Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

LLM security
Cyber Security endpoint detection and response Endpoint security Garner LLM security

How are LLMs with Endpoint Data Boost Cybersecurity


The issue of capturing weak signals across endpoints and predicting possible patterns of intrusion attempts is ideally suited for Large Language Models (LLMs). The objective is to mine attack data in order to improve LLMs and models and discover new threat patterns and correlations.

Recently, some of the top endpoint detection and response (EDR) and extended detection and response (XDR) vendors were seen taking on the challenge. 

Palo Alto Network’s chairman and CEO Nikesh Arora says, “We collect the most amount of endpoint data in the industry from our XDR. We collect almost 200 megabytes per endpoint, which is, in many cases, 10 to 20 times more than most of the industry participants. Why do you do that? Because we take that raw data and cross-correlate or enhance most of our firewalls, we apply attack surface management with applied automation using XDR.” 

Co-founder and CEO of Crowdstrike, George Kurtz stated at the company’s annual Fal.Con event last year, “One of the areas that we’ve really pioneered is that we can take weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains and come up with a novel detection.” 

It has been demonstrated that XDR can produce better signals with fewer noise. Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro, and VMware being some of the top providers of XDR platforms.

Why LLMs are the new key element of Endpoint Security?

Endpoint security will evolve with the inclusion of telemetry and human-annotated data by enhancing LLMs. 

As per the authors of Gartner’s latest Hype Cycle for Endpoint Security, endpoint security technologies concentrate on faster, automated detection and prevention as well as remediation of attacks, to power integrated, extended detection and response (XDR), which correlates data points and telemetry from endpoint, network, emails, and identity solutions.

Compared to the larger information security and risk management market, spending on EDR and XDR is expanding more quickly. As a result, there is more intense competition across EDR and XDR providers.

According to Gartner, the market for endpoint security platforms will expand at a compound annual growth rate (CAGR) of 16.8% from its current $14.45 billion to $26.95 billion in 2027. With an 11% compound annual growth rate, the global market for information security and risk management is expected to reach $287 billion by 2027 from $164 billion in 2022.  

Read more »
Tech Data
App Installer Disablement malware Microsoft MSIX Protocol Tech Tech Data

Microsoft Implements Disablement of Widely Exploited MSIX App Installer Protocol Due to Malware Attacks

 

On Thursday, Microsoft announced the reactivation of the ms-appinstaller protocol handler, reverting it to its default state due to widespread exploitation by various threat actors for malware dissemination. The Microsoft Threat Intelligence team reported that the misuse of the current implementation of the ms-appinstaller protocol handler has become a common method for threat actors to introduce malware, potentially leading to the distribution of ransomware.

The team highlighted the emergence of cybercriminals offering a malware kit as a service, utilizing the MSIX file format and ms-appinstaller protocol handler. These alterations are now in effect starting from App Installer version 1.21.3421.0 or newer.

The attacks are manifested through signed malicious MSIX application packages, circulated through platforms such as Microsoft Teams or deceptive advertisements appearing on popular search engines like Google. Since mid-November 2023, at least four financially motivated hacking groups have exploited the App Installer service, utilizing it as an entry point for subsequent human-operated ransomware activities.

The identified groups involved in these activities include Storm-0569, employing BATLOADER through SEO poisoning with sites mimicking Zoom, Tableau, TeamViewer, and AnyDesk, ultimately leading to Black Basta ransomware deployment. Storm-1113 serves as an initial access broker distributing EugenLoader disguised as Zoom, facilitating the delivery of various stealer malware and remote access trojans. Sangria Tempest (also known as Carbon Spider and FIN7) utilizes EugenLoader from Storm-1113 to drop Carbanak, delivering an implant named Gracewire. 

Alternatively, the group relies on Google ads to entice users into downloading malicious MSIX application packages from deceptive landing pages, distributing POWERTRASH, which is then utilized to load NetSupport RAT and Gracewire. Storm-1674, another initial access broker, sends seemingly harmless landing pages masquerading as Microsoft OneDrive and SharePoint through Teams messages using the TeamsPhisher tool, leading recipients to download a malicious MSIX installer containing SectopRAT or DarkGate payloads.

Microsoft characterized Storm-1113 as an entity involved in "as-a-service," providing malicious installers and landing page frameworks imitating well-known software to other threat actors like Sangria Tempest and Storm-1674. In October 2023, Elastic Security Labs detailed a separate campaign involving counterfeit MSIX Windows app package files for popular applications like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex, used to distribute a malware loader called GHOSTPULSE.

This marks a recurrence of Microsoft taking action to disable the MSIX ms-appinstaller protocol handler in Windows. A similar step was taken in February 2022 to thwart threat actors from exploiting it to deliver Emotet, TrickBot, and Bazaloader. Microsoft emphasized that threat actors likely choose the ms-appinstaller protocol handler vector due to its ability to bypass safety mechanisms such as Microsoft Defender SmartScreen and built-in browser warnings designed to protect users from malicious content.
Read more »
User Priavcy
Australian Data Breach Digital Age FBI Malicious actor Online Library Sensitive data User Priavcy

Cybersecurity Breach Shakes Sydney's Woollahra Council Libraries

Sydney's Woollahra Council Libraries were the target of a cyberattack that sent shockwaves across the community, demonstrating how susceptible information is in the digital age. Concerns regarding protecting personal data and the possible repercussions of such breaches have been raised in response to the occurrence, which was covered by several news sources.

The attack, which targeted libraries in Double Bay, Paddington, and Watsons Bay, has left thousands affected, with the possibility of personal information being stolen. The breach has underscored the importance of robust cybersecurity measures, especially for institutions that store sensitive data.

Woollahra Council has not disclosed the nature of the information compromised, but the potential risks to affected individuals are substantial. Cybersecurity experts are emphasizing the need for swift and comprehensive responses to mitigate the fallout from such breaches. As investigations unfold, users are advised to remain vigilant and monitor their accounts for suspicious activity.

This incident is a stark reminder that cybersecurity is an ongoing challenge for organizations across the globe. As technology advances, so do the methods employed by malicious actors seeking to exploit vulnerabilities. In the words of cybersecurity expert Bruce Schneier, "The user's going to pick dancing pigs over security every time." This emphasizes the delicate balance between user experience and safeguarding sensitive information.

The attack on Woollahra Council Libraries adds to the growing list of cyber threats institutions worldwide face. It joins a series of high-profile incidents that have targeted government agencies, businesses, and educational institutions. The consequences of such breaches extend beyond the immediate loss of data; they erode public trust and raise questions about the effectiveness of existing cybersecurity protocols.

In response to the incident, the Woollahra Council has assured the public that it is working diligently to address the issue and enhance its cybersecurity infrastructure. This event serves as a call to action for organizations to prioritize cybersecurity measures, invest in cutting-edge technologies, and educate users on best practices for online security.

The Sydney incident serves as a timely warning for people and businesses to stay vigilant in the face of emerging cyber dangers, even as the investigation is ongoing. Former FBI director Robert Mueller once said, "There are only two types of companies: those that have been hacked and those that will be hacked." Proactive steps are essential to reduce the effects of these breaches and safeguard everyone's access to the digital world.
Read more »
Technology
AI Chatbot Open AI Prompt Engineering Technology

OpenAI Employee Claims Prompt Engineering is Not the Skill of the Future

 

If you're a prompt engineer — a master at coaxing AI models behind products like ChatGPT to produce the best results — you could earn well over six figures. However, an OpenAI employee claims that the talent is not as groundbreaking as it claims. 

"Hot take: Many believe prompt engineering is a skill one must learn to be competitive in the future," Logan Kilpatrick, a developer advocate at OpenAI, wrote on X, formerly known as Twitter, earlier this week. "The reality is that prompting AI systems is no different than being an effective communicator with other humans.” 

While prompt engineering is becoming increasingly popular, the three underlying skills that will genuinely matter in 2024, according to the OpenAI employee, are reading, writing, and speaking. Honing these skills will provide humans a competitive advantage against highly intelligent machines in the future as AI technology advances. 

"Focusing on the skills necessary to effectively communicate with humans will future proof you for a world with AGI," he stated. Artificial general intelligence, or AGI, is the capacity of AI to carry out difficult cognitive tasks like making independent decisions on par with human performance. 

Some X users responded to Kilpatrick's post by stating that conversing with AI could actually improve human communication skills.

"Lots of people could learn a great deal about interpersonal communication simply by spending time with these AI systems and learning to work well with them," a user on X noted. After gaining prompt engineering abilities, another X user said that they have improved as a "better communicator and manager". 

Additionally, some believe that improving interaction between humans and machines is essential to improving AI's reaction. 

"Seems quite obvious that talking to/persuading/eliciting appropriate knowledge out of AI's will be as nuanced, important, and as much of an acquired skill as doing the same with humans," Neal Khosla, whose X bio says he's the CEO of an AI startup, commented in response to Kilpatrick. 

The OpenAI employee's views on prompt engineering come as researchers and AI experts alike seek new ways for users to communicate with ChatGPT in order to achieve the best results. The skill comes as ChatGPT users begin to incorporate the AI chatbot into their personal and professional lives. 

A study published in November discovered that using emotional language like "This is very important to my career" when talking to ChatGPT leads to enhanced responses. According to AI experts, assigning ChatGPT a specific job and conversing with the chatbot in courteous, direct language can produce the best outcomes.
Read more »
Ledger
Cyber Crime cyber theft CyberCrime Cybersecurity Cyverattacks Data exposed Ledger

Data Insights Exposes Ledger's Granular Tracking: Is Privacy at Stake?

 


An investigation by Rekt Builder has raised concerns about the extent of data collection by Ledger Live, the official software for managing Ledger hardware wallets. The developer claims that Ledger Live tracks every move users make, including the apps they install and the crypto they hold. A ledger in accounting can be described as a book of accounts. It is the second book of entry for all accounting transactions. 

A company records their classified financial information in a ledger. Transactions are recorded in the ledger in different accounts as debits and credits. The ledger is intended to provide a clear history of a business's financial health by providing an accurate account of all its transactions, both present and past. 

A ledger contains all the financial activities of a company in an orderly manner. When preparing financial statements, various active account records such as assets, liabilities, equity, income and expenses are provided as a record of the transactions or events that have occurred during a certain period. 

The ledger contains all of the accounts required to compile financial statements and is also necessary for audit purposes. The entire list of accounts is also called the chart of accounts. 

Taking to X on December 27, Rekt Builder claims that Ledger Live embeds the genuine check into the app’s listing procedure. As such, it means that whenever you plug in your Ledger device and open Ledger Live, the software checks whether the device is genuine and sends this information to Ledger’s servers. This data includes the device’s serial number, firmware version, and the list of apps installed. 

Rekt Builder also notes that Ledger Live tracks the crypto balances stored on the device. However, what’s concerning is that all this data is sent to Ledger’s servers. Accordingly, it means Ledger can access a detailed record of its clients’ crypto holdings.  

To determine whether Ledger was trailing user activity, the developer attempted to turn off the remote tracking feature in Ledger Live, but this was impossible. Any attempt to disable tracking resulted in the software breaking. This suggests that Ledger has intentionally designed Ledger Live to track user activity. Rekt Builder’s findings raise serious concerns about the privacy of Ledger hardware wallet users. 

If Ledger is tracking each move users make, then it is possible that this data could be used to identify users and track their crypto transactions. This can be dangerous because a hack into any of Ledger’s centralized servers can mean malicious agents can control critical data, which can then be used to target individuals with large holdings of Bitcoin and other coins.  


Rekt Builder also notes that Ledger Live tracks the crypto balances stored on the device. However, what’s concerning is that all this data is sent to Ledger’s servers. Accordingly, it means Ledger can access a detailed record of its clients’ crypto holdings.  

The Purpose Of A Ledger Account Business owners can focus their efforts on recording all business transactions. Such records facilitate easy tracking of income and expenses and keep client/customer accounts and records accurately maintained. These records can either be written or can be in an electronic format, i.e., accounting software.

One-off costs can have a significant impact on the projected budget for an upcoming year, which is why it is important to remove them from a budget before the correct figures are calculated. The most reasonable way to get an accurate picture of the budget is by reviewing the ledger in detail. Users can check what expenses were done and what income came through as a one-time thing. These can be overlooked at the budget preparation stage so they do not affect the upcoming budget. 

Current income and expenditure can be used to gain more precise figures. There has been a crucial debate in the cryptocurrency community regarding the delicate balance between convenience and data security as users grapple with the potential privacy risks that may be brought to light by Rekt Builder's investigation into Ledger Live. Considering all of these revelations, one must reevaluate user protections as well as transparency measures in this ever-evolving world of digital asset management.
Read more »
Stolen Data
Customer Data Data Breach EasyPark Phone Parking Service RingGo Stolen Credentials Stolen Data

RingGo: Phone Parking Service Suffers Data Breach, Customer Data Stolen


UK-based pay-by-phone parking service – RingGo – has suffered a data breach, where information including partial credit card numbers of several of its customers has been leaked. 

The EasyPark-owned company informed that the data of at least 950 customers had been stolen by the hackers. The data included names, phone numbers, addresses, email addresses and parts of credit card numbers.

According to the company, the compromised information is “non-sensitive” and claims that “no combination of this stolen data can be used to perform payments.”

However, it has warned customers have been warned against phishing scams, where threat actors use stolen customer details to send them emails and text messages, that look convincing, in order to scam the target victims. 

While British customers were the least affected by the breach, data of thousands of Europe-based customers are feared to be compromised. It needs to be made clear as to who is behind the data breach. 

Easypark further informs that it was “reaching out to all affected customers.” Meanwhile, RingGo claims to be “UK’s number one parking app,” with over 19 million customers. 

Using the company's app, drivers pay for parking using their smartphones by providing information about their vehicle, like the license plate number, and payment information, like a credit or debit card.

The Information Commissioner's Office (ICO) in the UK and the corresponding European agency have received reports from Stockholm-based EasyPark, according to a Tuesday Guardian report.

According to a statement published on the company’s website, the attack first came to light on December 10: "The attack resulted in a breach of non-sensitive customer data."

“We deeply care about our customers and want to make sure you are fully informed about this incident […] Our security team, including external security experts, is working hard to ensure effective security and privacy measures are in place[…]We are deeply sorry this happened and will continue to work hard every day to earn your trust.”

Owned by private equity firms Vitruvian Partners and Verdane, the company has operations across 4,000 cities in 23 countries, encompassing most of western Europe, the US, and Australia. Since its founding in 2001, it has expanded via several acquisitions.  

Read more »
School Record Hacking
Cyberattacks Cyberbreach CyberCrime Cybersecurity Privacy School Record Hacking

The Growing Concern About School Record Hacking

 


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts. 

Cybercriminals are not only seeking ransom payouts but are also targeting students’ personal information, including credit details, assessments, grades, health records, and more. The potential socio-emotional impact on students, coupled with financial implications, adds urgency to addressing cybersecurity challenges in schools. 

The sheer volume of devices and users in educational settings creates a complex environment prone to human failure. Challenges include phishing attacks, exploitation of vulnerabilities, and the rising ransomware threat, leading to downtime, recovery efforts, and paid ransoms. 

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep. Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. 

Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees. In the U.S., 1,981 schools across 45 districts fell victim to cybersecurity attacks in 2022, almost doubling the previous year’s incidents, according to an Emsisoft report based on aggregated publicly available data. 

Schools are “definitely not funded enough to support cyber warfare,” said Josh Heller, supervisor of information security engineering at Digi International. Penn Manor School District has 5,500 students who collectively generate more than two million individual data points in the core student management system alone. 

An attack that targets a business, through an employee or an employee's child, may seem like a step too much work when phishing and business email compromise are so much simpler. But, to state the obvious: Children are easy marks, and nearly all of them play video games. Combined with the proliferation of remote work and bring-your-own-device (BYOD) policies, this vector is long-tailed but fruitful for attackers. 

Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more.  

The increase in ransomware attacks in schools poses severe emotional and physical risks to students. Besides extorting money from students, cybercriminals also target sensitive personal data, making the potential harm even greater. Educators are suffering from major downtime, and resurgent action must be a result of these attacks. 

To protect students, and to prevent further damage, it is imperative that urgent action be taken, increased funding be provided, and cybersecurity be enhanced. To strengthen educational institutions against cyber threats escalating in number and intensity, it is imperative that awareness is elevated and collaborative efforts are put into place.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
Threat Landscape
Cyber Crime DDOS Attack Online Security Online Traffic Threat Landscape

Hackers are Launching DDoS Attacks During Peak Business Hours

 

Threat groups' tactics to avoid detection and cause harm are becoming increasingly sophisticated. Many security practitioners have seen distributed denial-of-service (DDoS) attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard.

DDoS attacks are a year-round threat, but we've seen an increase in attacks around the holiday season. Microsoft mitigated an average of 1,435 assaults per day in 2022. These attacks peaked on September 22, 2022, with roughly 2,215 documented attacks, and continued at a greater volume until the last week of December. From June to August, the number of attacks were reduced.

One reason for this trend could be that many organisations operate with fewer security staff and limited resources to monitor their networks and apps during the holidays. The huge volume of traffic and income made by organisations during this peak business season make this time of year even more tempting to attackers. 

Cybercriminals frequently take advantage of this opportunity to carry out lucrative attacks at a low cost. A DDoS assault can be ordered via a DDoS subscription service for as little as $5 under a cybercrime-as-a-service business model. In the meantime, small and medium-sized businesses spend an average of $120,000 to restore services and manage operations during a DDoS attack. 

With this knowledge, security teams can take preemptive steps to fight against DDoS assaults during busy business seasons. Continue reading to find out how. 

Understanding the varieties of DDoS attacks 

Before we can discuss how to protect against DDoS attacks, we must first comprehend what they are. DDoS attacks are classified into three groups, each with its own set of cyberattacks. Attackers can utilise a variety of attack types against a network, including those from distinct categories. 

The first type of attack is a volumetric attack. This type of attack focuses on bandwidth and is intended to overload the network layer with traffic. A domain name server (DNS) amplification attack, which leverages open DNS servers to flood a target with DNS answer traffic, is one example.

Then there are protocol attacks. This category primarily targets resources by exploiting flaws in the protocol stack's Layers 3 and 4. A protocol attack may be a synchronisation packet flood (SYN) attack, which uses all available server resources, rendering the server unusable. 

The last type of DDoS assault is resource layer attacks. This category is meant to disrupt data flow between hosts by targeting Web application packets. Consider an HTTP/2 Rapid Reset attack, for example. In this case, the attack delivers a predetermined amount of HTTP requests followed by RST_STREAM. This pattern is then repeated to produce a large volume of traffic on the targeted HTTP/2 servers.
Read more »
generative AI tools
2023 Global Threat Report AI tools Artifical Intelligence Cyber Security generative AI tools

Five Ways the Internet Became More Dangerous in 2023

The emergence of cyber dangers presents a serious threat to people, companies, and governments globally at a time when technical breakthroughs are the norm. The need to strengthen our digital defenses against an increasing flood of cyberattacks is highlighted by recent events. The cyber-world continually evolves, requiring a proactive response, from ransomware schemes to DDoS attacks.

1.SolarWinds Hack: A Silent Intruder

The SolarWinds cyberattack, a highly sophisticated infiltration, sent shockwaves through the cybersecurity community. Unearthed in 2021, the breach compromised the software supply chain, allowing hackers to infiltrate various government agencies and private companies. As NPR's investigation reveals, it became a "worst nightmare" scenario, emphasizing the need for heightened vigilance in securing digital supply chains.

2. Pipeline Hack: Fueling Concerns

The ransomware attack on the Colonial Pipeline in May 2021 crippled fuel delivery systems along the U.S. East Coast, highlighting the vulnerability of critical infrastructure. This event not only disrupted daily life but also exposed the potential for cyber attacks to have far-reaching consequences on essential services. As The New York Times reported, the incident prompted a reassessment of cybersecurity measures for critical infrastructure.

3. MGM and Caesar's Palace: Ransomware Hits the Jackpot

The gaming industry fell victim to cybercriminals as MGM Resorts and Caesar's Palace faced a ransomware attack. Wired's coverage sheds light on how these high-profile breaches compromised sensitive customer data and underscored the financial motivations driving cyber attacks. Such incidents emphasize the importance of robust cybersecurity measures for businesses of all sizes.

4.DDoS Attacks: Overwhelming the Defenses

Distributed Denial of Service (DDoS) attacks continue to be a prevalent threat, overwhelming online services and rendering them inaccessible. TheMessenger.com's exploration of DDoS attacks and artificial intelligence's role in combating them highlights the need for innovative solutions to mitigate the impact of such disruptions.

5. Government Alerts: A Call to Action

The Cybersecurity and Infrastructure Security Agency (CISA) issued advisories urging organizations to bolster their defenses against evolving cyber threats. CISA's warnings, as detailed in their advisory AA23-320A, emphasize the importance of implementing best practices and staying informed to counteract the ever-changing tactics employed by cyber adversaries.

The recent cyberattack increase is a sobering reminder of how urgently better cybersecurity measures are needed. To keep ahead of the always-changing threat landscape, we must use cutting-edge technologies, modify security policies, and learn from these instances as we navigate the digital landscape. The lessons learned from these incidents highlight our shared need to protect our digital future.

Read more »
TechCrunch
Crypto Hack cryptocurrency Cyber Security DeFi Hackers TechCrunch

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Read more »
Subscribe to: Comments (Atom)