This post was originally published here by Will Houcheime.
Here are the top cybersecurity stories of recent weeks:
- Apple app developers advised to reveal and remove screen recording code
- 60% of cryptocurrency public hacks claimed by two major hacker groups
- 617 million user accounts placed for sale on dark web
- South Africa’s main electricity provider experiences data leak
- Chinese hacking group exposes Norway’s cloud software provider Visma
Apple app developers advised to reveal and remove screen recording code
According to a report by blockchain analysis firm, Chainalysis, two hacker group are responsible for 60% of public cryptocurrency hacks, equating to about $1 billion of stolen cryptocurrency. Chainalysis reports, “On average, the hacks we traced from the two prominent hacking groups stole $90 million per hack.” The two hacking groups, codenamed Alpha and Beta, have been monitored for years and have been withdrawing the stolen funds tactfully, taking between 40 and 168 days, hiding behind thousands of fraudulent transactions.
The Register, a popular hub for science and tech news, recently reported that a dark web marketplace has sold stolen data from approximately 617 million user accounts. Online services such as the video messaging app ‘Dubsmash’ had 162 million accounts exposed on this marketplace. In addition, the healthapplication ‘MyFitnessPal’ had 151 million breached accounts. The seller has reportedly sold some data for as much as $20,000. Sensitive information sold includes passwords, emails, IP addresses, as well as security questions and their answers.
South Africa’s largest electricity provider experienced a public exposure of customer data after disregarding advice from a researcher who foresaw the possibility of a leak of information. Eksom, the company exposed, is South Africa’s state-owned electricity company that delivers roughly 95% of the country’s electricity as well as about 45% of all electricity consumed by the African continent. Devin Stokes, cybersecurity researcher, was quick to show frustration, targeting the company in a public tweet showing images of exposed customer data. Stokes highlighted the company’s inability to properly prevent and communicate about this highly sensitive security issue.
Norwegian software provider Visma was recently exposed by APT10, a notorious hacking group from China. The software provider currently offers cloud-based software solutions for various European companies. Visma’s security breach occurred in August 2018, as detailed by a pair of US cybersecurity firms. The report claims that the company’s internal network was exposed by stolen credentials to a Citrix remote-access client that Visma employees were using to access proprietary information.