Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Secure Your Cryptocurrency
The news of a major theft of cryptocurrency from a decentralized finance platform last week may have you wondering if there are ways you can help protect your digital assets. Tech website Medium presents a list of the top five best practices for safeguarding your crypto, highlighted by using both “cold” and “hot” wallets.
DeFi platform Qubit Finance loses $80M in cyber attack
Qubit Finance, a decentralized finance (DeFi) platform that allows users to lend and borrow to speculate on cryptocurrency exchange transactions, was hacked on January 27. In the largest cryptocurrency theft so far in 2022, and the seventh largest on record, Qubit was robbed of 206,809 Binance Coins from its wallet by a threat actor exploiting a vulnerability in the QBridge deposit function associated with one of its Ethereum blockchain contracts. The estimated value of the theft is $80 million (USD).
Qubit acknowledged the hacking incident within hours of the attack in an online timeline and statement.
In desperation, Qubit reached out to the threat actor via Twitter the next day: “An appeal to the exploiter: It’s not too late to return to funds. We will pay the maximum bounty reward as mentioned as well as not seek any legal charges if you return the funds and do right by the community.” That “maximum bounty” increased to $1M on January 28, and $2M by January 29, but the company has not revealed whether the threat actor has responded to the entreaties.
An investigation continues into the incident. As of January 30, all of the funds were still associated with the attacker’s address (across two blockchains).
Cybercriminals laundered $8.6 billion (USD) worth of cryptocurrency in 2021
According to a new report by Chainalysis, cyber criminals laundered an estimated $8.6 billion (USD) worth of cryptocurrency in 2021, a 30% increase over 2020.
“Overall, cybercriminals have laundered over $33 billion worth of cryptocurrency since 2017, with most of the total over time moving to centralized exchanges. For comparison, the UN Office of Drugs and Crime estimates that between $800 billion and $2 trillion of fiat currency is laundered each year — as much as 5% of global GDP,” according to the report.
About half of all stolen cryptocurrency was laundered through traditional exchanges, with 17% of stolen funds last year were laundered through DeFi platforms.
BEC attacks led the way in Q4/2021
In their most recent analysis, KnowBe4 reports that business-related phishing emails like fake invoices, purchase orders, and bogus file shares were the most common attack attempts seen in Q4/2021. The use of business email compromise strategies knows no borders, with the report showing that BEC attempts are as pervasive in North America as they are in EMEA nations.
The top ten “clicked” phishing topics reported globally included:
1. Business
2. Online Services
3. Human Resources
4. IT
5. Banking and Finance
6. Coronavirus/COVID-19 Phishing
7. Mail Notifications
8. Holiday
9. Phishing for Sensitive Information
10. Social Networking
Join ISA Cybersecurity for a special one-hour discussion: an all-star panel of experts, featuring guest speakers from Supply Chain Canada and Cronos Group, will share real-life experiences and provide practical insights on evolving trends in Business Email Compromise (BEC) and Email Account Compromise (EAC). A 30-minute Q&A will follow the panel discussion.
CRTC shuts down major darkweb marketplace
In a January 26 news release, the Canadian Radio-television and Telecommunications Commission (CRTC) – Canada’s broadcast and telecom regulator – announced they had taken action to shutter Canadian HeadQuarters (also known as CanadianHQ). They also announced notices of violation to four people totaling $300,000 (CDN) for breaches of CASL, Canada’s anti-spam legislation.
According to the release, “CanadianHQ was one of the largest Dark Web marketplaces in the world and significantly contributed to harmful cyber activity in Canada. It specialized in the sale of goods and services, including spamming services, phishing kits, stolen credentials and access to compromised computers, which were used by purchasers to engage in a variety of malicious activities.”
The accused are alleged to have used phishing emails “mimicking well-known brands in order to obtain personal data including credit card numbers, banking credentials and other sensitive information,” from their victims.
Report: Companies investing in privacy seeing strong ROI
In a new study, Cisco reports that organizations putting resources into privacy are seeing strong return on investment for a third straight year. The Cisco 2022 Data Privacy Benchmark Study, based on a survey of 4,900 respondents around the world, suggested that small-to-medium organizations experience the greatest benefits, with companies between 50 and 249 employees estimating the value of their privacy investments at $2 million (all figures USD) in 2021, up from $1.1 million in 2020. The biggest ROI was enjoyed by companies with mature privacy practices.
The report, released to coincide with Data Privacy Week, concluded that privacy “has become essential to organizations’ culture and business practices, including their buying processes, management metrics, and employee areas of responsibility,” and highlighted customer concerns about the growing use of data analysis and decision-making through automation and artificial intelligence.