Security News

Hydra criminal forum seized and shuttered

Plus, hackers target NFT Discord channels and developers weigh in on the metaverse.

Germany’s Federal Criminal Police Office and Central Office for Combating Cybercrime announced this week that they confiscated the Hydra server infrastructure after extensive investigations into the cybercrime forum since August 2021. The site, which could only be accessed on the Tor network, was a marketplace of criminal activities, including cryptocurrency laundering, narcotics sales, and fake documents. Now, visitors to the site only see the seals of several law enforcement agencies and a notice that the platform has been seized. 

“It’s fantastic news,” exclaimed Avast Security Evangelist Luis Corrons, “and this could just be the beginning, as after seizing those servers, law enforcement will analyze them and may be able to track down the actual criminals doing business there. Sadly, it seems a good number of them were Russian in origin, and Russian authorities are not exactly known for their cooperation in stopping cybercrime.” In addition to confiscating the servers, authorities seized 543 bitcoins (equal to about $25 million). U.S. authorities such as the Drug Enforcement Administration and FBI were also involved in the investigations. For more on this story, see Ars Technica

Hackers target NFT Discord channels

NFT generators Bored Ape Yacht Club (BAYC), Nyoki, Shamanz, Doodles, and Kaiju Kingz all confirmed that their Discord channels were hacked last week. Hackers assumed control of the channels’ bots and employed phishing tactics to trick users out of cryptocurrency. The hacked bots presented a malicious link, encouraging users to click in order to mint a (fake) NFT in exchange for Ethereum. In some instances, users were tricked into submitting NFTs that the bot claimed it would wrap into a token. The hacks were quickly detected and brought under control, but not before some Ethereum and NFTs were stolen. Wallet addresses connected to the hack were seen to contain over $11 million in cryptocurrency. See VICE for more on this story.

Metaverse’s biggest hurdles are data privacy and security

In a poll of 300 U.S.-based developers, most agreed that data privacy and security constitute the biggest hurdles the metaverse needs to overcome as it evolves into the platform of the future. The poll was conducted by Live Streaming software company Agora. Developers were asked if they thought the metaverse would replace real-life, in-person social interactions and experiences within the next five years, and 55% said it was likely. When asked which industry will benefit most or experience the greatest positive impact from the metaverse, the developers put gaming and entertainment at the top. They were also asked a series of questions on the projected use of cryptocurrency in the metaverse. Read the full report to see all the results.  

NSW to begin digital identity verification

New South Wales in Australia is preparing to launch digital identity verification for citizens who use government services. The tech is expected to be embedded in the Service NSW app, which will work by matching a photo the user takes of themselves with a stored photo. Once the images are successfully matched, the selfie and verification data would be destroyed. Service NSW CEO Damon Rees commented, “This will provide customers with greater accessibility to government services, especially customers with a disability, time poor customers, and those in rural or regional areas.” Read more at ZDNet

CashApp data breach caused by ex-employee

Financial services and stock trading platform CashApp filed a report with the U.S. Securities and Exchange Commission this week claiming that a data breach in December was caused by a former employee. The stolen data included brokerage account numbers, full names, brokerage portfolio values, and brokerage portfolio holdings for one trading day. CashApp reported that the ex-employee accessed the data after having been fired, but the company did not explain why it did not revoke access to the sensitive information as soon as the employee was let go. For more on this, see Security Week.

This week’s must-read on the Avast blog 

We’ve enhanced our all-in-one service, Avast One, by introducing brand new features designed to protect you from online scams, fraud, and other personal privacy threats. Read up to find out more about Avast One's newest additions.