Updated: Feb 7
In the Spotlight this Week:
Japan to launch police bureau to counter cyber crime
FBI urges athletes to keep personal devices at home, use burners during Beijing Winter Olympics
Over USD 300 Million in cryptocurrency stolen in Wormhole hack
Malicious hybrid cloud campaign uses 0Auth apps to target C-level executives
Microsoft fends off record-breaking 3.47Tbps DDoS attack
Japan's cabinet has endorsed a bill to enable the National Police Agency to set up a new bureau and team in April dedicated to responding to serious cyber crimes. The bill is part of Japan's efforts to centralize police activities related to cybercrimes that are currently handled by multiple bureaus, with concern increasing about alleged state-sponsored attacks from China, North Korea and Russia.
With the reorganization, the police plan to ramp up cyber crime investigations using advanced technology as well as cooperation with overseas counterparts. The number of cyber crime cases confirmed by police nationwide stood at 12,275 in 2021, up about 20 percent from the year before.
The FBI warned Olympic athletes about bringing their devices to the 2022 Beijing Winter Olympics and March 2022 Paralympics while also raising concerns about the potential for cyberattacks against the event.
In a wide-ranging alert, the FBI said entities associated with the games should prepare for "a broad range of cyber activities to disrupt these events", including distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider threats.
Blockchain bridge Wormhole has confirmed that roughly USD 320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday. Wormhole is a bridge that connects various blockchains, including Ethereum, Solana, Terra, Binance Smart Chain, Polygon, Avalanche, and Oasis. One of its main features is a token bridge that allows users to bridge wrapped assets between these blockchains.
This appears to be the second-largest cryptocurrency heist. The largest took place in August 2021, when Poly Network announced that someone had stolen roughly $600 million worth of cryptocurrency. However, in that case, nearly all of the stolen funds were returned days later.
Researchers reported a new hybrid cloud campaign — dubbed OiVaVoii — that uses hijacked Office 365 users and a sophisticated combination of malicious OAuth apps and targeted phishing threats to attack many C-level executives, including CEOs, general managers, former board members and the presidents of companies.
Researchers said starting on Jan. 18, they observed account takeovers by malicious OAuth apps stealing OAuth tokens and via credential theft. The researchers said there are other risks after the account takeovers, mainly data leakage, continued phishing, lateral movement, brand abuse and malware distribution.
New data provided by Microsoft shows the company's Azure DDoS Protection team said that in November, it fended off what industry experts say is likely the biggest distributed denial-of-service attack ever: a torrent of junk data with a throughput of 3.47 terabits per second. The record DDoS came from more than 10,000 sources located in at least 10 countries around the world.
The DDoS targeted an unidentified Azure customer in Asia and lasted for about two minutes. The following month, Microsoft said, Azure warded off two other monster DDoSes. Weighing in at 3.25Tbps, the first one came in four bursts and lasted about 15 minutes.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.