 2019, with $455 million tied to Lazarus, as well as the $600 million tied to the hack of the Ronin Bridge used by the game Axie Infinity. The Treasury also issued sanctions against the crypto mixer Blender.io back in May, which was also tied to North Korean threat actors.
Twilio confirms hack
The communications integration company confirmed that unauthorized actors gained access to customer data as of August 4th. This appears to be a result of social engineering, with several employees tricked into handing over login credentials. This used SMS phishing messages purportedly from the company’s IT department. The company was aware of these phishing messages and contacted carrier to stop the messages. But the threat actors rotated through carrier and hosting providers to continue the campaign. This indicates an operation that is “well-organized, sophisticated and methodical.” Twilio informed impacted customers directly. TechCrunch reports it learned of the same threat actor using a similar campaign against other companies. It’s not clear if these campaigns succeeded.
Chinese hacking group targets backdoors
Security researchers at Kaspersky report that a Chinese hacking group used six different backdoors to simultaneously attack more than a dozen organizations. Targets included government agencies in Belarus, Russia, Ukraine, and Afghanistan. The attackers used carefully crafted phishing emails to gain initial access, often referencing private internal company data. Once users clicked through the phishing emails, the attackers used an exploit to execute code and gain persistence. Based on technical indicators, Kaspersky researchers believe the hacking group TA428 orchestrated the campaign.
Zero-day used in Twitter data breach
The social network disclosed that it received a bug bounty report in January 2022 that if someone submitted an email or phone number to its systems, Twitter would disclose the associated account. Twitter fixed the bug soon after. Prior to its discovery, a malicious actor combined publicly scraped data with account contact information using this bug. This dataset appeared on dark web markets for sale for $30,000. Twitter realized someone took advantage of the zero-day prior to disclosure and notified impacted users.
Thanks to today’s episode sponsor, Edgescan
Deepfake cybercrime increasing
VMware released its annual Global Incident Threat Response Report, looking at the landscape of cybersecurity threats across its large client-base. Unsurprisingly, the report found that ransomware and business email compromise attacks showed a continued steady climb in frequency, representing a combined 70% of security incidents over the past twelve months. However cyberattacks using deepfake tools showed a 13% increase on the year, with 66% of respondents reporting at least one incident. VMware also noted that outside of direct cyberattacks, the FBI reported an increase in complaints of people using deepfakes and stolen identity information to apply for remote work positions. The report also found a surge in zero-day attacks, up 51% on the year.
Slack leaks hashed passwords
In a security bulletin, Slack advised that between April 17th and July 22nd this year, creating or revoking a shared invitation link for a workspace would include the sender’s hashed password in the invite. This password wasn’t visible and “required actively monitoring encrypted network traffic” to view. Slack also salted the passwords. Slack said it enforced password resets on impacted users, which it estimates to be 0.5% of Slack’s user base.
Edge makes the unfamiliar a little safer
Microsoft added a new enhanced security mode feature to its Edge browser. This disables just-in-time JavaScript compliation and applies OS-level protections like Hardware-enforced Stack Protection and Arbitrary code guard. Microsoft will automatically apply this enhanced security mode when visiting an unfamiliar site and adapt settings as pages are visited more frequently. Enterprise admins can choose to opt users in to even stricter security measures, with configurable allow and block lists for security features on specific sites.
Indonesia unblocks domains
Late last month, we covered that Indonesia blocked several websites for failure to register as an Electronic Systems Operator in the country, in compliance with new regulations going into effect in the country. As it stated when it initially blocked the services, Indonesia’s Communications Ministry reopened access to PayPal, Yahoo, and Valve after each registered. This registration obligates these platforms to comply with content moderation laws in the country, including removing content deemed illegal within 24-hours. Epic Games and EA’s Origin service remained blocked in the country.
(Engadget)