Cybersecurity Expert Backs Elizabeth Warren’s Anti-Crypto Legislation Proposal

November 19, 2023 The Daily Hodl

Australian regulators will compel businesses to report cyberattacks: Report

November 13, 2023 Coin Telegraph

Australia

This obligation won’t be backed by a fine if the company fails to comply, and businesses will still be permitted to pay ransoms, though this is discouraged.

Australian authorities will oblige local companies to be fully transparent and report any ransomware cyberattacks on their businesses. The country’s economy lost $2.59 billion to cybercrimes in 2021.

As reported by the Australian on Nov. 13, the national cybersecurity strategy, which will be revealed this week, will feature a mandatory system under which local businesses must alert the government about ransomware cyberattacks. However, this obligation won’t be backed by a fine if the company fails to comply.

The companies will still be allowed to pay ransoms, although new National Cyber Security Coordinator Air Marshal Darren Goldie has publicly discouraged them from doing so. In October, Australia joined almost 40 other nations in a pledge not to pay ransomware demands made against government agencies.

Related: The anatomy of a cyberattack

Before enacting the mandatory system, the government intends to consult with the business community on its design, as Minister for Cyber Security Clare O’Neil has specified:

“We’ll create a ransomware playbook that will provide clear guidance to businesses and citizens on how to prepare for, deal with, and bounce back from ransom demands.”

Ransomware attacks remain a common problem in the digital economy. In July, The United States Department of Justice (DoJ) announced the doubling of its crypto crimes team and setting the immediate focus on combatting ransomware crimes.

According to Chainalysis, wallets involved in ransomware attacks often turn to crypto mining pools to launder the funds acquired through exploits. The research firm believes there has been an increase in value sent from ransomware wallets to mining pools. In one instance, Chainalysis highlighted that an exchange wallet address had received $158.3 million from ransomware addresses since 2018.

Magazine: 2 years after John McAfee’s death, widow Janice is broke and needs answers

Chinese president calls for unity on AI challenges and cyber development

November 9, 2023 Coin Telegraph

China

Xi Jinping addressed the World Internet Conference Summit saying there is a need to “deepen” exchanges and cooperation on an international level on AI challenges and cyberspace development.

Chinese President Xi Jinping addressed an audience on Nov. 8 at the World Internet Conference Summit in Wuzhen, China calling for international cooperation on risks posed by artificial intelligence (AI).

Xi’s speech, pre-recorded and broadcast at the conference, stressed the need for “deepened” exchanges and cooperation to “jointly advance the building of a community with a shared future in cyberspace to a new stage.”

*Chinese President Xi Jinping addressing the World Internet Conference Summit 2023. Source: CCTV*

“As the internet becomes a new driving force of development, a new frontier of ensuring security, and a new platform for mutual learning between civilizations,” he continued, “the building of a community with a shared future in cyberspace is a natural choice in answering the call of the times and a common aspiration of the international community.”

The Chinese head of state stressed that the “fruits of internet development” should benefit more countries and greater numbers of people.

While one of the main points of the speech was stressing the importance of international cooperation, he also said that:

“Cyber sovereignty as well as each country’s internet development and governance mode should be respected.”

implement its Global AI Governance Initiative. The government proposed this initiative a month prior focusing on an open and fair AI development environment.

“We should uphold the principle of common security and avoid bloc confrontation and arms race in cyberspace.”

His remarks come a week after the United Kingdom’s inaugural AI Safety Summit, at which China was an attendee.

At the conference a spokesperson from the Chinese government similarly stressed the importance of international cooperation, saying it calls for “global cooperation to share AI knowledge and make AI technologies available to the public on open-source terms.”

China has been at the forefront of the global race to develop and deploy high-level AI systems. The country has been facing direct competition with the United States, who is one of the world’s leaders in chip manufacturing and major companies deploying AI models.

Magazine: AI Eye: Get better results being nice to ChatGPT, AI fake child porn debate, Amazon’s AI reviews

India trained 3,000 police officials on crypto investigations in 2022–2023

November 9, 2023 Coin Telegraph

Coin Telegraph

The Narcotics Control Bureau and the Indian Cyber Crime Coordination Centre trained 141 officials and over 2,800 officers in the financial year 2022–2023.

The annual report from India’s Ministry of Home Affairs (MHA) revealed that officials from various cybercrime and police departments were trained in cryptocurrency forensics and investigation during the financial year 2022–2023.

The MHA highlighted that, under the Narcotics Control Bureau — India’s central law enforcement and intelligence agency — 141 officers were trained on the investigations of darknet and cryptocurrencies and other workshops related to digital footprints and gathering intelligence and evidence from open source and social media, to name a few.

Additionally, the Indian Cyber Crime Coordination Centre trained more than 2,800 cyber police officials in crypto forensics and investigations and other emerging technologies like anonymization networks and investigating misuse of mobile applications in cyberspace.

While India prepares to tackle possible crypto-related crimes amid greater adoption, the nation continues to explore mainstream use cases in blockchain. India’s state-run oil and gas company, Hindustan Petroleum (HPCL), recently launched a blockchain system to enable automated verification of purchase orders (POs).

HPCL partnered with the blockchain software firm Zupple Labs to integrate its blockchain-based digital credentialing technology into the purchase order system.

“The implementation helps to automate the verification of HPCL POs to external parties,” a spokesperson for HPCL told Cointelegraph. “This works by integrating the blockchain system with HPCL’s internal e-PO and generates tamper-evident verifiable POs,” the representative noted.

Magazine: Exclusive: 2 years after John McAfee’s death, widow Janice is broke and needs answers

UK seeks six crypto investigators to beef up National Crime Agency

November 2, 2023 Coin Telegraph

Coin Telegraph

The role demands candidates to have the ability to provide strategic and tactical advice to crypto investigations, among other investigative qualities.

Reacting to the rising attempts from bad actors to dupe crypto investors, the United Kingdom’s National Crime Agency (NCA) plans to form a specialized cryptocurrency and virtual assets team to counter the issue.

The NCA posted a job opening on Nov. 4, looking to hire six individuals to create a new team focused on crypto crimes — which will either fall under the National Cyber Crime Unit (NCCU) or the Digital Asset Team. The responsibilities include:

“The role will support existing and new investigations where specialist cryptocurrency experience is required along with taking a proactive lead in identifying targets for further development.”

The role requires candidates to have the ability to provide strategic and tactical advice to crypto investigations, conduct blockchain forensic investigations and analyze various materials.

While the intent behind forming a dedicated team of crypto investigators becomes evident amid rising cyber threats, NCA did not immediately respond to Cointelegraph’s request for comment.

In 2023, the NCA issued numerous crypto-centric recruitment notices — all hiring for crypto investigators on various levels. The move complements the UK’s goal to become a crypto hub as it reignites discussions around building a regulated environment that nurtures the crypto ecosystem instead of penalizing the users.

In August 2023, crypto exchange Coinbase confirmed it was working “seriously” in the U.K. and Europe amid the introduction of the Markets in Crypto Assets (MiCA) regulation.

A related Coinbase post recognized the U.K. as one of its fastest-growing user markets. “In short, things are happening in Europe that are edging the region ahead and when it comes to embracing the digital economy, the region is preparing for a seismic change in how it uses and thinks about money,” it added.

Magazine: Slumdog billionaire: Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal

SEC plans scrutiny of crypto dealer-brokers, transfer agents, per 2024 exam guide

October 16, 2023 Coin Telegraph

Coin Telegraph

The SEC sets examination priorities based on feedback from examiners and input from investors and the industry.

The United States Securities and Exchange Commission released its 2024 examination priorities report on Oct. 16. The agency’s Division of Examinations has been publishing similar reports for over a decade to let its registrants know the emerging risks it will be focusing on. Crypto dealer-brokers, among others, have been given notice.

The SEC’s examinations division expanded its capacity and set up teams within its various programs to address crypto, fintech, AI and cybersecurity in 2023, the report said. It added that the SEC was continuing to observe broker-dealers and advisers working in crypto.

The division was looking at registrants that offer new practices, “particularly technological and online solutions that service online accounts aimed at meeting the demands of compliance and marketing,” such as “automated investment tools, artificial intelligence, and trading algorithms or platforms.”

Examinations will look at how well registrants meet standards of conduct regarding customer advice and their understanding of the products the registrants offer. The report mentioned older investors and retirement assets specifically. They will also ensure that registrants are complying with the latest guidance. Here, “custody requirements under the Advisers Act” were singled out. The handling of risks associated with using blockchain and distributed ledger technology will also be assessed.

Examinations of transfer agents servicing crypto asset securities issuers or using emerging technologies in their work were mentioned separately.

Interesting to see that the SEC has identified prep for T+1 as an examination priority for brokers in 2024. The list is usually focused on things less plumbing-related, but it shows they're going to be getting the red pens out before May next year. #finreg pic.twitter.com/RsPnL6JZtq
— Virginie O'Shea (@virginieoshea) October 16, 2023

The Division of Examinations has published examination updates before, but this is the first time one has appeared at the beginning of the new fiscal year. Division irector Richard Best said:

“Continuing to make our examination priorities public increases transparency into the examination program and encourages firms to focus their compliance and surveillance efforts on areas of potentially heightened risk to retail investors.”

According to the SEC, examination priorities are determined based on feedback from examination staff in the previous year, as well as from investors, industry groups and similar sources.

Magazine: Crypto Wendy on trashing the SEC, sexism, and how underdogs can win: Hall of Flame

Immunefi launches on-chain bug bounties through ‘Vaults’ system

September 26, 2023 Coin Telegraph

black hat

The Web3 security platform now allows projects to deposit bounty funds to a Safe smart contract, proving the funds are available.

Blockchain security platform Immunefi has launched an on-chain system for bug bounties, according to a Sept. 26 announcement. The new system, called “Vaults,” allows Web3 developers to escrow funds in an on-chain address and use them to pay out bug bounties to white hat hackers.

Immunefi believes the new system will help projects “demonstrate to whitehats [...] that they have allocated sufficient funds to pay bounties,” which it hopes will result in “more top-tier bug reports” being submitted.

*List of Immunefi bug bounties. Source: Immunefi*

Software developers often offer rewards, called “bug bounties,” to hackers who discover exploits or other bugs in their software. This sometimes allows vulnerabilities to be found before bad actors can exploit them. Hackers who submit bug reports for rewards instead of taking advantage of an exploit are called “white hat” hackers, while “black hat” hackers use their knowledge for malicious purposes.

According to the announcement, the new Immunefi system allows projects to deposit their bug bounty funds to a Safe multisig smart contract (formerly called a “Gnosis Safe”). This provides white hats with on-chain proof that the funds are available. Once a bug is submitted and a project has confirmed it’s genuine, the project can release the funds to the bug reporter’s wallet.

During Vault’s launch, Ethereum infrastructure provider SSV posted a $1 million deposit to help pay bug bounties for its software. Decentralized exchange Ref Finance, which is on the Near network, also uses the new system. SSV DAO contributor Eridian claimed that on-chain bug bounties will help provide better security for the DAO’s validator services, stating:

“The Vaults System will help us provide added reassurance for any researcher engaging with our bounty program, and in turn help secure the protocol even further. A good win-win. Building further trust with the community by showcasing dedicated funding, and streamlining the payment process, will ultimately strengthen our security efforts.”

In December 2022, Immunefi reported that it had facilitated $66 million in bug bounty payouts since the platform’s inception. LayerZero released a $15 million bug bounty through Immunefi on May 17.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Security platforms warn about hidden phishing and wallet drainer links

September 8, 2023 Coin Telegraph

Coin Telegraph

Cybersecurity professional Christian Seifert gave an example on how Discord's measure against malicious links can be abused by scammers.

With millions of dollars worth of assets being lost to phishing attacks after signing malicious permissions, the threat of losing crypto assets from questionable links is very real. When these are paired with platforms allowing hidden links, users are subjected to a different kind of risk.

On Sept. 4, Web3 security provider Pocket Universe shared how scammers are able to hide wallet drainer links on any text on the instant messaging platform Discord. While some users report that the feature has only been enabled for Discord users recently, the ability to embed links on any text has been available on many different social platforms for a while now.

Scammers can now hide links in any discord text ☠️

Watch out for hidden wallet drainer links
e.g. pic.twitter.com/mgqG18sOF9
— Pocket Universe (@PocketUniverseZ) September 4, 2023

Cointelegraph reached out to several cybersecurity professionals to learn more about how users can protect themselves from such attempts and how platforms can improve their security so that users are not subjected to such attacks.

Christian Seifert, who works as a Researcher in Residence at Web3 security firm Forta Network, said that this type of attack has been the bread and butter of hackers since the internet was created. He explained that:

“Whatever a platform creates, there will be a hacker ready to find a way to hack it. Hyperlinks with text are a feature supported as part of HTML and have been a source for phishing attacks since the early days of the internet.”

According to Seifert, security requires an in-depth defense approach. “Both platforms and users need to work towards protecting themselves,” he said. From the user’s side, the security professional highlighted that there are plugins that they can use to protect themselves from such scams.

When it comes to Discord, Seifert pointed out that the platform does provide information on the true destination of the URL after the user clicks on it. However, the platform also allows users to “trust” a domain going forward. This can be abused by scammers according to Seifert. He explained:

“Imagine a domain like foo.bar which the user trusted. A scammer can craft a potentially malicious link that performs some action on this domain, such as an oauth request to the scammer, like foo.bar/oauth/scammer-account.”

The cybersecurity professional said that an issue with the platform’s current implementation is that links and text can be deceptive and misaligned with users’ expectations. “If a text link clearly resembles a domain or URL and it is mismatched to the true destination URL, Discord should disallow such links,” he added.

Meanwhile, Hugh Brooks, the director of security operations at the blockchain security firm CertiK, echoed some of Seifert’s sentiments. According to Brooks, users and platforms have a collective responsibility to watch out for malicious actors. He explained that it’s essential for platforms to continually review and refine their security features and for users to stay vigilant and educated.

For users, Brooks said that they should be proactive and cautious when it comes to links, especially when being asked for signatures and permissions. The executive urged users to verify the authenticity of the site address before giving it access to crypto wallets. Brooks shared:

“A good practice is to cross-check web addresses with recognized phishing warning lists. PhishTank, Google Safe Browsing, and OpenPhish are valuable resources here, along with browser extensions like HTTPS Everywhere and ad blockers like uBlock.”

Brooks explained that these tools can alert users in real time whenever they are about to visit known phishing or malicious websites. “Furthermore, by simply hovering over a URL link, the actual web address will be displayed, allowing users to confirm its legitimacy before engaging further,” he added.

On the platform’s side, the cybersecurity professional said that there are measures that can be implemented such as being able to only receive messages from trusted contacts. Brooks said that a good example of this is Meta’s “Facebook Protect,” which lets users have heightened security features for their accounts.

“As the saying goes, the only constant is change. Platforms owe it to their users and to their continued relevance to make security a priority. This involves not only updating security measures but also fostering a culture of vigilance and awareness among users,” he added.

Magazine: Should crypto projects ever negotiate with hackers? Probably

WinRAR patches zero-day bug that targeted stock and crypto traders

August 25, 2023 Coin Telegraph

Coin Telegraph

According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise.

The developers behind file compression software WinRAR have patched a zero-day vulnerability that allowed hackers to install malware onto unsuspecting victims' computers, enabling them to hack into their crypto and stock trading accounts.

On Aug. 23, Singapore-based cybersecurity firm Group-IB reported a zero-day vulnerability in the processing of the ZIP file format by WinRAR.

The zero-day vulnerability tracked as CVE-2023-38831, was exploited for approximately four months, allowing hackers to install malware when a victim clicked on files in an archive. The malware would then allow hackers to breach online crypto and stock trading accounts, according to the report.

Using the exploit, the threat actors were able to create malicious RAR and ZIP archives that displayed seemingly innocent files such as JPG images or PDF text documents. These weaponized ZIP archives were then distributed on trading forums targeting crypto traders offering strategies such as "best Personal Strategy to trade with Bitcoin."

Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023.

The report confirmed that the malicious archives found their way onto at least eight public trading forums infecting at least 130 devices, however, the victim's financial losses were unknown.

*WinRar exploit infection chain. Source: Group-IB*

On execution, the script launches a self-extracting (SFX) archive that infects the target computer with various malware strains, such as the DarkMe, GuLoader, and Remcos RAT.

These provide the attacker with remote access privileges on the infected computer. DarkMe malware has previously been used in crypto and financially motivated attacks.

The researchers notified RARLABS which patched the zero-day vulnerability in WinRAR version 6.23, released on Aug. 2.

In August, smartphone giant BlackBerry identified several malware families that actively aimed to hijack computers to mine or steal cryptocurrencies.

The same month also revealed a newly discovered remote access tool called HVNC (Hidden Virtual Network Computer) that can enable hackers to compromise Apple operating systems was found on sale on the dark web.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Quantstamp introduces tool to detect protocols’ flash loan attack vulnerability

August 23, 2023 Coin Telegraph

Coin Telegraph

The new service, called Economic Exploit Analysis, uses University of Toronto research and will work on any EVM-compatible blockchain.

Blockchain security provider Quantstamp has launched an automated service to detect flash loan attack vectors in smart contracts. The new service is being called Economic Exploit Analysis and is based on research done at the University of Toronto.

Economic Exploit Analysis will be available to protocols, whether they have been deployed or not. It will enhance Quantstamp’s audits by identifying flash loan attack vulnerabilities in a client’s code. The service will be available on any Ethereum Virtual Machine (EVM)-compatible blockchain and is non-exhaustive — that is, it may not detect all attacks.

In decentralized finance (DeFi), a flash loan is an unsecured loan that has to be taken out and paid back in the same transaction. Flash loans can be used to take advantage of price differences between crypto exchanges (arbitrage), debt refinancing and similar actions. A flash loan attack is the manipulation of DeFi protocols in ways developers did not foresee. Quantstamp explained:

“Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi’s composability means these attack vectors often evade conventional audits.”

The need for greater security in DeFi markets is garnering increasing attention. The problem of flash loan largest attacks, in particular, was brought into focus when Euler Finance was attacked in March. Last year, over $2 billion worth of crypto was stolen in hacks and exploits.

Another day, another speaker for #L2Warsaw - @jgorzny, Head of L2 Scaling at @Quantstamp!

He'll discuss their new rollup security framework and its aim to standardize language for both users & developers.

Title: "Rollup Security Framework"
12:00 PM pic.twitter.com/3rW9UFZZoS
— L2BEAT (@l2beat) August 18, 2023

Coinbase’s new Base layer-2 is also addressing security vulnerabilities. It is developing a monitoring tool that it is calling Pessimism to “provide prompt notification of anomalies in the protocol and network, such as account balance irregularities, contract events, or disparities between L1 and L2 states,” it announced in a recent blog post.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: The trouble with automated market makers

Cybersecurity

Share this video