Search

Security Brief: CICYBER Week of February 21, 2022

Week of Monday, February 21, 2022 | Issue 64

Keanna Grelicha and Kaylyn Matis, Counterintelligence and Cyber (CICYBER) Team


Russian invasion of Ukraine [1]


Date: February 21, 2022

Location: New York City, New York, US

Parties involved: OpenSea; OpenSea users; Unknown hackers

The event: OpenSea, a non-fungible token (NFT) marketplace, sent emails to its users about an update on the platform that would take place from February 18 to February 25, 2022.[2] NFTs are digital assets representing something unique like music or art, bought and sold online with cryptocurrency and encoded with the same software as cryptocurrencies.[3] In the OpenSea email, users were asked to update any NFT listings, or the purchase and sale of the digital assets, to continue using the marketplace once the update was finished. Unknown hackers exploited the update through a phishing campaign containing a malicious link asking users to validate their email addresses.[4] A phishing campaign is a set of emails that contain malicious links or malware-infected documents that allow threat actors to access the target’s accounts and extract their data or content.[5] The link in the threat actors’ phishing email redirected victims to a transaction page, where users signed over ownership of the NFT to the hackers, resulting in the theft of over 250 NFTs valued at around $2 million, impacting 17 OpenSea users.[6]

Analysis & Implications:

  • If NFT marketplaces continue to use private passwords that certify NFT’s authenticity and transactions, hackers will likely continue to exploit the weak security measures via phishing. The US Securities and Exchange Commission (SEC) will likely require OpenSea to implement greater regulation on NFTs, like verifying the ownership and authenticity of the NFT, to mitigate current vulnerabilities. Verifying the ownership of digital assets will likely require NFT marketplaces to implement more substantial security measures, like implementing a backup with Digital Vault.

  • If OpenSea does not increase the platform’s security, users will likely sell their NFTs and move to other marketplaces due to perceived insecurity of their online assets. If users move their digital assets to other marketplaces, OpenSea will very likely experience a decrease in its revenues due to a lack of transactions on the platform. Users migrating to other marketplaces will very likely reduce OpenSea’s user growth due to a lack of customer trust.

Date: February 23, 2022

Location: Ukraine

Parties involved: Ukraine; Russia; Symantec; ESET; Microsoft Windows; WhisperGate; Unknown Russian State-sponsored cyber group

The event: Symantec, a US-based software company, and ESET, a Slovakia-based Internet security company, detected a new data wiper Russia used against Ukrainian systems and networks. The data wiper, named WhisperGate, is a type of malware that removes and overrides data on a targeted device or operating system (OS), making the data unreadable. An unknown Russian State-sponsored cyber group conducted the data wipe through a Distributed Denial of Service (DDoS) attack on Ukrainian government agencies and banks.[7] A DDoS attack targets multiple connected devices, allowing the cyber group to flood the system with malware, creating traffic within the targets’ OS.[8] The DDoS targeted hundreds of Ukrainian devices as Russia began its invasion on February 23, 2022. To disrupt the Ukrainian systems within the devices, the DDoS deployed a Microsoft Windows command for the devices to install fake Windows services. The files within the Windows command were embedded in the malware of the data wiper that reboots the devices.[9] Russia uses a hybrid war strategy against Ukraine consisting of cyberwarfare, such as cyberattacks and disinformation campaigns, and conventional military warfare, like on-the-ground troops.[10]

Analysis & Implications:

  • The Russian cyberattack on Ukrainian government agencies could very likely lead to Ukrainian government operations, like military missions and defense systems, becoming inoperable during the current invasion. If the Russian State-sponsored cyber group steals sensitive information from Ukrainian government agencies’ OS while the systems are inoperable, they could very likely leave an access point to the OS open when collecting the data. Ukraine will very likely experience further cyberattacks from Russian State-sponsored cyber groups and vulnerabilities in its systems. Cyberattack vulnerabilities will very likely allow Russia to weaken Ukrainian government infrastructure and decrease Ukraine's counterattack capabilities.

  • The threat of Russian cyberattacks on Ukraine's nuclear power plants, which generate electricity for the population, will very likely make the population vulnerable to Russia’s control of the energy supplies. If such cyberattacks are successful and Ukraine loses control of its power grid, Ukraine will very likely have to surrender to Russia to provide energy to its population. Surrendering to Russia for necessary resources will very likely provide Russia the opportunity to control the infrastructure currently under attack. Russia’s DDoS attacks against Ukraine almost certainly demonstrate the increasing importance of cyberattacks as a warfare strategy and will almost certainly be used in the event of future similar invasions if Russia's current invasion succeeds.

The Counterterrorism Group (CTG) is the leading intelligence, security, and investigations company in the world. We are resourceful, innovative problem-solvers that are always on your side against terrorists, or other people intending to do harm to your situations that require something different. Our team of professionals has over 20-years of experience analyzing intelligence data gathering information on terrorists where others have failed. We also use our know-how for anticipating developments in terrorist attacks by using human asset reports to collect vital intel before it happens so you don't get caught without a plan. To find out more about our products and services visit us at counterterrorismgroup.com.

________________________________________________________________________ The Counterterrorism Group (CTG)

[1]War in Ukraine (2022)” by Homoatrox licensed under Creative Commons

[2] OpenSea users lose $2 million worth of NFTs in phishing attack, Bleeping Computer, February 2022, https://www.bleepingcomputer.com/news/security/opensea-users-lose-2-million-worth-of-nfts-in-phishing-attack/

[3] What Is An NFT? - Non-Fungible Tokens Explained, Forbes, February 2022, https://www.forbes.com/advisor/investing/nft-non-fungible-token

[4] OpenSea users lose $2 million worth of NFTs in phishing attack, Bleeping Computer, February 2022, https://www.bleepingcomputer.com/news/security/opensea-users-lose-2-million-worth-of-nfts-in-phishing-attack/

[5] Phishing Campaign, Barracuda, https://www.barracuda.com/glossary/phishing-campaig

[6] OpenSea users lose $2 million worth of NFTs in phishing attack, Bleeping Computer, February 2022, https://www.bleepingcomputer.com/news/security/opensea-users-lose-2-million-worth-of-nfts-in-phishing-attack/

[7] New data-wiping malware used in destructive attacks on Ukraine, Bleeping Computer, February 2022, https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/

[8] Distributed Denial of Service (DDoS), Imperva, https://www.imperva.com/learn/ddos/denial-of-service

[9] New data-wiping malware used in destructive attacks on Ukraine, Bleeping Computer, February 2022, https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/

[10] What is hybrid war, and is Russia waging it in Ukraine?, The Economist, February 2022, https://www.economist.com/the-economist-explains/2022/02/22/what-is-hybrid-war-and-is-russia-waging-it-in-ukraine

54 views