US Takes Action Against “Criminal Exchange” Bitzlato, Arrests Founder
Read also: NortonLifeLock hit with a credential-stealing attack, Mailchimp hacked twice in less than a year, and more.
Thursday, January 19, 2023
Bitzlato founder charged for helping criminals launder illicit funds
US Department of Justice announced a major international law enforcement action against Hong Kong-based crypto exchange Bitzlato accused of laundering $700 million worth of illicit funds, including ransomware payments. Bitzlato’s founder, 40-year-old Russian national Anatoly Legkodymov, was apprehended and charged for money laundering.
Bitzlato touted itself as a no-questions-asked cryptocurrency exchange, essentially becoming a safe haven for cybercriminals. The exchange was allegedly used to facilitate purchases on Hydra Market, one of the oldest and largest Dark Web marketplaces shut down by law enforcement authorities last April. According to the DoJ, Bitzlato also received more than $15 million in ransomware proceeds.
NortonLifeLock customer accounts breached via a credential-stuffing attack
Gen Digital, formerly Symantec Corporation and NortonLifeLock has warned its clients about a security incident where hackers tried to hijack Norton accounts, and possibly password managers, using stolen credentials bought on the Dark Web.
The company said that the breach was spotted on December 12 when its intrusion detection systems detected “an unusually high number of failed logins” on Norton accounts. An investigation showed that attacks began on December 1, and that a number of accounts were breached. The exposed customer information may include first name, last name, phone number, and mailing address. The incident appears to have impacted about 6,450 customers. According to Norton, its systems were not breached.
CircleCI said the recent data breach was caused by malware on employee laptop
Software company CircleCI shared new details on a data breach disclosed in early January. According to the company’s incident report, the attacker broke into its network through an engineer’s laptop infected with an info-stealing malware used to steal a valid, 2FA-backed SSO session. This malware was not detected by CircleCI antivirus software.
Because the targeted employee had privileges to generate production access tokens, the intruder was able to potentially access and steal data from a subset of databases and stores, including customer environment variables, tokens, and keys.
Following the hack the firm restricted production environment access to a small number of employees and implemented additional security measures.
2022 saw a 62% decrease in stolen payments cards
Roughly 60 million compromised payment card records were posted for sale on Dark Web marketplaces in 2022, which is, actually, a significantly lower number compared to almost 100 million in 2021.
In total, 2022 saw 45.6 million card-not-present (CNP) and 13.8 million card-present (CP) payment card records posted for sale on the Dark Web.
Researchers attributed the double digit decrease to two factors: Russia’s full-scale invasion of Ukraine, and Russia’s cybercrime crackdown, including arrests of suspected members of the REvil ransomware group, and shutdown of several top-tier carding marketplaces, such as Trump’s Dumps, UAS Store, Ferum Shop, and Sky-Fraud.
Newsletter service Mailchimp hacked twice in less than a year
Intuit-owned email marketing and newsletter service Mailchimp said it was hit with a social engineering attack where a threat actor gained access to Mailchimp’s internal tools for customer support and account administration and used compromised employee credentials to access select Mailchimp accounts.
Interestingly, in March 2022, Mailchimp suffered an almost identical attack.
The company said that 133 Mailchimp accounts have been affected in the recent breach, and there is no evidence the incident impacted Intuit systems or customer data beyond these Mailchimp accounts.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
