May saw hackers steal $40 million in Bitcoin, leak information and freeze up the Baltimore city government. It’s all right here in The Month in Hacks, reminding all organizations that that hackers are always on the lookout for new opportunities anywhere they can find them.
Hackers Pilfer $40 Million in Bitcoin from Binance Cryptocurrency Exchange
Hackers attacked the large cryptocurrency exchange of Binance, making off with about $40 million worth of Bitcoins in a single transaction on May 7. The hackers used phishing, viruses and other techniques to pilfer massive amounts of user data, and then bypassed existing security checks to withdraw 7,000 Bitcoins.
Once alarms were triggered by the transaction, Bloomberg reported all withdrawals were immediately halted and an in-depth investigation followed. Binance intended to cover the incident with its emergency insurance fund, promising no user funds would be affected.
Massive Data Leak Hits Toshiba, Porsche, Oracle and Other Citycomp Clients
A ransomware attack on the large IT provider Citycomp has resulted in a massive financial data leak from some of its sizable clients, including Toshiba, Porsche, Oracle, Hugo Boss, the New Yorker and many others. Germany-based Citycomp maintains more than 70,000 storage systems and servers across 75 countries, and it reported successfully evading a hacker attack in April.
Although Citycomp initially said the attack had been stopped, Sophos reported the attack as ongoing in early May, with hackers demanding $5,000. Citycomp did not bow to the blackmail demands, resulting in the release of hundreds of thousands of files containing financial and private information on all clients.
The hacker used the handle Boris Bullet-Dodger, saying Citycomp was targeted due to its “totally awful” security system.
License Plate Scanning Company Breached by Same Hacker that Hit Citycomp
After hitting Citycorp, Boris Bullet-Dodger moved on to hack Perceptics, a widely used vehicle license plate reader (LPR) company known for designing the license plate imaging systems used at U.S. border crossings. The attack occurred the week of May 20, with “Boris” sending a list of 34 compressed directories to the Register as evidence of the breach.
The breached data includes all file types, including those speculated to contain license plate captures. Perceptics is concerned its financial and other sensitive information may already be circulating on the dark web. Sophos noted Perceptics intends to keep the incident as a private matter unless the data is found to relate to customers or members of the public.
Ransomware Attack Creates Double Whammy in Baltimore
A ransomware attack known as EternalBlue hit Baltimore’s local government on May 7, freezing thousands of city government computers and scrambling digital files. Adding insult to injury is the fact that the US National Security Agency reportedly discovered the exploit used in the attack several years ago – yet kept quiet about it for years.
The EternalBlue flaw involves a glitch in older versions of Microsoft Windows operating system, the BBC reports, and the NSA developed such a tool, with the same name, more than six years ago. The NSA only made Microsoft aware of its tool in 2017, at which time Microsoft issued a fix. The NSA’s EternalBlue code was leaked online a few weeks after the fix was issued.
To learn more about how TeleSign can help prevent some of these hacks click here.