#AxisOfEasy 235: Cyberthreat Known As ‘Ice Phishing’ Targets Web3 And Decentralized Networks, Microsoft Warns


Weekly Axis Of Easy #235


Last Week’s Quote was “The small fringe minority of people who are on their way to Ottawa, who are holding unacceptable views that they are expressing, do not represent the views of Canadians,”… by Justin Trudeau. Our winner was John Greory, out of 21 interesting answers he was the quickest. Congratulations John!

This Week’s Quote: “It is not in the nature of politics that the best men should be elected. The best men do not want to govern their fellowmen.”… by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


 

In this issue:

  • A Short note from Mark Jeftovic
  • China uncovers details of Equation Group’s covert hacking tool 
  • Hackers steal $1.7M worth of NFTs from OpenSea users
  • Hacker group Anonymous declares “cyberwar” against Russia 
  • Cyberthreat known as ‘Ice Phishing’ targets Web3 and decentralized networks, Microsoft warns
  • Researchers at Google Project Zero claim Linux developers patch security holes faster than their competitors


Elsewhere online:

  • Chinese authorities are set to regulate artificial intelligence 
  • Twenty-five malicious JavaScript libraries were added and distributed through the official NPM package repository
  • Ghostbuster, the AWS security tool designed to protect against dangling elastic IP takeovers 
  • The Ukraine-Russia conflict poses profitable opportunities for cybercriminals
  • Industrial cyberattacks were spearheaded by ransomware trained on manufacturing firms

 

AoE where our Technology Correspondent Joann L Barnes and CEO Mark E. Jeftovic keep you on top of tech, privacy, security and censorship issues of our time

Mark here, wanted to take a moment to formally introduce Joann L. Barnes, a fellow Canadian who writes about privacy, cyber-security, technology and surveillance capitalism. She’s been writing the lion’s share of AoE since December and doing a great job, she deserves solo billing.

I’m still writing the odd item for AoE and in case you can’t tell from the acerbic wit and unbridled cynicism which ones are by me, we’ll be sure to let you know going forward.

Since I’m here I’ll mention a couple of late breaking items:

1) it feels like cryptos are decoupling from the major markets because the payment rails of the financial system are being weaponized by everybody against everybody else. See Hive Blockchain’s Executive Chairman Frank Holmes’ piece in Forbes (citing me, as it happens).

2) In a sign of things to come, (and in the future it won’t just be “over there”) the Moscow subway system ground to a halt after Google and Apple pulled the plug on their payment systems in Russia. This is the early innings of The Balkanization of Everything. I’m writing a piece up on that now over on Bombthrower.  Until then, 

Read: https://appleinsider.com/articles/22/02/25/apple-pay-unavailable-in-russia-after-us-and-eu-imposed-sanctions


Researchers at Google Project Zero claim Linux developers patch security holes faster than their competitors

Google’s Project Zero has found that Linux’s developers are faster than anyone else at fixing security bugs. Project Zero examined the fixed bugs reported between January 2019 and December 2021 and found that open-source programmers fixed Linux bugs in only 25 days. In addition, researchers found that Linux developers shortened the patching time from 32 days in 2019 to just 15 days in 2021.

According to Project Zero’s numbers, Linux’s competitors didn’t do well. Google, Apple, and Mozilla did much better than Microsoft and Oracle in Project Zero’s count, but none beat Linux patching speed.

In this regard, the Project Zero crew noted that the average time to fix security bugs is getting shorter each year. Chrome fixed 40 problems in 30 days. Firefox managed to patch eight security holes in 37.8 days. Apple’s Webkit programmers took 72 days to repair bugs.

Developers are given 90-days to fix security issues, and Project Zero reports that “everyone is fixing security bugs more quickly than they were before.” According to the researchers, the reason behind this change may be that vendors have adopted responsible disclosure policies, and they can now act swiftly in response to reports.

Read: https://www.zdnet.com/article/google-project-zero-finds-linux-developers-patch-security-holes-faster-than-anyone-else/


China uncovers details of Equation Group’s covert hacking tool

An advanced persistent threat (APT) with ties to the US National Security Agency (NSA) was found to have been creating a “top-tier” backdoor that has been used to target a variety of sectors located in 45 countries for over a decade.

Experts from Qi An Pangu lab —the Chinese research group behind the disclosure— discovered the Linux malware in 2013 “during an in-depth forensic investigation of a host in a key domestic department.” The backdoor was dubbed Bvp47 due to references to the string “Bvp” and the numerical value “0x47” used in its encryption algorithm.

Researchers reported that the backdoor contains a remote control feature, which is encrypted and requires the attacker’s private key – something they said they found in the Shadow Brokers leaks in 2016. The attacks have been attributed to Equation — an elite hacking group affiliated with the NSA.

Read: https://thehackernews.com/2022/02/chinese-experts-uncover-details-of.html?&web_view=true 


Hackers steal $1.7M worth of NFTs from OpenSea users

On Saturday, malicious actors targeted 17 OpenSea NFT users with phishing attacks, which led to the theft of virtual assets worth about $1.7 million. There were 254 tokens stolen throughout the attack, including tokens from Bored Ape Yacht Club and Decentraland, with the majority of these attempts occurring between 5 PM and 8 PM ET.

Copies of a copycat email, which appeared to come from OpenSea but redirected to a genuine-looking site, led users to sign up for a free upgrade, only to steal all of the NFTs.
By signing the transaction, an atomicMatch_ request would be sent to the attacker contract,” explained the researchers from Check Point. “From there, the atomicMatch_ would be forwarded to the OpenSea contract,” which led to the transfer of the NFTs from the victim to the attacker.

It’s still unclear the source of the attack, but the company noted that victims signed the malicious orders before OpenSea’s contract migration process that was ongoing that day.

Read: https://www.theverge.com/2022/2/20/22943228/opensea-phishing-hack-smart-contract-bug-stolen-nft 


Hacker group Anonymous declares “cyberwar” against Russia

As a result of the Russian invasion of Ukraine, Anonymous has declared a “cyberwar” against the government of Vladimir Putin.

Shortly after the Kremlin began military action on Thursday morning, the well-known hacking collective posted the news on its Twitter account. According to the message, Anonymous is officially engaged in a cyberwar against the Russian government. Soon after, the group claimed responsibility for taking down several Russian government websites, including the Kremlin and State Duma.

The group later revealed it had taken down the website of the Russian state-controlled international television network RT, tweeting that it was responding to the Kremlin’s invasion of Ukraine. The website of RT appears to be still down.

In a tweet posted earlier on Friday 25th, Anonymous expressed its conviction that sanctions against Putin will have no effect, stating that it will ramp up cyber-attacks against the Russian state. In its tweet, the hacking group encouraged countries that supported Ukraine to “sever all ties with Russia and expulse their ambassadors.

Read: https://www.infosecurity-magazine.com/news/anonymous-hacking-group-cyber-war/ 


Cyberthreat known as ‘Ice Phishing’ targets Web3 and decentralized networks, Microsoft warns

Microsoft warns about ice phishing attacks and growing risks in the Web3 ecosystem in its latest advisory. Researchers from Microsoft 365 Defender Research Team discovered new ways hackers can use to exploit cryptocurrency users so that they hand over their private cryptographic keys to commit unauthorized financial transactions.

According to Christian Seifert, principal research manager at Microsoft’s Security and Compliance department, the immutable and public blockchain enables complete transparency of attacks, allowing researchers to observe and analyze them after they happen. Seifert stated that this transparency “also allows for the financial impact of attacks to be analyzed, which is difficult in classic web2 phishing attempts.

To steal the keys, thieves could impersonate wallet software, install malware on victims’ computers, typosquat legitimate smart contract front ends, and mint rogue digital tokens for Airdrop scams. According to Microsoft, “ice phishing” is another famous way hackers access users’ cryptocurrency wallets. Instead of stealing a user’s private keys, this hacking technique involves tricking a user into “approving a transaction that delegated approval of user tokens to the attacker.”

An ice phishing attack used a compromised API key to drain $121 million in funds from BadgerDAO in early December 2021. An attacker deployed a worker script that periodically injected malicious code into the Badger application and inserted requests to transfer tokens to an address chosen by the attackers.

Microsoft recommends users periodically assess and revoke token allowances to mitigate these blockchain threats.

Read: https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html


Elsewhere online:


Chinese authorities are set to regulate artificial intelligence

Read: https://www.wired.com/story/china-regulate-ai-world-watching/


Twenty-five malicious JavaScript libraries were added and distributed through the official NPM package repository.

Read: https://thehackernews.com/2022/02/25-malicious-javascript-libraries.html?&web_view=true 


Ghostbuster, the AWS security tool designed to protect against dangling elastic IP takeovers

Read: https://portswigger.net/daily-swig/introducing-ghostbuster-aws-security-tool-protects-against-dangling-elastic-ip-takeovers


The Ukraine-Russia conflict poses profitable opportunities for cybercriminals

Read: https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict


Industrial cyberattacks were spearheaded by ransomware trained on manufacturing firms

Read: https://www.darkreading.com/attacks-breaches/ransomware-trained-on-manufacturing-firms-led-cyberattacks-in-industrial-sector 

 

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

 

 

 

One thought on “#AxisOfEasy 235: Cyberthreat Known As ‘Ice Phishing’ Targets Web3 And Decentralized Networks, Microsoft Warns

  1. Have heard that quote before, but couldn’t place it. gave up and dropped in the rabbit hole of googling it. Always learning something from the quotes, so even if we don’t get a particular one (especially when you ‘cheat’ and quote yourself | your ‘boss’ “Hi Joann”) we learn something and is part of the charm of these quotes, and the race to be first. (close but not there yet)

Leave a Reply

Your email address will not be published. Required fields are marked *