Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.

NSA tool used for hacking in Baltimore ransomware attack






According to the reports of New York Times, An important component of the malware to disrupt U.S cities, paralyzing local governments and residents was developed by the National Security Agency (NSA).

Reportedly, NSA lost the control of the tool in 2017, it was called Eternal Blue.

Eternal Blue has been used around the world including countries like Russia,China,North Korea and it has affected huge numbers of ATMs, hospitals, Airports, shipping operators around the globe.

Recently there was high-profile ransomware attack on Baltimore in which computers were hacked and health alerts, water bills, real estate sales and other public services are disrupted. 

On May 7th, city’s workers computers screens were locked and were displayed a message of ransom demanding $100,000 to free city’s files. 

In the similar manner various U.S cities have been attacked. 

The NSA and FBI declined to comment to the Times, but according to the reports the theft of the EternalBlue was carried out by group, which calls itself the Shadow Brokers.


The group is either made up of disgruntled federal employees or foreign spies.

San Francisco to ban facial recognition







Law makers in San Francisco have voted to ban the use of face recognition technology by city agencies, including the police department while provoking worries over privacy.

The new bill  Stop Secret Surveillance Ordinance, was introduced by San Francisco Supervisor Aaron Peskin. The ordinance states that any plans to buy any kind of new surveillance technology must now be approved by city administrators.

"With this vote, San Francisco has declared that face surveillance technology is incompatible with a healthy democracy and that residents deserve a voice in decisions about high-tech surveillance," said Matt Cagle from the American Civil Liberties Union in Northern California.

"We applaud the city for listening to the community, and leading the way forward with this crucial legislation. Other cities should take note and set up similar safeguards to protect people's safety and civil rights."

Face recognition technology uses an algorithm that scans a person’s face and then matches it with pre saved database. This technology is now commonly used by smartphones, laptops, and other digital device companies. 

San Francisco is the first US city to ban the face recognition.  


New MegaCortex ransomware targeting corporate networks

A new strain of ransomware called MegaCortex has been found targeting attacks against entities in the US, Canada, France, Netherlands, Ireland, and Italy. The ransomware uses both automated as well as manual components in an effort to infect as many victims as possible. It uses a complicated chain of events with some infections beginning with stolen credentials for domain controllers inside target networks.

The ransomware was reported by UK cyber-security firm Sophos after it detected a spike in ransomware attacks at the end of last week.

According to security researchers at Sophos, the cybercriminals operating the ransomware appear to be fans of the movie Matrix, as the ransom note “reads like it was written in the voice and cadence of Lawrence Fishburne’s character, Morpheus.”

The ransomware first began popping up in January. The ransomware has a few interesting attributes, including its use of a signed executable as part of the payload, and an offer of security consulting services from the malware author. Researchers said the ransomware often is present on networks that already are infected with the Emotet and Qakbot malware, but are not sure whether those tools are part of the delivery chain for MegaCortex.

Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions --in a tactic that is known as "big-game hunting."

“The malware also employs the use of a long batch file to terminate running programs and kill a large number of services, many of which appear to be related to security or protection, which is becoming a common theme among current-generation ransomware families,” Sophos researcher Andrew Brandt said in a report.

Ransomware, for the most part, targets individuals rather than enterprise networks. That has mainly to do with individuals being relatively easier targets than corporate machines, but some attackers have begun to move up the food chain. Corporate ransomware infections can be much more profitable and efficient, with larger payouts for criminals who can compromise an organization rather than dozens or hundreds of individual victims. MegaCortex seems to be part of that trend, targeting enterprises with a mix of techniques.

Indian Pleads Guilty To Destroying University Computers via USB Killer Drive



An Indian national in the US 'pleaded guilty' for this week to pulverizing 59 computers at the College of St. Rose, in New York, through a weaponized USB thumb drive named "USB Killer" that he bought on the web.

The gadget empowered the 27-year old Vishwanath Akuthota to effectively damage gear and equipment worth $51,109, roughly accounting for Rs. 35, 46,700 alongside $7,362 approximately Rs. 5, 10,900 in employee time for exploring and supplanting pulverized hardware.

The incident occurred on February 14, as indicated by court documents acquired by ZDNet, and the suspect recorded himself while pulverizing some of the computers. In the recording, the he was seen saying, "I'm going to kill this guy,", and once he was finished with the procedure, he was seen saying things like, "it's dead" and "it's gone. Boom."


The explanation behind the crime anyway isn't known as of yet.

Surprisingly the weaponized thumb drive known as USB Killer is effectively accessible on the web and he had bought it from a rather well-known online store that sells these kinds of gadgets.

USB Killer devices work by quickly charging thumb drive capacitors from the USB control supply, and after that releasing the electrical current again into the USB slot - all in mere seconds- - successfully frying the computer to which the USB Killer device is connected to.

Akuthota was arrested on February 22 and will be condemned not long from now, on August 12. He faces up to ten years in prison, a fine of up to $250,000, and a term of post-imprisonment supervised release of up to 3 years.


Espionage Group Aka Apt33 Targeting Various Organization in Saudi Arabia and US by Deploying A Variety of Malware In Their Network




An unceasing surveillance group otherwise known as APT33 group (Elfin) known for explicitly targeting on corporate networks has now set its sights by focusing on various organizations in Saudi Arabia and US by sending an assortment of malware in their system.

The hacker group which has reportedly compromised around 50 organizations in various countries since 2015, so far its attackers have bargained a wide range of targets including, governments alongside associations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.

The cybercriminals scan the defenseless sites of a particular target and later use it for either command and control server or malware attacks if the site will be undermined effectively.

In spite of the fact that the gathering fundamentally focused on Saudi Arabia, with the 42% of attacks since 2016 and it’s compromised 18 organizations in the U.S alone in the course of recent years.

 In any case, for this situation, Elfin focused on organization including engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors in the U.S alone.





Amid the attack, Elfin is said to have used an assortment of open source hacking instruments, custom malware, and commodity malware to compromise the diverse targets.

Elfin Adept utilizes various openly accessible hacking instruments, including:
  • LaZagne (SecurityRisk.LaZagne): A login/password retrieval tool
  • Mimikatz (Hacktool.Mimikatz): Tool designed to steal credentials
  • Gpppassword: Tool used to obtain and decrypt Group Policy Preferences (GPP) passwords
  • SniffPass (SniffPass): Tool designed to steal passwords by sniffing network traffic


Additionally, numerous commodity malware tools were utilized for these attacks and the malware accessible for purchase on the digital underground including:
  • DarkComet (Backdoor.Breut)
  • Quasar RAT (Trojan.Quasar)
  • NanoCore (Trojan.Nancrat)
  • Pupy RAT (Backdoor.Patpoopy)
  • NetWeird (Trojan.Netweird.B)

Other than these, the custom malware family incorporates Notestuk (Backdoor.Notestuk), a malware in order to access the backdoor and assembling the data, Stonedrill (Trojan.Stonedrill), a custom malware equipped for opening a secondary passage on an infected PC and downloading the additional records.


New security flaws in 4G and 5G




Security researchers have found three new security flaws in 4G and 5G, which could be exploited to intercept the phone calls and track the location of a cell phone.

Discovery of the flaws is said to be a huge set back for both 4G and the new 5G technology, which is much more faster, and has better security, it is particularly against the enforcement law of cell site simulators, known as “stingrays.”

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, said in an Email interview with TechCrunch.

The team includes Syed Rafiul Hussain, Ninghui Li and Elisa Bertino from the Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa. They have revealed their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

The paper includes details of the attacks that could be implemented.  The first is "Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and canceled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and injector deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether," reported by TechCrunch.

According to security experts, most of the operators in the US including AT&T, Verizon, Sprint and T-Mobile are affected by Torpedo, and the attacks can be carried out with radio equipment costing as little as $200.