In the Spotlight this Week:
- Hong Kong Law Reform Commission Proposes New Cyber Crime Offenses with Tougher Penalties
- South Korea says North to Face Cyber Sanctions if it Conducts Nuclear Test
- US Doubles Reward for Tips on North Korean-backed Hackers
- Hackers Steal USD 6 Million from Blockchain Music Platform Audius
- New Malicious Android Apps Installed 10 Million Times from Google Play
Hong Kong’s Law Reform Commission has proposed five specific new offenses to rein in cyber crime, as part of its national security legislation. The penalties for this include tougher sentences up to life imprisonment. These recommendations aim to tackle a host of cyber offenses such as the illegal use of metadata and distributed denial of service attacks–a huge improvement from the one-size-fits-all charge of ‘obtaining access to a computer with dishonest intent’.
The proposition and review of existing cyber crime laws comes 22 years after the first laws were instituted. In addition, the proposed offenses would also carry extraterritorial application, if the crime has a connection to the victim or damages incurred in Hong Kong.
South Korea says that the North is likely to face stiffer sanctions including measures aimed at curbing its cyber attack capabilities if they were to follow through with a nuclear test that they have been preparing for. North Korea has already been placed under numerous UN sanctions for the same reasons. The UN Security Council plans to impose stricter sanctions on the North’s illegal cyber hacking activities which revolve around stealing funds and cryptocurrency to finance its weapons.
The U.S. State Department will reward USD 10 million for information on any North Korean sponsored threat groups. The DPRK-backed threat groups are known for targeting crypto exchanges and financial institutions around the globe to siphon money into supporting North Korean activities. These threat groups deploy malware into the networks of financial institutions and digital currency exchanges to conduct financial theft, money laundering, crypto-jacking campaigns, and extortion operations.
The decentralized music streaming platform, Audius, has been hacked with threat actors stealing over 18 million AUDIO tokens equivalent to USD 6 million. Audius is hosted on the Ethereum blockchain, and is a platform where artists can earn AUDIO tokens by sharing their music. Users can earn tokens by curating and listening to content. After the hacking incident, Audius responded within minutes, informing users on Twitter that the platform would be freezing services until developers could deploy fixes to prevent further theft. According to a post-incident report, the hacker exploited a bug in the contract initialization code that enabled them to repeatedly invocate initalize functions. Audius’ contract system had previously undergone two in-depth security assessments in August 2020 and October 2021 from different auditors, but neither discovered the exploited vulnerability.
A new batch of Android apps containing adware and malware , that has been installed close to 10 million times on mobile devices, has been discovered on the Google Play Store. These malicious apps are disguised as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. When in reality, these apps push intrusive advertisements, subscribe users to premium services, and steal victims’ social media accounts.