Here is our cyber security news round-up of the week:
Major KuCoin cryptocurrency theft
Singapore-based cryptocurrency exchange KuCoin disclosed a major security incident: hackers breached its hot wallets and stole all the funds to the tune of around $150 million. Deposits and withdrawals have been temporarily suspended while the company is investigating the security incident. A statement published by the company reads:
“We detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8). According to the latest internal security audit report, part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings.”
"Hot wallet" refers to any cryptocurrency wallet that is connected to the internet, and for this reason, they are more exposed to cyber attacks. Hot wallets are used as temporary storage systems for assets that are currently being exchanged on the exchange.
"Cold storage" refers to any cryptocurrency wallet that is not connected to the internet, and for this reason, they are considered more secure. They usually don’t contain as many cryptocurrencies as do many of the hot wallets.
KuCoin discovered the security breach on 26 September when its staff noticed some large withdrawals from its hot wallets. The exchange immediately investigated the anomalous operations and discovered the cyber heist of Bitcoin assets, ERC-20-based tokens, along with other cryptocurrencies. The overall amount of funds stolen by the hackers is greater than $150 million, based on an Etherium address where the stolen funds were transferred.
Hungarian financial institutions and telecommunications hit by DDoS attack
A powerful distributed denial of service (DDoS) attack hit some Hungarian banking and telecommunication services, briefly disrupting them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and they revealed that the attack was very powerful – in fact, it's one of the biggest cyberattacks that ever hit Hungary. The volume of data traffic in the attack was 10 times higher than the amount usually seen in DDoS events, Reuters news agency reported. The attack was able to disrupt the services of some of the banks in the country causing temporary interruptions in Magyar Telekom’s services in certain parts of the capital, Budapest. The cyber attack was also confirmed by the Hungarian bank OTP Bank in a statement:
“There was a DDoS attack on telecom systems serving some of the banking services on Thursday.. We repelled the attempt together with Telekom that was also affected and the short disruption in some of our services ended by Thursday afternoon.”
Microsoft’s Bing mobile apps data leak
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.
The researchers found the unprotected server on 12 September, although the authentication is estimated to have been removed two days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on 13 September, and the information was given to Microsoft’s Security Response Centre, which acted to resolve the problem a few days later.
The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data include:
- Search terms (excluding any searches in ‘private’ mode)
- GPS coordinates (if location permissions are enabled, with a ~500-metre accuracy)
- Date and time of the search
- Firebase notification tokens
- Coupon data
- Partial list of the URLs visited by the user from the search results
- Device model
- Operating system
- 3 unique identifiers, including:
- ADID: possibly an identifier for a Microsoft Account
None of the data was encrypted.
Banking trojan Cerberus attacks increase
The release of the Cerberus trojan source code has, as predicted, been followed by an increase in attacks using the banking trojan, researchers report. Apparently, despairing of getting their reserve price in an online auction that didn’t work out to their satisfaction, and faced with the difficulty of maintaining the malware as the gang broke up, the managers of Cerberus last week released their source code online. The result has been an immediate rise in mobile application infections and attempts to steal money from consumers in Russia and across Europe, as more and more cybercriminals acquire the malware for free. Researchers are seeing the same sort of jump in functionality and usage they observed when Anubis went public last year.
Legacy Windows source code leaked
The source code for Windows XP SP1 was leaked online today as a torrent. The person behind the leak claims he spent two months collecting the 43GB source code and leaked it today on the 4chan forum as a torrent.
The leaked files, confirmed by security researchers, contains not only Windows XPs code but also that of Windows Server 2003 and other older versions.
Files in the torrent include:
- MS-DOS 3.30
- MS-DOS 6.0
- Windows 2000
- Windows CE 3
- Windows CE 4
- Windows CE 5
- Windows Embedded 7
- Windows Embedded CE
- Windows NT 3.5
- Windows NT 4
Even though Windows XP was released 20 years ago, if any code is used in the present versions of Windows then it could very well be threatening. With the source code, it becomes easier to know how Windows is run and if a big issue exists in XP and the same code is used in Windows 10, then hackers could exploit this vulnerability.
Edited and compiled by QA's Director of Cyber, Richard Beck.
Subscribe to our weekly Cyber Pulse newsletter below.
Stay in the know
Subscribe to our monthly Learning Matters newsletter and stay up to date with QA's latest news, views, offers, must-go-to events and more.
And if you want to keep up with the latest cyber news, why not subscribe to our weekly Cyber Pulse newsletter.
Richard Beck is Director of Cyber at QA. He works with customers to build effective and successful learning solutions tailored for business needs, helping to solve business problems. Richard has designed and architected numerous enterprise and nationwide cyber programmes for QA customers. Responsible for the QA cyber portfolio, products, proposition and cyber partner community. He has over 15 years' experience in senior Information Security roles.
Prior to QA, Richard was Head of Information Security for an organisation who underpin 20% of the UK's Critical National Infrastructure. Richard also held Security and Technical Management posts in Defence, Financial Services and HMG. He holds a number of leading cyber professional certifications, including CISSP, CISM, CISA.
Richard sits on a number of industry boards and security advisory panels, and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI). He is the work stream lead for Cyber Skills & Diversity on the techUK Cyber Management Committee, in addition Richard is also supporting a work stream for the UK Cyber Security Council Formation project. Richard is a regular contributor for cyber insights and industry collaboration including speaker engagements.
He is also a STEM Ambassador working to engage and enthuse young people in the area of cyber security. Providing a unique perspective on the world of cyber security to teachers and encourage young people to consider a career in cyber security.
More articles by Richard
Cyber Pulse: Edition 135 | 27 October 2020
Cyber Pulse: Edition 134 | 21 October 2020
Cyber Pulse: Edition 133 | 14 October 2020
Cyber Pulse: Edition 132 | 8 October 2020
Cyber Pulse: Edition 130 | 21 September 2020
Cyber Pulse: Edition 129 | 15 September 2020
Cyber Pulse: Edition 128 | 8 September 2020
Cyber Pulse: Edition 127 | 1 September 2020
Cyber Pulse: Edition 125 | 17 August 2020
Cyber Pulse: Edition 126 | 24 August 2020