Search This Blog

Showing posts with label Tokens. Show all posts

RBI Employs Tokenization to Combat Breaches

 

The RBI, the central bank of India, is now prepared to impose card tokenization in India after permitting customers to link credit cards with UPI. In the midst of all of this, many users are perplexed as to what card tokenization actually is and why applications and websites advise users to safeguard their credit and debit cards following the RBI's new rules.
 
What is tokenization? 

Tokenization is the process of replacing actual card information with a special alternate code called a 'token,' which must be different for each card, token requester, and device, i.e. the organization that accepts customer requests for card tokenization and forwards them to the card network to produce a corresponding token.

Researchers are still quite aware of the data exposures from MobiKwik and Domino's India. As users can see, the data becomes vulnerable to data breaches and leaks if you store your private card information on the cloud servers of numerous such online apps and websites.

Although some websites might have the highest levels of security in place to protect user credit card information, others may not be adhering to international security requirements. Having credit card information being dispersed over several servers with varying levels of security gives hackers more access points. The RBI now wants to alter the current state of digital payments and standardize 'tokenization' to increase the security of all online card transactions.

In September 2021, the RBI ordered that card-on-file (CoF) tokenization be used instead of retailers holding client card information on their systems beginning January 1, 2022. In addition, businesses such as apps, websites, payment processors like RazorPay, or banks will no longer be responsible for safeguarding your card information. Tokenization is a technique the RBI developed to protect domestic card transactions by employing random strings of tokens rather than disclosing the user's personal card information.

Since the regulation on tokenization was published, according to Deputy Governor Sankar, the central bank has been in close contact with all stakeholders to guarantee a smooth transition to the tokenization policy.

How does tokenization work? 

The process of tokenizing cards is straightforward. When a card is chosen to be tokenized, the card network such as Visa, MasterCard, etc. issues the token with the bank's approval and gives it to the retailer. For example, when you save an SBI Visa debit card on Paytm by RBI's requirements, Visa will create the token with SBI's permission and share it with Paytm.

If you decide to save the identical credit or debit card on some other app, let's say Amazon, a new token will be issued and shared with Amazon. The token will vary based on the merchant and device, even if it's the same card. From a security standpoint, it implies the tokens are unique and discrete, which is beneficial.

Potential effects of tokenization

The RBI was forced to develop card tokenization as a result of the constant data leaks, thefts, and breaches that occur in the digital age. Not to add that the various security standards used by apps, websites, payment processors, and other middlemen compromise users' online security.

Tokenization has very little of an effect on the customer. Customers simply need to submit their card information once to receive a token. The process of tokenization will then be initiated by the merchant at no further cost or customer effort.

According to experts, there are no drawbacks to card tokenization from the perspective of the end-user. The RBI standards must be implemented by merchants and payment systems, but aside from that, consumers benefit.

Telegram is Selling the Eternity Malware Kit, Which Offers Malicious Services 

 

Cybercriminals have recently used Telegram to offer malware and other dangerous tools as services. Researchers have discovered a deadly new malware subscription plan which can be used to facilitate a wide range of attacks. 

The "Eternity Project," a modular malware kit, has capabilities that allow buyers to steal passwords and credit card information, launch ransomware attacks and infiltrate victims with cryptomining software. Each component of the malware toolkit, such as an information stealer, a coin miner, a clipper, ransomware software, a worm spreader, and, finally, a DDoS (distributed denial of service) bot, can be purchased separately. 

The creators share the latest update, usage instructions, and debate feature proposals on a private Telegram channel with over 500 members. Buyers can apparently use the Telegram Bot to assemble the binary automatically after choosing its desired feature set and paying the equivalent amount in cryptocurrency. The malware module is the most premium at $490 per year. The info-stealer, which costs $260 per year, steals passwords, credit cards, bookmarks, tokens, cookies, and autofill data from over twenty different web browsers. 

The malware's versatility is also highlighted through a deep-dive investigation of the infostealer module. Researchers claim that this single tool may gather data from a wide range of apps, including web browsers and cryptocurrency wallets, as well as VPN clients, messaging apps, and more. 

The miner module is $90 a year and includes features such as task manager invisibility, auto-restart once killed, and startup launch persistence. The clipper is a $110 application that scans the clipboard for cryptocurrency wallet credentials and replaces them with wallets controlled by the user. The Eternity Worm is available for $390 from the developer, and it can propagate itself using USB drivers, lan shares, local files, cloud drives, Python projects, Discord accounts, and Telegram accounts.

The authors say it's FUD (completely undetectable), a claim supported by Virus Total data showing zero detections for the strain. Surprisingly, the ransomware module provides an option of setting a timer that, when reached, renders the files entirely unrecoverable. This adds to the victim's pressure to pay the ransom as soon as possible. 

Despite the wide range of hazards posed by Eternity Project malware, Cyble says there are a few precautions consumers can take. Maintaining regular data backups, keeping software up to date, and avoiding visiting untrustworthy websites and email attachments are recommended best practices.

Hackers Drained $120m From Badger Defi and $30m From MonoX

 

Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors. 

The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th. 

As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings. 

As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses. 

The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.” 

On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met. 

It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported. 

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.

Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle. 

1. – 5.7M MATIC ($10.5M) 
2. – 3.9k WETH ($18.2M) 
3. – 36.1 WBTC ($2M) 
4. – 1.2k LINK ($31k) 
5. – 3.1k GHST ($9.1k) 
6. – 5.1M DUCK ($257k) 
7. – 4.1k MIM ($4.1k) 
8. – 274 IMX ($2k)

Cryptocurrency Exchange Bilaxy Under Attack, Hacker Stole ERC20 Wallet Tokens

 

On Sunday 29th of August, the Hong Kong-based cryptocurrency exchange Bilaxy was the subject of a breach that infiltrated a hot wallet on its system, resulting in the transaction of 295 ERC-20 tokens valued over $21 million to a single wallet. Bilaxy was founded in 2018 and is licensed in the Republic of Seychelles. 

According to Investing.com, the Bilaxy hack is indeed the 20th DeFi incident that took place this month. Bilaxy confirmed this incident via its Telegram channel articulating that the cryptocurrency exchange was hacked on Saturday between 6 and 7 p.m. UTC, leading to the transfer of 295 distinct ERC-20 tokens. 

The message reads as, "Dear Users, Sorry for the waiting. We just completed a series of emergency work to avoid further loss and would like to update you as below at our first available time. Bilaxy ERC20 hot wallet (0xCCE8D59AFFdd93be338FC77FA0A298C2CB65Da59) suffered a serious hack between 18:00 and 19:00, Aug.28(UTC), about 295 ERC20 tokens were hacked and transferred by the hacker.” 

HOGE, one of the many tokens offered on Bilaxy, tweeted that the attacker had moved all of its cryptocurrencies on Bilaxy to that wallet, making the cost of HOGE decrease by 35%. Bilaxy later placed all non-stolen tokens to a so-called cold wallet, ensuring that they could not be hacked, then shut down the server under the name of system maintenance. 

Bilaxy has halted transactions on its site, and customers have already been advised to not put tokens for trade into the exchange for the time being. The site will be offline for at least 2 weeks as it analyzes the hack and renovates the system architecture, whereas a professional team examines and attempts to retrieve the stolen ERC-20 tokens. 

The dollar worth of the funds acquired by the hacker has not been disclosed by Bilaxy. However, according to unsubstantiated allegations, the exchange may have lost up to $450 million. 

Hoge Finance also updates that, the attack included a hack and the transfer of approximately 300 cryptocurrencies, notably Tether (USDT), USD Coin (USDC), Uniswap (UNI), and many others. Hoge Finance stated that virtually all of Bilaxy's 1 billion HOGE tokens ($141,000) have been transferred to some other wallet out of an estimated total of $22 million taken from the platform. 

The announcement for the hack comes as the Liquid exchange tries to recover from a nearly $100 million breach that occurred in mid-August. Liquid restored withdrawals and deposits for many tokens on Sunday, including ERC-20 and Stellar-based USDC, Dai, and GYEN.

Inadvertently Exposed Secrets and Tokens are promptly Scanned by GitHub

 

GitHub recently updated its insights to include repositories that contain registry secrets for PyPI and RubyGems. This approach protects millions of Ruby and Python programmers' who can unintentionally commit secrets and credentials to their GitHub repository. 

GitHub, Inc. is a software development and version control Internet hosting service utilizing Git. It provides Git's distributed version control, source code management as well as its features. GitHub provides users with Advanced Security licenses with security features available. These functionalities are also available for public repositories on GitHb.com. 

It was recently reported by GitHub that repositories that expose PyPI and RubyGems secrets, such as passwords and API tokens are now routinely scanned. 

To take advantage of this functionality, developers must make sure that GitHub Advanced Security is activated for their repository that is the default situation for public repositories. 

"For public repositories on GitHub.com, these features are permanently on and can only be disabled if you change the visibility of the project so that the code is no longer public," states GitHub. 

Secrets or tokens are strings that one can validate themselves when using a service, comparable to a username and a password. 

Third-party API applications often utilize private secrets in their code to access API services. As being such, one should be careful not to expose secrets, since this can lead to far more attacks in the broader supply chain. 

GitHub might inspect, among other things, for the secrets of the mistakenly committed npm, NuGet, and Clojars. 

As observed the list of GitHub Advanced Security currently supports more than 70 distinct kinds of secrets which are comprehensive. 

The advisory further read, “For other repositories, once you have a license for your enterprise account, you can enable and disable these features at the organization or repository level. For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository." If you have an enterprise account, license use for the entire enterprise is shown on your enterprise license page. For more information, see "Viewing your GitHub Advanced Security usage”."

GitHub tells the administrator when it spots a password, an API token, private SSH keys, or any other secrets that have been disclosed in public repositories. For instance, recently introduced PyPI and RubyGems, the registry maintainers would then remove the disclosed authorization and email the developer as to why. 

"If we find one, we notify the registry, and they automatically revoke any compromised secrets and notify their owner," explains GitHub software engineer Annie Gesellchen in a blog post. The benefit of GitHub's RubyGems and PyPI cooperation is that it revokes disclosed secrets automatically in seconds instead of waiting for the developer to take manual action. 

Automated secrecy scanning takes the user one inch ahead to protecting the developer's infrastructure from inadvertent leakage and increasing security in the supply chain.