Open in app

Sign in

Write

Sign in

Major Cybersecurity Incidents in September, 2020

Tachyon
Tachyon Protocol
Published in
5 min readOct 6, 2020

The entire world is currently coping with the effects of lockdowns brought on by the COVID-19 pandemic which has forced most companies to move into remote work mode. Schools and colleges have started hosting online classes and healthcare professionals are engaging in telemedicine applications to provide remote care.

With large swathes of the population working from their home on personal devices now, cybersecurity risks have increased manifold not just for individuals but for organizations as well. This is largely due to the fact that personal devices often have low security measures and could be compromised. When these devices access enterprise resources and file systems, they could be creating security threats for their employers too. In this article, we will look at some of the major cybersecurity breaches, hacks and data leaks that have happened in the last month.

KuCoin Crypto Exchange Hack

In one of the biggest security breaches in the cryptocurrency space this year, Singapore-based crypto exchange KuCoin suffered a hack where the attacker(s) was able to get away with USD 150M+ worth of digital assets off the exchange. Around 7 PM UTC time on September 25, crypto observers started to notice significant movement of cryptocurrencies out of known hot wallets maintained by KuCoin. A hot wallet is one which is connected to the internet and is more prone to an attack compared to a cold wallet which is maintained offline.

As alarm bells went off everywhere, the team at KuCoin quickly moved all remaining funds from their existing hot wallets to new ones and suspended activity on the exchange. It was later revealed that the hacker(s) was somehow able to get access to the private keys of the original hot wallets. Among the assets that were stolen were 1,008 BTC, 11,480 ETH, 999,160 USDT, 26,733 LTC, 9,588,383 XLM and more in other coins and ERC20 tokens.

The attacker(s) has since taken the route of Uniswap to sell the stolen ERC20 tokens and moved non-Ethereum coins to other wallets. Meanwhile KuCoin has assured to cover all losses of user’s funds from their own cold wallet reserves. Law enforcement is currently investigating the hack and many exchanges have flagged off the wallets used in the operation. Some of the affected projects have also begun freezing the stolen assets or temporarily stopping their token contracts to re-issue new tokens as a replacement of the stolen ones. Eterbase was another crypto exchange that faced a hack this month because of a compromised hot wallet.

Data Vulnerability in COVID-19 Surveillance Tool

A COVID-19 surveillance platform used by authorities in the Indian state of Uttar Pradesh was found to be riddled with security-related bugs recently by researchers at VPNMentor. Named as Surveillance Platform Uttar Pradesh COVID-19, the software houses data of 8M citizens. From the research, it appears that there were basic security flaws such as unsecured git repository which exposed admin credentials and a CSV file of patient records which was available even without a password login. It is possible that personally identifiable information of citizens in the records may have been leaked to a third party. Hackers could have also taken control of the dashboard and caused far-ranging disruptions in the state’s COVID-combat ability. It is still not clear if there was any data theft at this point.

Bug in Joe Biden’s Campaign App

Another major privacy-related cybersecurity issue this month was the discovery of a bug in Joe Biden’s official campaign app that allowed anyone to pull up voter information of anyone else. A particular form was designed inadvertently in a way that a user could trick the app into thinking a phone number was that person’s contact and then display personal information related to that number to the user. The bug has now been fixed and an update pushed.

BancoEstado Shutters Branches Temporarily after Ransomware Attack

One of Chile’s largest banks, BancoEstado, had to close down all their branches on September 7 after facing a ransomware attack. As it turns out, over the weekend, the internal network of the bank was infected by the REvil ransomware because one of the devices on the network opened an Office document that had malware. Hackers used this as a backdoor to install ransomware across the entire bank network. This ransomware then locked all these affected devices. The public networks such as ATM, net banking, mobile app etc. was not infected, however. And based on the fact that no private data from BancoEstado has appeared publicly anywhere yet, it is possible that the bank may have settled with the hackers.

Ransomware Attack Causing Death

In a rare instance of a cybersecurity event causing a casualty, Düsseldorf University Clinic in Germany suffered an attack by the DoppelPaymer ransomware which crashed its IT systems causing the death of a patient since doctors were not able to access critical information to start treatment. The patient had to be rerouted to another clinic because of this and she died on her way. Following this mishap on September 10, the police have launched a homicide investigation. Preliminary evidence suggests hackers exploited a known flaw in an old Citrix version which the hospital used for its IT network. This vulnerability had been plugged in a January update. But the hospital had not updated the system to the latest version which had the security patch. Experts suggest this could be the first known case of ransomware death.

Tachyon VPN is a decentralized VPN solution that can protect devices from Man-In-The-Middle (MITM) attacks like DNS spoofing, WiFi snooping, SSL hijacking etc. It can also protect from social engineering attacks by masking IP and end-to-end encryption. Plus, the decentralized nature of provider nodes means that the Tachyon VPN network is difficult to take down by attacking known vectors. With rising numbers of cybersecurity incidents right now, it only makes sense to have the additional protection of a dVPN when working online in this new normal scenario.

Download and try Tachyon VPN here: https://tachyon.eco/?n=yr8mtzfwee.Download

About Tachyon Protocol

Tachyon Protocol is a decentralized internet protocol that aims to create a libre, secure and private internet for users. By implementing techniques from DHT, blockchain, UDP and encryption, Tachyon is committed to building the next generation TCP/IP that can provide a self-sufficient internet environment with high security, untraceability, availability, and maximum network speed. Tachyon brings to fruition years of experience and research by Sunny King (inventor of PoS i.e. Proof-of-Stake consensus mechanism), Peerchemist (Peercoin Project Leader and President of the Peercoin Foundation) and FinTech investor Alex Yang. Tachyon VPN currently has 1.6+ total users and offers ~1.5k distributed nodes to choose from. For more information, please visit https://tachyon.eco/.

Stay Connected:

Don’t forget to follow us on these platforms and get notifications. Launch a hot discussion about Tachyon anytime anywhere.

➤ Telegram Group: https://t.me/tachyoneco

➤ Telegram Channel: https://t.me/tachyonprotocol

➤ Twitter:https://twitter.com/tachyon_eco

➤ Medium:https://medium.com/tachyon-protocol

➤ LinkedIn: https://www.linkedin.com/company/tachyon-protocol

➤ KaKao: https://open.kakao.com/o/gRTetMzb

➤ Reddit: https://www.reddit.com/r/TachyonIPX/

➤Youtube:https://www.youtube.com/channel/UCvrANAq2HBYEPSL5nnsYQPg/

Censorship
Security
Privacy
Tachyonvpn
Tachyon Protocol

--

--

Tachyon
Tachyon Protocol

Written by Tachyon

810 Followers
Editor for

A Decentralized Internet Protocol Stack Based On Blockchain. https://tachyon.eco

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams