By Ashwani Mishra, Editor-Technology, 63SATS
Stay ahead in the dynamic world of cybersecurity.
Here’s your concise guide to the latest trends, threats, and breakthroughs from around the globe:
1.Cyber Attack on WazirX Multisig Wallet
Indian crypto exchange WazirX on Thursday confirmed it had suffered a security breach after about $230 million in assets were “suspiciously transferred” out of the platform.
Incident Overview
It was a regular day at WazirX when an alarming discovery was made: over $230 million had been stolen from one of thier multisig wallets.
According to a blog on its website, this wallet was managed with the help of Liminal’s digital asset custody and wallet infrastructure and had been in operation since February 2023.
“Our multisig wallet had a sophisticated security setup. It required six signatories—five from our WazirX team and one from Liminal. For any transaction to go through, it needed the approval of three WazirX signatories, each using Ledger Hardware Wallets for added security, followed by a final approval from Liminal’s signatory.To further enhance security, we had a policy to whitelist destination addresses. These addresses were pre-approved and facilitated by Liminal, meaning the WazirX team could only initiate transactions to these trusted addresses,” the blog read.
Nature of the Cyber Attack
Despite strong security measures, the attackers exploited a critical vulnerability.
The Mumbai-based company said the attack stemmed from a mismatch between the information that was displayed on Liminal’s interface and what was actually signed. It said the payload was replaced to transfer wallet control to an attacker.
“We suspect that the attackers replaced the payload, thereby gaining control of the wallet,” the blog said.
2.Cyber Attack Disrupts CrowdStrike Services
Incident: Cybersecurity platform CrowdStrike experienced a worldwide outage, causing users to be logged out of systems.
Impact: Banks, airports, supermarkets, and businesses across Australia and other regions were affected, halting news broadcasts and grounding flights.
Response: CrowdStrike acknowledged the issue, stating, “Our Engineers are actively working to resolve this issue and there is no need to open a support ticket.” They promised to update once resolved.
Source: Reported by the New York Times.
3.Weak Credentials Behind Nearly Half of Cloud-Based Attacks
Key Findings: Google Cloud’s report for H1 2024 found weak or no credentials were the top access vector for 47% of cloud environment attacks, down from 51% in H2 2023.
Additional Insights: Misconfigurations accounted for 30% of attacks, up from 17% in the previous half-year.
Implication: Credential mismanagement remains a critical vulnerability in cloud security.
4. Operation Spincaster: Major Crypto Scam Network Dismantled
Action: Cryptocurrency experts and law enforcement from six countries collaborated to shut down networks stealing billions via “approval phishing” scams.
Operation: Named “Operation Spincaster,” involving 17 crypto exchanges, including Binance and NDEX, and 12 public sector agencies.
Result: Over $1 billion recovered. Training was provided to officers to identify compromised wallets and trace stolen funds.
5. INTERPOL Operation Strikes West African Crime Syndicates
Highlights:
Hundreds arrested and assets worth USD 3 million seized.
Multiple criminal networks, including Black Axe, dismantled globally.
Operation Jackal III:
Duration: 10 April to 3 July.
Scope: 21 countries across five continents.
Focus: Targeted online financial fraud linked to West African syndicates.
Results:
Approximately 300 arrests.
Over 400 additional suspects identified.
More than 720 bank accounts blocked.
6. ‘GhostEmperor’ Hacking Group Resurfaces
Group: GhostEmperor, a covert Chinese hacking group known for sophisticated supply-chain attacks, has resurfaced after two years.
Discovery: Sygnia reported that GhostEmperor was behind a recent network compromise used to gain access to another victim’s systems.
Background: GhostEmperor was first identified by Kaspersky Lab in 2021 and is notorious for targeting telecommunications and government entities in Southeast Asia.
