AWS was hijacked for 2 hours, NIS takes effect in UK, and Webstresser gets busted.
For two hours on Tuesday, the website MyEtherWallet.com, a cryptocurrency wallet where thousands of users store their Ethereum, was leeched of roughly $150,000. Cybercriminals hacked into the site by posing as a legitimate Amazon Web Service (AWS) IP space. AWS hosts the website, and to the casual user, everything looked normal.
When certain users brought up the website in their browser, they were automatically redirected to a malicious dummy version of the wallet. The users would enter their login credentials as usual, completely unaware that they’d just been tricked by a phishing scam. Even more insidious, when browsers that stayed signed in to MyEtherWallet.com brought up the website, those users’ login credentials were automatically sent to the cybercriminals thanks to browser cookies. Experts speculate that the bad actors in this heist were a well-funded, sophisticated group, as the tactics used were incredibly complex and the “dummy” wallet was already stacked with millions in Ethereum.
On May 9th, the Network and Information Systems (NIS) Directive becomes a UK law, requiring over 400 UK businesses to meet a new standard in cybersecurity. The updated regulations are aimed at reinforcing the digital protection of the nation as a whole by bolstering the security of “operators of essential services” (OES) and “competent authorities” (CAs), which include the sectors of health, water, energy, transport, digital infrastructure, and digital service providers.
For certain companies, the costs associated with following the new regulations can be substantial — hundreds of thousands of pounds. There are familiarization costs, compliance costs, reporting costs, not to mention the additional spending on cybersecurity. But perhaps these new standards take effect just in time, as a survey this week revealed that no less than half of all UK business have suffered cyberattacks.
The botnet-for-hire group was busted in an international joint campaign known as Operation Power Off. Webstresser is credited with launching over four million cyberattacks around the world. The wide-range bust was carried out by police in twelve countries, including the UK, the Netherlands, Serbia, Canada, Australia, and China.
Webstresser was infamous for launching cyberattacks on organizations for any client that would pay them as little as $15. Their most common attack was a DDoS attack, in which a botnet overburdens a system with an unending multitude of requests, causing the target to crash. DDoS attacks are not difficult to orchestrate, and we most surely have not seen the end of botnet attacks, but this bust is definitely big news in the cybersecurity world, and a happy victory for the good guys.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.
Avast researchers obtained information that the Ursnif banking Trojan has targeted 100 Italian banks and may have thousands of victims.