Cyber Security Headlines: Ukraine takes down bot farm, Solana wallets drained, Semikron cyberattack

Ukraine takes down massive bot farm

The Ukranian cyber police dismantled a botfarm near Kyiv they found to be used to host over 1 million bots. The operators used the bots to discrete information from Ukranian state sources and promote Russian propaganda. Part of the operation used 5,000 SIM cards to register new social media accounts. The operators also used 200 proxy servers to spoof IP addresses for the bots, apparently using custom firmware to remotely manage its legion of fake accounts. Authorities believe the farm’s operator works for Russian special services. 

(Bleeping Computer)

Thousands of Solana wallets drained

Threat actors began conducting an ongoing attack against the popular cryto ecosystem, targeting internet connected wallets. The attackers appear able to steal both Solana’s own cryptocurrency as well as those compatible with its blockchain like the stablecoin USD Coin. Independent analysts estimate losses at at least $8 million, although it’s unclear when this attack could end. Attackers accessed wallets operated by third-parties like Phantom and Slope. Solana devs say this doesn’t appear to be an issue with its core code, and no evidence suggest attacks against hardware wallets. Emerging details on the attack suggest it’s a supply chain attack against iOS and Android apps. 

(The Verge)

Semikron hit by cyberattack

The German manufacturer of semiconductors for electric vehicles and industrial automation systems confirmed the “partial encryption of our IT systems and files”, likely due to ransomware. Semikron, based in Nuremberg, claims to power 35% of wind turbines globally, has not said whether there was a ransom demand or who was behind the attack. Bleeping Computer’s sources say LV ransomware hit the company, and Semikron itself indicated the attackers attempted a double-extortion technique. The company did not disclose direct impacts to customers or employees. With the state of the global semiconductor supply chain, any disruption could carry outsized impact to the EV industry. 


Robinhood fined over regulatory lapses

The trading app’s cryptocurrency division received a $30 million fine from the New York State Department of Financial Services, its first crypto-focused enforcement action. The department found that Robinhood violated the state’s anti-money laundering and cybersecurity regulations, finding it inadequately staffed its money laundering compliance program and still used a manual monitoring system. Robinhood also erroneously claimed it maintained full compliance with New York State law, and failed to meet consumer protection requirements by not operating a separate phone number for consumer complaints. Aside from the fine, Robinhood must retain independent consultants to evaluate it’s steps to remediate these issues. 


Thanks to today’s episode sponsor, HYAS

Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement.

Take your cybersecurity investigations further than you ever thought possible with HYAS Insight.


India withdraws Personal Data Protection Bill

Back in 2019, Indian lawmakers introduced the Personal Data Protection Bill, which sought to provide explicit rights to Indian citizens over use of their data. This included data sovereignty provisions for data deemed “sensitive,” including financial, biometric, and health information. Critics argued the bill provided too large exemptions for government departments and large organizations. Since being introduced, legislators proposed 81 amendments and received 12 recommendations from industry groups. India’s IT Minister Ashwini Vaishnaw said it will present a new bill that better “fits into a comprehensive legal framework.”


UK greenlights Avast acquisition

The country’s Competition and Markets Authority granted provisional authority for NortonLifeLock to acquire its antivirus competitor. The two companies announced plans for the $8.1 billion merger last August. The CMA argued the acquisition would not hurt overall competition in the UK, given the “significant competition” that would remain in the market, including McAfee. The CMA will take responses from third-parties on its provisional approval on the deal until August 24th. It will issue a final report on its decision on September 8th. 


Coding issue impacts credit scores

The Wall Street Journal’s sources say the credit firm Equifax provided inaccurate credit scores on millions of US consumers seeking loans over a three-week period. From mid-March through early-April, a “technology coding issue” caused inaccurate credit scores, although Equifax said it believes this impacted load decisions on “a small number” of applicants. One bank speaking to the Journal said during the period 18% of applicants received incorrect scores, while an auto lender reported 10%. Equifax informed banks of the error in May. THe company said it fixed the issue impacting “legacy applications.” 


Large scale phishing campaign targeting Microsoft enterprise email services

Security researchers at ThreatLabz published a report detailing a large-scale phishing campaign seemingly specifically targeting enterprise end users of Microsoft’s email services. The campaign uses adversary-in-the-middle techniques similar to a campaign Microsoft itself detailed last month. The attackers targeted organizations in the US, UK, New Zealand, and Australia. The attacks appeared more sophisticated than typical phishing, as it could get past two-factor authentication. The attackers also appear to register new phishing domains every day to further evade detection. 

(InfoSecurity Magazine)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.