Welcome to week one of August’s email security breach news recap. Top headlines include industry-shaping stories like Google Play removing around 50 malicious apps and yet another wave of phishing emails impersonating Amazon.
But let’s use this backdrop to review other, more specific cybersecurity news stories.
Spain’s national police announced the arrest of two ex-nuclear power plant workers after being blamed for their part in a cyberattack on Spain’s radioactivity alert network (RAR).
They damaged about one-third of the sensors required for observing excessive radiation levels across the country.
The General Directorate of Civil Protection and Emergencies controls the radioactivity alert network, which, as police reported, had been attacked in 2021.
In June 2021, the law enforcement operation commenced when an attack compromised 800 gamma radiation detection sensors. These sensors were accountable for calculating harmful surges in radioactivity levels across Spain’s nuclear infrastructure.
Law enforcement glimpsed a computer intrusion trying to delete the web application that managed RAR in the control center.
The duo was fully informed of the RAR preservation program, so they managed to take over 300 out of 800 facility sensors; they then struck the computer system and caused the failed connection of the sensors.
Being former nuclear power plant workers, the criminals had a profound understanding of the network, which helped them actualize the attacks.
Microsoft launched two new cyber intelligence products on August 2nd.
Microsoft Defender Threat Intelligence (MDTI) scours the internet, discovering new and persisting threats for security teams. This adds to the already existing Microsoft Defender family and Microsoft Sentinel, strengthening systems with new analysis and insights.
The tool allows users to see threat actors, their names, tactics, and processes, block IP addresses or domains, and streamline threat detection and remediation.
Meanwhile, Microsoft’s External Attack Surface Management identifies potential entry points to customer systems. It’s marketed as a means for organizations to see their infrastructure as attackers do. It also helps companies unveil hidden misconfigurations and unmanaged resources, thereby removing and addressing system vulnerabilities.
As tech giants like Google and Microsoft invest in cyberintelligence, the market continues to grow. While it was valued at $11.6 billion in 2021, it’s expected to soar to $15.8 billion by 2026, according to Venture Beat.
Blockchain and Crypto Industry Under Attack
This week has been quite eventful in the blockchain world. Two major breaches happened. While one is much more substantial, the latter is interesting in terms of mitigation strategy. Let’s see what happened.
Nomad is a “blockchain bridge” that facilitates the transfer and exchange of crypto assets. In a cyberattack identical to the Audius platform’s $6 million loss, Nomad suffered a $200 million loss due to a smart contract bug.
According to Paradigm researcher Samczsun, hackers exploited the bug, which allowed them to make changes to the open-protocol source code without approval.
As a result, cybercriminals could easily withdraw crypto funds without any authorization. While the attack likely started with one or a group of bad acts, Samczsun believes more cybercriminals caught wind of the situation and executed copycat attacks, amounting to a staggering $200 million loss.
August started with a major scare for Solana users. The ecosystem suffered a breach due to a private key vulnerability in one of the wallets, Slope. Assets lost initially included SOL and USDC, but as the attack went on, other altcoins continued to flow out for hours.
According to various sources, Solana users have collectively lost around $4 million to $5.8 million, but hardware wallets weren’t compromised. The attack perpetrator is unknown, but OtherSec tweeted that all funds were transferred to four wallets that could be traced back to one source.
Solana users didn’t sit idle, though. A group of vigilante white hat hackers used an interesting mitigation method, similar to a DoS or DDoS attack.
They implemented a write-lock script, impeding successful execution of such “malformed” transactions.” While the efforts to fight back also crashed a number of RPC servers, SolBlaze believes there was still a net positive impact.
As you can see, this week’s cybersecurity news also superimposed crime on protective efforts from large organizations. So the battle continues.
Stay safe and until next time!