Cybersecurity roundup: February 11 to 17, 2018
Cybersecurity is a major concern these days, with many attacks and occurrences happening daily. As such, we're bringing the news to you, with a weekly roundup of cybersecurity news and updates.
Here's an overview of what's happened across the week from February 11 to February 17.
Winter Olympics hit by cyberattack
The Winter Olympics opening ceremony was hit by a cyberattack, causing internet and WiFi shutdowns across the games. South Korea's defense ministry and cybersecurity experts are included in the taskforce investigating the attack, but the possible culprit is being kept under wraps.
While the attack occurred on Friday, February 9, Atos, the internet service provider for the Olympics, was reportedly hacked months ago, based on reporting from CyberScoop.
Coinhoarder: The bitcoin phishing ring
Bitcoin phishing is a relatively new thing, whereby criminals make fake sites but find some way to mask the difference in web addresses to appear legitimate.
Researchers at Cisco Talos report in the case of phishing group Coinhoarder, the group buys Google Adwords ads, then use the ads to pose as legitimate bitcoin wallet site Blockchain.info, complete with similar looking phishing webpage.
The attack is apparently quite lucrative, with the group managing to net over $50 million over the past 3 years.
Cryptominers take center stage
In addition to Bitcoin phishing websites, malware that aims to use your computers and Android devices to mine for cryptocurrency has also become prevalent.
At least 4,200 websites were affected by cryptocurrency mining malware after a browser plugin used on those sites – the Browsealoud plugin by TextHelp – was apparently hacked to generate cryptocurrency for the hacker. The Browsealoud plugin hack mined Monero cryptocurrency for about 4 hours for visitors of those affected websites before being taken down.
Meanwhile, a Monero cryptocurrency miner was also discovered on Android devices. Presumably millions of Android users hit by the cryptomining campaigfn were redirected to a browser page designed to perform in-browser cryptomining, and which required users to fill in a Captcha to turn off.
Intel expands bug bounty program
One of the major changes in the bug bounty program is Intel opening it up to all security researchers than making it an invitation-only affair.
Aside from increased bounty rewards across the board, the other major change is "a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000."
Russian hackers behind credit card number theft sentenced
A US judge sentenced a pair of Russians who led a massive hacking and data breach scheme to lengthy criminal sentences.
The Russian nationals, who pleaded guilty, are part of a gang that targeted major retailers and the Nasdaq stock exchange. They stole some 160 million credit card numbers, selling the numbers through online markets. – Rappler.com