Information Security Incidents: Weekly Overview (Nov 6–12, 2017)

Last week saw no large-scale data breaches, but new accusations against “Russian hackers” surfaced, and the cryptocurrency community was shaken by two major incidents. Here’s a brief summary of the key information security events from November 6 to 12, 2017.

1. DDoS Attack on Electroneum

Early last week, reports emerged of a cyberattack on the website of British cryptocurrency startup Electroneum, which had raised about $40 million through a crowdfunding campaign and ICO. Electroneum is a cryptocurrency that can be mined using smartphones. The official website and mining app launch was scheduled for November 2, but had to be postponed due to a DDoS attack. During recovery efforts, over 140,000 users were unable to access their accounts.

2. Vulnerability in Parity Ethereum Wallet

On November 6, an unknown individual exploited a vulnerability in the source code of the Parity Ethereum wallet, resulting in cryptocurrency stored in multi-user accounts being locked. The vulnerability was introduced by a patch released by Parity developers on July 20 to address another security issue.

3. Fancy Bear Attacks on Bellingcat

Experts from ThreatConnect reported attacks by the hacker group Fancy Bear—often linked to Russian intelligence agencies—targeting the investigative journalist group Bellingcat. The cybercriminals used Google’s Blogger service (blogspot[.]com) to send phishing messages. The first attacks were recorded as early as 2015.

4. Accusations Against “Russian Hackers”

“Russian hackers” may also be connected to the high-profile Yahoo! user data leaks, according to former company director Marissa Mayer. Spanish Foreign Minister Alfonso Dastis also claimed that Russian hackers interfered in European Union affairs, particularly in Spain, aiming to destabilize the region. However, he did not provide any evidence to support his claims.

5. SowBug Hacker Group Activity

Since 2015, the hacker group SowBug has been active in cyberspace, targeting diplomats in South America and Southeast Asia. Last week, Symantec experts published a report on the group’s activities, noting, “The group has significant resources, can attack multiple targets simultaneously, and often operates outside the working hours of targeted organizations.”

6. Kaspersky Lab Denies Ties to CIA Malware

Last week, Kaspersky Lab CEO Eugene Kaspersky stated that the company has no connection to malware developed by the CIA. “We conducted an investigation after the release of the Vault 8 report and confirm that certificates issued in our name are fake. Our clients, private keys, and services are safe and have not been affected,” Kaspersky said. The statement refers to WikiLeaks’ November 9 release of the Vault 8 project, which describes the CIA’s Hive platform for covertly stealing data from infected computers.

7. Novice Hackers Tricked by More Skilled Cybercriminal

Inexperienced hackers attempting to create their own Reaper botnet fell victim to a more skilled cybercriminal. According to NewSky Security, an IP scanner tool is circulating online, promising to find vulnerable devices for botnet recruitment. However, the tool also installs additional malware. It was discovered that the IP scanner was used to upload Kaiten malware onto the systems of those who downloaded it.