NFTs not annoying enough? Now they come with wallet-emptying malware
Plus rifle-toting robot dogs, but makers insist they're really dumb
In brief Whether or not non-fungible tokens are a flash in the pan or forever, malware operators have been keen to weaponise the technology.
An investigation was triggered after a number of cryptowallets belonging to customers of the largest NFT exchange OpenSea got mysteriously emptied. Researchers at security shop Check Point found a nasty form of NFT was in circulation, one that came with its own malware package.
People were receiving free NFTs from an unknown benefactor, but when they accepted the gift the attackers got access to their wallet information in OpenSea's storage systems. The code generated a pop-up, that if clicked, allowed wallets to be emptied.
After disclosing the issue Opensea had a fix sorted within an hour - we wish others took such prompt action - and the platform appears to be secured. But beware of "free" gifts, particularly where money is involved.
Crime doesn't pay? really?
A US Treasury report has said that in the last three years ransomware operators using over 60 different variants have siphoned off $5.3bn in Bitcoin payments.
The Financial Crimes Enforcement Network report [PDF], first spotted by The Record, said that the ransoms taken in the the first six months of this year amounted to $590m, up from $416m for 2020, and the problem is getting worse, according to ten years of 2,184 Suspicious Activity Reports (SARs) analysed by the agency.
"If current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined, which would represent a continuing trend of substantial increases in reported year-over-year ransomware activity," the Treasury team warned.
Arming robots with sniper rifles, not worrying at all
US-based Ghost Robotics showed off an unusual new gadget this week at a meeting of the Association of the United States Army - a sniper rifle robot.
The robotics firm already has unarmed robot dogs acting as sentries at Tyndall Air Force Base but mounted a 6.5mm sniper rifle with a range of up to 1,200 meters (3937 feet) with both day and night vision cameras. The manufacturers were at pains to point out that this is not autonomous in any way and a human always controls the trigger, the robot just gets into position to keep its human operator safe.
The robot caused something of a storm, and Ghost Robotics CEO Jiren Parikh attributed this to the emotional connection robot dogs evoke and decades of movies about killer robots.
US warns critical water systems under attack
American online watchdogs at the Cybersecurity and Infrastructure Security Agency has issued a security advisory following a spate of attacks against water and waste management facilities.
Since 2019 CISA said it had recorded five attacks against water systems, mostly ransomware but also aa former employee at Kansas-based water company who tried to tamper with drink water quality using credentials that should have been revoked when they left the biz.
For ransomware operators such businesses are tempting targets. Since water is such an essential service, it's no-doubt thought that they'd be more likely to pay up rather than cause widespread disruption and panic.
Ukrainian cops cuff botnet suspect
The Security Service of Ukraine announced this week that they had arrested a man accused of running a massive botnet and charging for its use.
The man, a resident of Ivano-Frankivsk region in the west of the country, is said to have been running a botnet made up of over 100,000 infected systems. His opsec wasn't great, he used telegram to tout for customers and, police say, made use of "electronic payment systems banned in Ukraine."
A search of the suspect's premises revealed computer equipment used to operate the botnet, and data stolen from botnet participants. Police say the suspect was also a representative of legitimate Russian payment service Webmoney, which is however under sanctions from the Ukrainian government.
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust