Security News

Really interesting research: "An examination of the cryptocurrency pump and dump ecosystem": Abstract: The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud....

In the first five months of 2020, cryptocurrency crimes have totaled $1.4 billion, indicating that the year 2020 could see the second-highest value in cryptocurrency crimes, outside 2019's whopping $4.5 billion, a CipherTrace report found. The Spring 2020 Cryptocurrency Anti-Money Laundering and Crime report assessed the different tactics cybercriminals are using to commit cryptocurrency offenses.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.

Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. Cryptocurrency owners need a wallet just like users of regular cash do.

Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018, according to a federal indictment unsealed Monday. The North Korean-linked group also apparently has been involved in numerous banking thefts, including the 2016 Bangladesh Bank heist, and it has recently begun targeting cryptocurrency exchanges to help illegally fund the government, U.S. authorities say.

Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals. Of additional concern for banks, 66 percent of dark market vendors sell stolen financial products and compromised accounts for cryptocurrency.

SIM swapping typically involves crooks tricking cellular network support staff to transfer victims' smartphone numbers to the criminals' own SIMs, and then using those numbers to reset passwords, or get two-factor authentication tokens, via text messages, and ultimately access and drain cryptocoin accounts. Admins using Cisco gear in their networks will want to head over to Switchzilla's security portal and check for applicable updates among the latest batch of 28 patches.

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according to a report by blockchain analysis firm Chainalysis. The emergence of these types of rogue cryptocurrency exchanges, along with technical advances, have made tracking virtual currency used in cybercrime, as well as terrorist financing, more difficult for law enforcement, the Chainalysis report finds.

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports. Kaspersky now says that following Operation AppleJeus, Lazarus continued to employ a similar modus operandi in attacks on cryptocurrency businesses, and that more macOS malware similar to that from the original Operation AppleJeus case was discovered.

When is a password breach not a password breach? When is a password warning a hoax? The "Poloniex emails and passwords" announced on Twitter seem to have been from a previous, unknown breach, and the crooks were simply chancing their arm by guessing that at least some of the account names and password might also work on the Poloniex site.