{"id":74297,"date":"2023-02-18T07:00:00","date_gmt":"2023-02-18T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=74297"},"modified":"2025-09-09T19:15:34","modified_gmt":"2025-09-09T16:15:34","slug":"car-theft-via-usb-cable-record-breaking-ddos-attack-and-other-cybersecurity-events","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/car-theft-via-usb-cable-record-breaking-ddos-attack-and-other-cybersecurity-events\/","title":{"rendered":"Car theft via USB cable, record-breaking DDoS attack and other cybersecurity events"},"content":{"rendered":"<p>We\u2019ve gathered the week\u2019s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-809e5522-aabe-4b11-a764-5e72bae4ef70\">\n<li>Cloudflare recorded the largest DDoS attack in history to date.<\/li>\n<li>Hyundai and Kia to roll out updates after a TikTok-promoted method for car theft.<\/li>\n<li>The Russian Prosecutor-General\u2019s Office has charged Hydra personal-data sellers.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Cloudflare recorded the largest DDoS attack in history<\/strong><\/h2>\n<p>Cloudflare <a href=\"https:\/\/blog.cloudflare.com\/cloudflare-mitigates-record-breaking-71-million-request-per-second-ddos-attack\/\">blocked<\/a> <span data-descr=\"distributed denial-of-service\" class=\"old_tooltip\">DDoS<\/span>-attack, which it says is the largest in history to date. The peak wave reached 71 million requests per second.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/V2JJF2j065J3qDBb6eKzgS9CnYydtzLwehQcMt6vVE-Bk8d3rv_iGU4n-4ZMtOzYM3am0RYwNeW_tJncewE1QpaPAVluO04OdiQqbYJlt09mjZe3IXEW1_H1X7QEudW-wRuOilogdmJTuD2I1VIr4PQ\" alt=\"\u0423\u0433\u043e\u043d \u0430\u0432\u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e USB-\u043a\u0430\u0431\u0435\u043b\u044f, \u043c\u043e\u0449\u043d\u0435\u0439\u0448\u0430\u044f DDoS-\u0430\u0442\u0430\u043a\u0430 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>Source: Cloudflare.<\/figcaption><\/figure>\n<p>\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u043e\u0432, \u0430\u0442\u0430\u043a\u0430 \u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0441 30 000 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0438\u0445 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430\u043c. \u0426\u0435\u043b\u044c\u044e DDoS \u0441\u0442\u0430\u043b \u0440\u044f\u0434 \u0438\u0433\u0440\u043e\u0432\u044b\u0445 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0439, \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438 \u0445\u043e\u0441\u0442\u0435\u0440\u044b.<\/p>\n<p>\u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u0440\u0435\u043a\u043e\u0440\u0434 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u0432 \u0438\u044e\u043d\u0435 2022 \u0433\u043e\u0434\u0430. \u0422\u043e\u0433\u0434\u0430 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 Google Cloud Armor \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f DDoS-\u0430\u0442\u0430\u043a\u0435 \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 HTTPS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u0441\u0442\u0438\u0433\u043b\u0430 \u043c\u043e\u0449\u043d\u043e\u0441\u0442\u0438 46 \u043c\u043b\u043d \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0443.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Lazarus hackers switch to a new mixer for laundering cryptocurrency<\/strong><\/h2>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 <a href=\"https:\/\/u1f987.com\/en\/news\/blender-io-mixer-sanctioned-by-the-united-states\">Blender<\/a> \u0438 <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">Tornado Cash<\/a> \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Lazarus \u0441\u0442\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u0442\u043c\u044b\u0432\u0430\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043d\u043e\u0432\u044b\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0439 \u043c\u0438\u043a\u0441\u0435\u0440 Sinbad. \u041e\u0431 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 Elliptic.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83c\udf2a\ufe0f Blender is back! Elliptic research found that a coin mixer sanctioned for helping Lazarus Group launder tens of millions of dollars is likely to have re-launched as Sinbad and has laundered close to $100m in Bitcoin from hacks attributed to Lazarus<a href=\"https:\/\/t.co\/qSUPwIgPpq\">https:\/\/t.co\/qSUPwIgPpq<\/a><\/p>\n<p>\u2014 elliptic (@elliptic) <a href=\"https:\/\/twitter.com\/elliptic\/status\/1625167534327578624?ref_src=twsrc%5Etfw\">February 13, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In particular, hackers laundered through it part of the assets stolen in June 2022 during the <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-steals-about-100-million-in-harmonys-horizon-cross-chain-bridge-attack\">Harmony protocol cross\u2011chain bridge breach<\/a>.<\/p>\n<p>Analysts say Sinbad was launched in autumn 2022 by Blender operators who had previously vanished, allegedly taking $22 million in Bitcoin. Transactions between the operators&#8217; &#8216;service&#8217; wallets across both services support this link.<\/p>\n<p>Moreover, Blender operators&#8217; wallet was used to pay for advertising the new mixer and to finance nearly all initial transactions totaling about $22 million that passed through Sinbad.<\/p>\n<p>According to <a href=\"https:\/\/blog.chainalysis.com\/reports\/2022-biggest-year-ever-for-crypto-hacking\/\">Chainalysis<\/a>, Lazarus laundered around $25 million in cryptocurrency through the new service.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/61X6_EysLQOJv5zrXL5RdgqpG2Z3MHjeHGob4etT-CT0HpAResA5QtSaYNSRxrX4_sLUWssNbK--MCMw9W-ESza-wzvhz2CNaV4ZJvHqZv6svVkxBX6TwmB4wauFCqq9GTwdL3FYg__Me9oAwp58kuw\" alt=\"\u0423\u0433\u043e\u043d \u0430\u0432\u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e USB-\u043a\u0430\u0431\u0435\u043b\u044f, \u043c\u043e\u0449\u043d\u0435\u0439\u0448\u0430\u044f DDoS-\u0430\u0442\u0430\u043a\u0430 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>Source: Chainalysis.<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\"><strong>Hyundai and Kia to roll out updates after TikTok-promoted car-theft method goes viral<\/strong><\/h2>\n<p>Hyundai and Kia, after numerous user complaints about the possibility of stealing a car with a USB cable, <a href=\"https:\/\/www.nhtsa.gov\/press-releases\/hyundai-kia-campaign-prevent-vehicle-theft\">will roll out emergency updates<\/a>. The wave of outrage followed a TikTok post outlining the simple attack vector and the subsequent rise in car thefts in the United States.<\/p>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/J89tY-p9xUw\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p>The issue lies in a logic flaw that allows the &#8216;turn-key-to-start&#8217; system to bypass the immobilizer, which authenticates the key&#8217;s <span data-descr=\"electronic anti-theft device\" class=\"old_tooltip\">immobilizer<\/span>, <span data-descr=\"transponder for remote key control\" class=\"old_tooltip\">transponder<\/span> key code on the engine control unit. Attackers can forcibly activate the ignition with any USB cable and start the car.<\/p>\n<p>The vulnerability affects about 3.8 million Hyundai and 4.5 million Kia vehicles.<\/p>\n<p>In the United States the free update will be installed by official dealers. How the issue will be resolved in Russia remains unknown.<\/p>\n<p>For models without engine immobilizers that cannot receive the update, the manufacturer will cover the cost of steering-wheel locks.<\/p>\n<p>Kia also promised to roll out updates soon, but details were not yet disclosed.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russia\u2019s Prosecutor-General\u2019s Office has charged Hydra personal-data sellers<\/strong><\/h2>\n<p>The Russian Prosecutor-General&#8217;s Office <a href=\"https:\/\/t.me\/genprocrf\/2430\">has charged<\/a> in the criminal case concerning the sale of personal data of individuals and legal entities on the dark-net marketplace Hydra.<\/p>\n<p>According to investigators, from February 2018 to February 2020 the criminal group repeatedly copied information from databases of the Russian tax service, the Pension Fund, the credit history bureau, the interior ministry and credit institutions. Subsequently, these data were sold to customers.<\/p>\n<p>The incident affected no fewer than 6,500 individuals.<\/p>\n<p>Depending on the role of the defendants, they were charged with organizing a criminal group, unlawful access to computer information, and illegal obtaining and disclosure of information constituting tax and banking secrecy.<\/p>\n<p>The criminal case will be heard by the Vsevolozhsky City Court in the Leningrad region.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Chinese hackers attacked Russian companies<\/strong><\/h2>\n<p>Group-IB specialists reported phishing cyberattacks on dozens of leading Russian IT and information-security (IS) companies that occurred in June 2022.<\/p>\n<p>For the malicious distribution, attackers used a fraudulent mail account registered with the free GMX Mail service.<\/p>\n<p>The correspondence itself was conducted in the name of a real IS-company employee, who allegedly sent a &#8216;meeting protocol&#8217; discussing cloud infrastructure security.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/XAdi_TKRs-M08s9fCtK2Nqy5qHHPwnus3YqMuGuZ0JRY-x380jll5M6tttftaWCZf1NkJg7GDSBk0S_b4boMc04GMakVZWXYs7ExJSXHUmo2PDqJ2gS0F2vfksDp-Hfpt7KFbcuXSle2UjrQqxrk2pQ\" alt=\"\u0423\u0433\u043e\u043d \u0430\u0432\u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e USB-\u043a\u0430\u0431\u0435\u043b\u044f, \u043c\u043e\u0449\u043d\u0435\u0439\u0448\u0430\u044f DDoS-\u0430\u0442\u0430\u043a\u0430 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>Source: Group-IB.<\/figcaption><\/figure>\n<p>In studying the campaign, researchers found evidence of involvement by the state-linked Chinese hacking group Tonto Team.<\/p>\n<p>Its main aim is espionage and theft of intellectual property, so victims include organisations in the government, military, technical and research sectors.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Experts blocked 151,000 attempts to access resources mimicking Telegram<\/strong><\/h2>\n<p>In January, Kaspersky Lab solutions blocked 151,000 attempts by users in Russia to navigate to phishing resources masquerading as Telegram. This is 37 times higher than in the same period last year.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"ru\" dir=\"ltr\">If someone messages you in Telegram asking you to vote in the &#8220;Best Children&#8217;s Drawing&#8221; contest, think before you click the link. There\u2019s a risk that along with your vote you\u2019ll also give away your account data\u2026 <a href=\"https:\/\/t.co\/P1pDHcMt4m\">pic.twitter.com\/P1pDHcMt4m<\/a><\/p>\n<p>\u2014 Kaspersky (@Kaspersky_ru) <a href=\"https:\/\/twitter.com\/Kaspersky_ru\/status\/1626234300059500553?ref_src=twsrc%5Etfw\">February 16, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The spike in such phishing attacks was recorded in November 2022.<\/p>\n<p>In most cases, the goal of phishers is to harvest credentials: a phone number and a verification code. The obtained access to accounts can be used for theft of confidential information, blackmail, and sending fraudulent messages.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>The SEC filed <a href=\"https:\/\/u1f987.com\/en\/news\/sec-charges-terraform-labs-and-do-kwon\">charges against Do Kwon<\/a>.<\/li>\n<li>Chainalysis: <a href=\"https:\/\/u1f987.com\/en\/news\/chainalysis-nearly-10000-tokens-used-in-pump-and-dump-schemes\">almost 10,000 tokens<\/a> were used in Pump &amp; Dump schemes.<\/li>\n<li>Bloomberg: <a href=\"https:\/\/u1f987.com\/en\/news\/bloomberg-top-mt-gox-creditor-opts-for-bitcoin-payout\">top creditor Mt.Gox<\/a> chose bitcoin for restitution.<\/li>\n<li>The court did not rule out the return of <a href=\"https:\/\/u1f987.com\/en\/news\/court-does-not-rule-out-bankman-frieds-return-to-prison\">Sam Bankman-Fried to prison<\/a>.<\/li>\n<li>The DeFi protocol Platypus on Avalanche <a href=\"https:\/\/u1f987.com\/en\/news\/platypus-defi-protocol-on-avalanche-loses-8-5-million-in-hack\">lost $8.5 million<\/a> in a hack.<\/li>\n<li>Norwegian authorities <a href=\"https:\/\/u1f987.com\/en\/news\/norwegian-authorities-seize-5-9-million-stolen-from-axie-infinitys-ronin-sidechain\">confiscated $5.9 million<\/a> stolen from Axie Infinity.<\/li>\n<li>The developer of Tornado Cash <a href=\"https:\/\/u1f987.com\/en\/news\/tornado-cash-developer-denied-bail-2\">was denied bail<\/a>.<\/li>\n<li>Binance and Huobi <a href=\"https:\/\/u1f987.com\/en\/news\/binance-and-huobi-freeze-assets-stolen-in-horizon-bridge-hack\">frozen assets<\/a> stolen in the Horizon bridge hack.<\/li>\n<li>In Kazakhstan <a href=\"https:\/\/u1f987.com\/en\/news\/kazakhstan-seizes-russian-citizens-assets-on-binance-over-dealings-with-illegal-exchange\">a Russian\u2019s assets on Binance were seized<\/a> for dealing with an illegal exchange.<\/li>\n<li>Bitzlato named <a href=\"https:\/\/u1f987.com\/en\/news\/bitzlato-sets-date-for-resumption-of-withdrawals\">the date for resuming withdrawals<\/a> of funds.<\/li>\n<li>The Wormhole hacker <a href=\"https:\/\/u1f987.com\/en\/news\/wormhole-hacker-moved-assets-worth-46-million\">moved $46 million in assets<\/a>.<\/li>\n<li>The MetaMask team <a href=\"https:\/\/u1f987.com\/en\/news\/metamask-team-warns-users-about-phishing\">warned users about phishing<\/a>.<\/li>\n<li>The founder of the crypto platform EminiFX <a href=\"https:\/\/u1f987.com\/en\/news\/founder-of-crypto-platform-eminifx-pleads-guilty-to-248-million-fraud\">pleaded guilty to $248 million fraud<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>In the educational section &#8216;Kryptorium&#8217; we explain what a vampiric attack is and the projects affected by it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve gathered the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":74298,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-74297","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=74297"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74297\/revisions"}],"predecessor-version":[{"id":74299,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74297\/revisions\/74299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/74298"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=74297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=74297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=74297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}