Coinbase refuses to pay a $20 million ransom after hacker's bribe. Support contractors. Broadcom patches, VMware tools, vulnerabilities, allowing file tampering in virtual machines, and Telegram shuts down a $35 billion black market operation. After a blockchain firm raises the alarm this is Cybersecurity today, and I'm your host, Jim Love.
In what has been called the largest takedown of its kind Telegram shut down two massive illegal marketplaces that handled more than $35 billion in transactions After investigators at blockchain firm, elliptic uncovered their operations, Elliptic provides blockchain analytic solutions for financial crime compliance, anti-money laundering, and regulatory requirements in the cryptocurrency sector.
The platforms, Haowang Guarantee and Xinbi Guarantee acted as escrow services for illegal goods and services, including scams, frauds, and even human trafficking. The majority of the payments were made using Tether and possibly other stable coin cryptocurrencies. Haowang linked to a Cambodian company called Haowang Group. Handled over $27 billion and Xinbi incorporated in Colorado.
Processed $8.4 billion Both operated openly on Telegram until elliptic published its findings and media reports published in Wired triggered a crackdown following the report. Telegram banned thousands of accounts. US financial regulators then stepped in as well. Fin send the Treasury Department's financial crimes unit labeled Haowang a major money laundering concern, effectively cutting it off from much of the financial system.
The take down is a win for cyber crime investigators, but experts warn the groups behind these marketplaces may resurface elsewhere as criminal shift to encrypted and decentralized platforms. Enforcement remains a challenge. Broadcom has released a security patch for a newly discovered vulnerability in VMware tools identified as CVE 20 25 22 2 4 7. This flaw allows users with limited access to a virtual machine to manipulate local files, potentially compromising the VMs.
Integrity. The vulnerability affects VMware tools, versions 11 and 12 on Windows and Linux platforms. It also impacts the open source counterpart. Open VM Tools commonly used in Linux environments. Mac OS versions remain unaffected. Broadcom has addressed the issue in VMware tools. Version 12.5 0.2 For Linux users, patches will be distributed through respective vendors with version numbers varying accordingly. There are no available workarounds making the update essential for affected systems.
The vulnerability was privately reported by Sergey Bliznyuk of Positive Technologies and has not been observed in active exploitation. However, given the potential risks in multi-user environments, timely patching would be critical. organizations utilizing VMware tools on Windows or Linux should promptly update 12.5 0.2 to mitigate potential security risks. . Hackers stole customer data from Coinbase, the largest crypto exchange in the us.
They did this by bribing overseas support contractors and then using that rogue group, the hackers demanded $20 million in ransom, which Coinbase refused to pay and is now turning the tables and offering a $20 million reward for help catching them. According to information released by Coinbase, the attackers got access to the personal information of less than 1% of Coinbase users.
Stolen data included names, addresses, government id, images, masked, bank details, and partial social security numbers. According to the reports, no passwords, private keys or crypto funds were taken. The hackers used the stolen info to impersonate Coinbase support and tried to trick users into handing over their crypto. Months later, Coinbase discovered the unauthorized access months earlier. They fired the contractors involved and notified the affected customers.
The breach highlights the risks tied to outsourcing customer service. Coinbase says it is cooperating with law enforcement and has added stronger processes to screen contractors and implemented scam alerts to its platform. Coinbase public rejection of the ransom and decision to fight back with a $20 million bounty Sends a clear message to Extortionists.
One report said that this had cost the company over $400 million, but the company says it's focused on long-term security and not short-term payoffs. The cooperative group, the co-op in the UK successfully thwarted a significant ransomware attack by proactively disconnecting its systems upon detecting suspicious activity, and thereby preventing further damage According to BBC News hackers associated with a cyber crime group, Dragon Force claimed responsibility for the attempted attack.
They intended to deploy ransomware to encrypt co-op systems, but were impeded when Co-op's IT team took the initiative to shut down their computer services disrupting the attack. In progress, The attackers expressed frustration over Co-op Swift action stating Co-op's networks never ever suffered ransomware. They yanked their own plug, tanking, sales burning logistics and torching shareholder value.
Cybersecurity experts, including Jen Ellis from the Ransomware Task Force commended Co-op's decision. Ellis noted that opting for the immediate self-imposed disruption was a strategic move to avoid more severe criminal imposed consequences. The same group of hackers also claimed responsibility for a cyber attack on Marks and Spencer over the Easter weekend.
unlike co-op Marks, and Spencer did not detect the breach promptly resulting in prolonged disruptions, including suspended online orders and compromised customer data. so did Co-op do the right thing? Is this the right strategy for others?
Well, as noted, it had an upside in that it appears to have reduced the damage that the attackers could do, but it also had some negative consequences, and these need to be taken into account, and as I've heard from others, it could destroy evidence necessary for investigation and prosecution of hackers. The point is that you don't wanna be making those decisions while you're being attacked.
Companies of any size should have a playbook considering these things upfront and getting advice from experts so that when, and it's probably not if, but when you get attacked, you can respond not just quickly, but correctly. this may be even more important for retailers since there's every indication that the group that has taken credit for attacking Co-op, Dragon Force operates an affiliate or ransomware as a service offering.
As a result, no one is sure who has attacked the retailers, but the tactics are seen to be similar to that of a loosely coordinated group of hackers who have been called Scattered Spider. Or Octo Tempest, that gang operates on Telegram and Discord channels and is English speaking and young. In some cases they think possibly only teenagers. And according to some sources, they may be taking this attack to the US in the near future. And that's our show this weekend.
We have our month in review panel a little late, but it got bumped by our breaking story from the whistleblower last week. And We're back with our panel and some great discussion. I hope you can join us Saturday morning or whenever you're free to. Listen. It's our big Canadian holiday this weekend, and we will not have an episode Monday morning. I'll be off and back in the news chair on Wednesday morning with more cybersecurity news.
I'm your host, Jim Love. Thanks for listening, and if you're in Canada, enjoy the two four weekend.