Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series.

The Russian invasion – what’s happening in cybersecurity

• In what experts are calling a parallel cyberwar, Russia has also been attacking Ukrainian sites with malware. On the day of Russia’s first ground attack on Ukraine, an Estonian cybersecurity group detected malware affecting computers at a Ukrainian bank and Ukrainian government agencies.
• As this is likely to be the first among more attacks, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI have advised that both public and private organizations implement “shields” to protect against potential Russian cyberattacks, including malware.

Data breaches

• Nearly $2 million worth of NFTs were stolen in just three hours in an apparent phishing attack. The attack targeted OpenSea users using a vulnerability in the open-source standard underlying most NFT smart contracts. The attackers were able to use valid digital signatures in partially complete contracts but transfer the contract to their own wallets. One explanation describes it as essentially stealing blank checks.
• The Internet Society, a nonprofit that aims to keep the internet open and secure, experienced a data breach of over 80,000 of its members’ data. The society claims a third-party vendor is responsible for the breach, which left data exposed for at least a month.

Vulnerabilities

• According to cybersecurity researchers at Proofpoint, hackers have been increasingly finding ways around mutli-factor authentication (MFA), including using phishing kits. Phishing kits allow attackers to harvest and use credentials and are typically inexpensive. Newer kits enable hackers to steal not only usernames and passwords but also MFA tokens and more.
• Another tactic hackers have been using to bypass MFA is “fatigue attacks,” which involve bombarding the victim with MFA push notifications until they accept one, accidentally or not. Of course, attackers must first have the victim’s credentials, but those are becoming easier for attackers to steal.

Government regulation

• The EU European Commission has published the outline of the architecture and reference framework for eID wallets. This is the first step in the toolkit that is expected to be released this summer.
• The FBI announced they will form a digital currency unit specializing in blockchain analysis and virtual asset seizure. The announcement comes after the largest virtual asset seizure to date, with the FBI charging a New York couple with laundering over $4.5 billion in bitcoin.

Outages

• An outage left Slack users offline for several hours Feb. 22. Slack attributes the issue to “a change [they] implemented.”

Quantum computing

• JPMorgan Chase detailed their current efforts to become post-quantum safe, including identifying parts of their network that are vulnerable to prepare for NIST recommendations. The company notes, “It’s important to be proactive about this.”

Malware

• A new cryptocurrency malware targeting cryptocurrency wallets can steal private keys, in addition to usernames, domain and computer names, the machine ID, and even installed software and which version. “Mars Stealer,” as it is dubbed, uses the wallets’ browser extensions and can get through security features such as two-factor authentication with a grabber function.
• Hackers are also using the popularity around NFTs to trick victims into downloading malware that allows the attackers to hijack devices and webcams. The attackers used a “peculiar-looking Excel spreadsheet” that reportedly contained information about NFTs to spread BitRAT malware by getting unsuspecting victims to download the file to their computers.
• Researchers discovered this month that hackers have been distributing malware via Microsoft Teams, using the platform to share malicious files. Hackers were gaining access to user’s emails to use Teams and share files embedded with malware.

Internet of Things

• NIST, the U.S. National Institute of Standards and Technology, outlined what IoT and software security labels could look like. Similar to nutrition labels, these labels would give consumers more information about their purchase, specifically in regard to the privacy and security of the device or software. Several countries, including Singapore and Finland, have already discussed or implemented similar security label systems.