Week 1 Cyberattack Digest 2019 – Twitter, Luas tram system, Wallet.fail and others
Today, as always, a new cyber attack week 1 digest is coming, which means it’s time for the hottest cyber news.
Researchers inform about wallet vulnerabilities
by Bitcoin Magazine – 31 December 2018
As part of a “Wallet.fail” demonstration, a team of security researchers, including Dmitry Nedospasov, Josh Datko and systems engineer Thomas Roth, hacked into the Trezor One, Ledger Blue and Ledger Nano S. The experts found a number of vulnerabilities that could have been fixed with a firmware upgrade on the hardware wallets in question. SatoshiLabs, the manufacturers of Trezor wallets claimed that the company had not been notified about the loopholes that were demonstrated at the event. Talking about the vulnerabilities, it seems that currently they cannot be exploited remotely as the majority of them require that attackers have physical access to the devices and in some cases access to the victim’s computer as well. At the event, the experts claimed to have flashed a Trezor One hardware wallet allowing them to extract the mnemonic seed (and PIN) from the RAM; however, the vulnerability can only be exploited against users who don’t set a passphrase. Also, the team claimed to have installed their firmware on the Ledger Nano S, allowing them to manipulate the wallet by signing transactions remotely. The security researchers also demonstrated a proof-of-concept, side-channel attack on Ledger’s most expensive hardware wallet, the Ledger Blue which was leaking signals sent to its touchscreen as radio waves.
Old Twitter accounts hijacked
by SC Magazine – 2 January 2019
Cyber criminals supporting ISIS are spreading terrorist propaganda on social media. For such purposes, malefactors choose old, abandoned Twitter accounts that weren’t confirmed via email by their owners: this allows attackers to commandeer the account by creating the email address to open it. All of the hijacked accounts inactive for long periods of time before being hacked. The majority has been taken over during last few days and weeks, and some others have been affected for longer periods of time. “This issue has been around for a while but no one really knew and took advantage of it,” commented security researcher WauchulaGhost. Most of the offending accounts were suspended by Twitter. “Reusing email addresses in this manner is not a new issue for Twitter or other online services. For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure,” said a Twitter spokesperson.
Australian government employees’ data hacked
by ABC News – 1 January 2019
The work details of 30,000 Victorian government employees have been stolen in a data leakage as the Victorian Government directory was downloaded by an unknown party; the missing information contained work emails, job titles and work phone numbers. All the victims were also informed in an email that their mobile phone numbers may have also been accessed if they had been entered into the directory: “As always, you should be aware of these risks and remain vigilant when it comes to unsolicited communications via email and telephone.” There is no evidence that any banking or financial information has been affected. The Premier’s Department referred the breach to police, the Australian Cyber Security Centre and the Office of the Victorian Information Commissioner for investigation. “The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future,” a spokesperson for the department commented.
Dublin tram system website defaced
by SC Media – 4 January 2019
The website for Luas, a public tram system based in Dublin Ireland, experienced a defacement attack. “You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay 1 Bitcoin in 5 days. Otherwise I will publish all data and send emails to your users,” the ransom note c claimed. As a result, malefactors posted a ransom demand threatening to publish data. As the attackers claimed, the data had been stolen from the transport service. The company also reported that the incident may have affected the information of 3,226 people signed up for the Luas newsletter. The Luas website is currently undergoing restoration following a cyber incident. It is recommended not to visit the tram service’s official website.