This week, we discuss how the European Union is working on removing end-to-end encryption (or more precisely, getting backdoor access to encrypted apps), how Akropolis lost $2 million in a flash loan attack, and how ransomware attackers are becoming as ruthless as ever.
No More End-to-End Encryption
Like the Five Eyes Alliance wasn’t enough. Now, the Council of the European Union wants to remove end-to-end encryption so they can track malicious activities. This may sound like the EU cares about the citizens, and they might actually do in reality, but no end-to-end encryption is a nightmare for every law-abiding and tax-paying citizen.
This is your basic privacy right, and we are pissed to hear this news!
The European Union always wanted to have backdoor access to fully-encrypted applications like WhatsApp. Why, you ask? Because this can help the authorities single out terror activities and plots, which is completely understandable. But what’s the point of privacy anyways when the government knows your every naughty little secret?
As the flagbearer of privacy, we absolutely condemn this. You should not trade human rights just because there are malicious activities going on everywhere while the government must rethink and strengthen security systems. It is still possible for the government to catch bad guys, hackers, and cyberattackers, but we advocate them doing so without peeking into your hard drive or ending encryption.
Remember Silk Road? The largest online marketplace? The FBI arrested the owner and shut down the website without banning encryption. And, the FBI can do that again if need be without throwing our privacy rights in the garbage.
Pun intended: This is like the European Union telling you to open your door in case someone wants to barge in, so they have quick access to your house.
Want some more puns?
Here you go… You don’t ban cash just because drug dealers deal in cash and it is involved in multiple illegal transactions. The same goes for encryption.
On a serious note, end-to-end encryption is the right of every citizen especially when we are living in the ever-so growing digital world. Once there is no encryption or the government has some kind of backdoor access to your personal apps, how can you stop a cyberattacker from eavesdropping?
Just wait for it; this is just the beginning.
Just focusing on tech policy, Biden has:— Evan Greer (@evan_greer) November 9, 2020
🙄called for Section 230 to be "revoked," which would basically blow up the Internet
😬claimed he "wrote" the PATRIOT ACT, and attacked end-to-end encryption
😠defended NSA programs Snowden exposed
🙂said he will restore net neutrality
Akropolis Loses $2 Million to a Cryptocurrency Hacker
Have you ever heard of a flash loan attack? This is a brand new way to steal money using cryptocurrency. To put it simply, a flash attack loan happens when a hacker borrows money from a DeFi platform as a loan and then manipulates the platform code to steal the money. It’s an increasingly common way to loot money without a trace. Akropolis became the latest target of a flash loan attack.
You might be wondering if the hacker was more skilled and smarter or if the flash loan attack occurred because of a weak DeFi platform.But It all comes down to trusting a smart contract that both parties initially agreed upon, which includes the DeFi platform (Akropolis) and a user (a hacker in this particular case). The one who writes a smart contract is, in a subtle way, allowing the user to exploit them.
Open Letter To Akropolis Delphi Hacker pic.twitter.com/lrDrZKGkWN— Bixinex (@3rrhCxjSUEGOAZx) November 16, 2020
These flash loan attacks started gaining traction in February 2020. The attack on Akropolis is just like any other cryptocurrency attack. The company even hired two major cybersecurity firms to find out about the attackers but they failed to highlight the main attack vectors. Sigh!
Cyberattackers Hit COVID-19 Vaccine Research
According to Microsoft, three hacking groups, two from North Korea and once from Russia, specifically targeted and launched a wide range of attacks on COVID-19 research, including leveraging spear phishing as well as brute force attacks.
Uncle Putin RT @MarshallCohen— Tomi T Ahonen (@tomiahonen) July 17, 2020
2014: Invaded Ukraine, annexed Crimea
2015: Intervened in Syria
2016: Meddled in US election
2017: Meddled in French election
2018: Poisoned ex-spy on British soil
2019: Meddled in UK election
2020: Hacked Covid-19 research centers pic.twitter.com/mStY8mODst
Even though the COVID-19 vaccine is still in early nascent stages and there is no real vaccine available, the attacking groups were able to victimize multiple healthcare organizations in the United States, France, India, South Korea, and Canada.
This is preposterous to even imagine.
How do you expect a healthcare organization to focus on creating a vaccine when there is too much foul play and they have to deal with threat actors? This is the biggest roadblock in solving worldwide healthcare problems during the pandemic.
This is the type of state-sponsored cyberattacks that start long-term wars between two countries. While we are still comprehending the pandemic and finding ways to cope with the whole situation, these cyberattacks can only make things worse.
Ransomware Groups Ran Facebook Ads… WTH
Like garnering money from healthcare organizations and companies wasn’t enough for them, now these ransomware groups are hacking Facebook accounts and running paid ads. Ragnar Locker (not Lodbrok) hacked a deejay’s Facebook page to exploit the Campari Group into paying a ransom.
Up to 8,000 Facebook users saw this ad and were terrified to see how vulnerable they were and the platform they are using. We have already shared time and time again that healthcare sectors are the primary target for ransomware attacks, and all we can do is be more cyberaware and smart about such attacks.
Ransomware attacks are growing exponentially at places you couldn’t have imagined (but then again, it’s 2020, so nothing surprises us anymore). Do you know that high-grade ransomware attacks grew by 388% in the education industry?
The digital landscape is not safe and hackers know that very well. These hackers are like bloodhounds who sniff weak security systems, take over your data, and ask for a ransom in exchange.
That’s brutal and heartless!
Arm Yourself with Knowledge and Insights…
This calls for every industry and individual to make himself aware of the dreadful consequences of zero privacy and online security. This is the top reason why we, the PureVengers, are digging out real dangers every week that are lurking around in the world and may someday impact you.
To ensure that doesn’t happen (like, ever), try to take some time out and learn a thing or two about online security. Our blogs can help you out and it can be a good start for you if you are totally unaware of the cybersecurity world.
Our true mission is to create safe cyberspace for everyone and shut the front door for all nasty cyberattacks. To do that, we continue to serve you with the latest cybersecurity news and helpful guides so you can arm yourself against such online threats.