Editor's Note: Welcome to this issue of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry.
Forcepoint Security News
Earlier this week, the Justice Department seized more than $3.6 billion in bitcoin that was believed to be stolen as part of the 2016 hack of the cryptocurrency exchange Bitfinex. Authorities arrested a husband and wife in New York for allegedly trying to launder cryptocurrency worth billions. Tech entrepreneur Ilya Lichtenstein and Heather Morgan were both charged with conspiring to launder money. The bitcoin in question was stolen after a hacker breached Bitfinex in 2016. At that time, the bitcoin was worth an estimated $71 million. According to documents, much of the stolen bitcoin was parked temporarily in accounts at AlphaBay, an illicit marketplace shut down by authorities in 2017.
The Federal Bureau of Investigation (FBI) warns that Subscriber Identity Module (SIM) swap attacks are on the rise. SIM jacking is a type of account takeover that allows scammers to take control of victims’ mobile phone numbers. Hackers trick “phone service providers into swapping a target’s phone number to attacker-controlled SIM cards” through social engineering or corrupt employees. Hackers use SIM swapping to steal millions from victims’ fiat and virtual money accounts. The FBI Internet Crime Complaint Center (IC3) notes that in 2021, SIM swapping complaints increased fivefold compared to the previous 3 years, and have cost victims an estimated $68 million.
When it comes to providing context around vulnerabilities, there’s a fine line between not enough and too much information. While that’s a topic of ongoing discussion, there’s some additional scrutiny around Microsoft’s recent February update. It’s a true statement that this recent update that patched 51 flaws did not contain any critical vulnerabilities. But a researcher from Trend Micro’s ZD and other researchers agree vulnerabilities like CVE-2022 21984 are still significant since they involve a flaw in Windows DNS Server. Researchers also agree several Print Spooler vulnerabilities addressed in the February update are noteworthy as well.
Researchers from Symantec found that the Chinese state-sponsored threat group Antlion targeted at least six Taiwanese financial firms over the past 18 months. The cyber-espionage group installed a customized backdoor called xPack on compromised systems to exfiltrate sensitive data from these institutions. The xPack backdoor gave attackers extensive access by issuing Windows Management Instrumentation (WMI) commands remotely. Once inside, Antlion attackers maintained a long-term presence inside the victim institutions’ networks, staying active for up to eight months in some cases.
Researchers from security firm ESET discovered an advanced, full-featured backdoor macOS malware called DazzleSpy that provides an array of advanced capabilities that give attackers the ability to fully monitor and control infected Macs. The malware uses exploits that make it nearly impossible for many users to detect or stop after landing on a malicious site. Researchers agree that DazzleSpy was developed from scratch—most likely a well-funded and state-backed group of hackers. Luckily, Apple has patched the vulnerabilities exploited in this attack.