Total Tests:

US Takes Action Against “Criminal Exchange” Bitzlato, Arrests Founder

Thursday, January 19, 2023 By Read Time: 2 min.

Read also: NortonLifeLock hit with a credential-stealing attack, Mailchimp hacked twice in less than a year, and more.


US Takes Action Against “Criminal Exchange” Bitzlato, Arrests Founder

Bitzlato founder charged for helping criminals launder illicit funds

US Department of Justice announced a major international law enforcement action against Hong Kong-based crypto exchange Bitzlato accused of laundering $700 million worth of illicit funds, including ransomware payments. Bitzlato’s founder, 40-year-old Russian national Anatoly Legkodymov, was apprehended and charged for money laundering.

Bitzlato touted itself as a no-questions-asked cryptocurrency exchange, essentially becoming a safe haven for cybercriminals. The exchange was allegedly used to facilitate purchases on Hydra Market, one of the oldest and largest Dark Web marketplaces shut down by law enforcement authorities last April. According to the DoJ, Bitzlato also received more than $15 million in ransomware proceeds.

NortonLifeLock customer accounts breached via a credential-stuffing attack

Gen Digital, formerly Symantec Corporation and NortonLifeLock has warned its clients about a security incident where hackers tried to hijack Norton accounts, and possibly password managers, using stolen credentials bought on the Dark Web.

The company said that the breach was spotted on December 12 when its intrusion detection systems detected “an unusually high number of failed logins” on Norton accounts. An investigation showed that attacks began on December 1, and that a number of accounts were breached. The exposed customer information may include first name, last name, phone number, and mailing address. The incident appears to have impacted about 6,450 customers. According to Norton, its systems were not breached.

CircleCI said the recent data breach was caused by malware on employee laptop

Software company CircleCI shared new details on a data breach disclosed in early January. According to the company’s incident report, the attacker broke into its network through an engineer’s laptop infected with an info-stealing malware used to steal a valid, 2FA-backed SSO session. This malware was not detected by CircleCI antivirus software.

Because the targeted employee had privileges to generate production access tokens, the intruder was able to potentially access and steal data from a subset of databases and stores, including customer environment variables, tokens, and keys.

Following the hack the firm restricted production environment access to a small number of employees and implemented additional security measures.

2022 saw a 62% decrease in stolen payments cards

Roughly 60 million compromised payment card records were posted for sale on Dark Web marketplaces in 2022, which is, actually, a significantly lower number compared to almost 100 million in 2021.

In total, 2022 saw 45.6 million card-not-present (CNP) and 13.8 million card-present (CP) payment card records posted for sale on the Dark Web.

Researchers attributed the double digit decrease to two factors: Russia’s full-scale invasion of Ukraine, and Russia’s cybercrime crackdown, including arrests of suspected members of the REvil ransomware group, and shutdown of several top-tier carding marketplaces, such as Trump’s Dumps, UAS Store, Ferum Shop, and Sky-Fraud.

Newsletter service Mailchimp hacked twice in less than a year

Intuit-owned email marketing and newsletter service Mailchimp said it was hit with a social engineering attack where a threat actor gained access to Mailchimp’s internal tools for customer support and account administration and used compromised employee credentials to access select Mailchimp accounts.

Interestingly, in March 2022, Mailchimp suffered an almost identical attack.

The company said that 133 Mailchimp accounts have been affected in the recent breach, and there is no evidence the incident impacted Intuit systems or customer data beyond these Mailchimp accounts.


What’s next:


Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential