December 14, 2020
2093
0Utopia Digest: November News & Events
Are you afraid to miss interesting news from the world of internet technologies? Our team makes it easy to stay informed.
Today we’ve decided to gather all the most important news from November in one article to bring you the information you need.
2020 is almost over. It’s high time to notice Updated Cyber Crime Statistics For 2020.
Sandbox evasion
Positive Technologies experts analyzed 36 malware types that have been active over the past 10 years. They tracked changes in sandbox evasion methods and analysis and detection tools.
According to their results, about 25% of all malware included in the study was active in 2019-2020. At least 23 malicious groups worldwide used this malware for attacks, and in 69% of cases, it was for espionage.
In 2018-2019, the amount of malware that used sandbox evasion methods also increased. However, the reason is most likely that the number of studies of malware has increased in general.
Most often, techniques for sandbox evasion and detecting analysis tools are implemented in malware for remote access (56%) and loaders (14%). Among the most common ways to evade sandboxes, according to the experts, are sending WMI requests (25%) or other environment checks (33%), as well as checking the list of running processes (19%).
The most interesting news for all iOS fans! iOS 14 Has Been Hacked in 10 Seconds.
A billion in Bitcoin
On the night of the US presidential election, the cryptocurrency community noticed a huge transfer: someone emptied a Bitcoin wallet containing about a billion dollars.
The wallet was linked to the Silk Road darknet marketplace, which offered its users various illegal goods and services, ranging from drugs and malware to contract killings. The authorities closed the marketplace in 2013, and its head, Ross Ulbricht, was sentenced to a double life sentence, which he is now serving in the United States.
There was a lot of speculation about what happened to the money, but it turned out that law enforcement officers got their hands on a billion dollars. David Anderson, US attorney, said that despite the closure of the trading platform and Ulbricht’s conviction, the authorities still had a question about where the money went. Silk Road operators sent Bitcoin transactions through a special toggle service, making it extremely difficult to track the funds.
Using the help of specialists from the company Chainalysis, law enforcement agencies found that back in 2013, 54 transactions were made for a total of 70,411.46 Bitcoins, which were sent to two addresses. Since these transactions did not appear in Silk Road’s own database, it was assumed that someone had stolen the funds.
In April 2013, the main part of these funds – 69,471.082201 Bitcoins, was sent to the wallet, as mentioned above. It was designated in the papers as 1HQ3 (by the first characters of the address). This wallet eventually deposited 69,370.22491543 Bitcoins or about a billion US dollars.
In 2015, an unnamed hacker tried to liquidate some stolen funds through the BTC-e cryptocurrency exchange, which was eventually closed by the US authorities for money laundering. The US Internal Revenue Service and the Department of Justice believed that he simply stole the cryptocurrency from Silk Road.
In early November 2020, the same hacker, who appears in court documents as Individual X, was found by law enforcement, signed an agreement with the authorities, and gave them the entire contents of the 1HQ3 wallet.
Now the Department of Justice needs to prove that the withdrawn cryptocurrency was really connected with Silk Road and was subject to confiscation.
Malware of Google Play
Experts from the company NortonLifeLock (formerly Symantec) and IMDEA Software Institute published the results of an interesting study, the largest of its kind at the moment: they studied the channels through which malicious applications get to users’ devices.
Unfortunately, Google Play does not deal with the security issues of applications. Recently, a fake Uniswap clone was spotted on Google Play.
They were investigating the origin of applications on 12,000,000 Android devices for the period from June to September 2019. In total they analyzed more than 34,000 APK for 7,900,000 unique applications.
From 10 to 24% of the analyzed applications may be considered malicious or unwanted.
About 67.5% of malicious apps were taken by victims directly from Google Play. The second place with a large lag is occupied by alternative app stores, which account for only 10% of the installed malware.
All types of malware have been listed here. You can get acquainted with each of them to prevent any attack.
Let’s Encrypt issues
Let’s Encrypt developers have warned that in 2021, users of Android 7.1 devices and other older OS versions may experience serious problems with certificates and access to sites. The partnership between Let’s Encrypt and IdenTrust expires on September 1, 2021. This means that Let’s Encrypty will expire on September 1, 2021.
Let’s Encrypt has long had its own ISRG Root x1 certificate, so the change will not cause problems in most modern operating systems. However, this doesn’t apply to older versions of Android that haven’t been updated since 2016, as they don’t trust their own Let’s Encrypt root certificate. Unfortunately, the 34% of such devices using out-of-date Android versions generate up to 5% of all traffic, according to Let’s Encrypt engineers.
Let’s Encrypt developers advise users of older devices to prepare for possible problems in the fall and at least install the mobile version of Firefox (this browser has its own list of trusted root certificates). In theory, you can also install the necessary certificates manually.
Capcom leak
In early November, the Japanese Corporation Capcom suffered from a hacker attack, and the hack affected the game developer’s business operations, including the operation of the email system.
According to media reports, Capcom has become a victim of the Ragnar Locker cryptographer. In a ransom note, the hackers said they stole about 1 TB of files from Capcom’s corporate networks in Japan, the US, and Canada before starting encryption.
A few weeks later, Capcom admitted that hackers stole confidential corporate documents and information about customers and employees of the company. In total, about 350,000 people were affected.
Did you know that Hackers Attack UK Companies Every 45 Seconds? This seems impossible at first sight, but it’s true.
Cobalt Strike source code
Recently, GitHub has introduced a repository that includes the Cobalt Strike source codes. The file src/main/resources/about.html includes the main code of the Cobalt Strike version 4.0, that was released on December 5, 2019. Currently, the repository has more than 1200 forks, so the distribution of sources is significantly slowed down.
Cobalt Strike is a legitimate commercial tool created for pentesters and red team and focused on operation and post-operation. It is popular not only with hackers but also with various ART communities.
The cost of the full version of Cobalt Strike is $3,500 per installation. However, many attackers install it for free. To do this, they use old, pirated, and unregistered versions. Then these versions are used for various cyberattacks on users or the network as a whole.
In addition, this data leakage can cause many consequences because it takes away the protection and facilitates the way of changing or obtaining the main code for some cyber criminal goals.
Sales and phishing
Analysts at Check Point Research have noticed increased hacker activity over the past month. This is most likely due to restrictions due to the spread of coronavirus infection. After all, the annual online shopping on “Black Friday” and “Cyber Monday” broke all records this year. As it turned out, not only sellers and buyers were preparing for online shopping, but also scammers who developed new schemes for cyberattacks.
During the month (from October 8 to November 9), the number of phishing mailings increased several times. Previously, the so-called special offers were sent out about 121 times a week, but this time this figure increased to 243 cases.
The number of phishing mailings related to sales and special offers from stores also increased by 80%. Such emails contained the words “sale,” “% off ” and others related to profitable purchases.
In just two days (November 9 and 10), the number of phishing attacks with “special offers” was higher than in the first 7 days of October.
