Eliana Willis

Two alleged operators of the Frosties NFT rug pull have been arrested and charged by US law enforcement. The US Department of Justice (DoJ) said on Thursday that Ethan Nguyen and Andre Llacuna have been charged with conspiracy to commit wire fraud and conspiracy to commit money laundering.

The pair, both 20 years old, allegedly operated “Frosties,” a Non-Fungible Token (NFT) project that, at the outset, looked professional and offered quirky cartoon art.  However, as documented by Protocol, investors who handed over cryptocurrency to purchase the NFTs in January this year were alerted to a potential scam when the Frosties Discord server vanished alongside the original project’s Twitter profile, having briefly displayed the message, “I’m sorry.” Rug pulls are along the same vein as exit scams performed by cryptocurrency exchanges and projects in recent years or pump-and-dump meme stock activities.  You ramp up a project, share, or service, dangle the prospect of making money or package up an initiative as an exciting and trustworthy project, and once investors have been reeled in and have parted with their funds, you take the cash and vanish.  Rug pulls aren’t commonly seen in the NFT space, but as the trade of these tokens rises in popularity, we are likely to see such fraud increase in the future.  Frosties promised investors tokens, rewards, giveaways, mint passes, and early access to a future game. According to the DoJ’s complaint, the alleged rug pull was the work of the pair, who tried to disappear with roughly $1.1 million, abandoning the project without notice.  The funds were transferred out to different cryptocurrency wallets. Law enforcement says that there were attempts to launder the cryptocurrency by ‘washing’ it through numerous stealth transactions.  Furthermore, $1.1 million might not have been enough for the alleged scam artists. Nguyen and Llacuna were also advertising a second NFT project called “Embers,” due to mint this Saturday, before their arrests in Los Angeles. The DoJ claims that Embers could have generated as much as $1.5 million in cryptocurrency if it was also an apparent rug pull.  If the pair are found guilty, they face maximum sentences of 20 years in prison for both conspiracy to commit wire fraud and conspiracy to commit money laundering. “NFTs represent a new era for financial investments, but the same rules apply to an investment in an NFT or a real estate development,” commented IRS-CI Special Agent-in-Charge Thomas Fattorusso. “You can’t solicit funds for a business opportunity, abandon that business and abscond with money investors provided you.” See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Avast has acquired SecureKey Technologies to bolster the firm’s digital authentication and identity management portfolio.The deal was announced on Thursday. Financial details have not been disclosed. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

According to the cybersecurity firm, the purchase “will expand Avast’s Identity product and services portfolio as part of its digital freedom vision.” Founded in 2008, the Ontario, Canada-based firm is the developer of access management solutions for the enterprise. SecureKey’s software includes identity and authentication management processes — connecting consumers to banks, telecommunications firms, and government agencies — to “securely and privately authenticate with, and assert their identities for accessing, the services of participating organizations.”  The organization’s technologies have an emphasis on financial data security and handling personally identifiable information (PII). Over 200 million digital ID transactions are managed by SecureKey every year worldwide.  “We live in a digital world but are being forced to use outdated and broken identity systems, with too many avenues that welcome the possibility of fraud,” SecureKey says. SecureKey has memberships and affiliations with organizations including The Linux Foundation, Fido Alliance, Hyperledger, and DIACC.  Fortune Business Insights estimates that the identity and access management market services market will be worth $34.52 billion by 2028.  Avast CEO Ondrej Vlcek said the company “envisage[s] a global and reusable digital identity framework which will underpin a new trust layer for the internet,” and to reach this goal, digital identity management needs to be developed further on an international scale.  Avast says the acquisition is expected to close next month, with SecureKey products becoming available to consumers under the Avast umbrella in the second quarter.  “By working closely with governments, financial institutions, and businesses, we have an established track record of trusted and mature identity networks that provide consumers with the secure digital capabilities they deserve,” commented SecureKey CEO Greg Wolfond. “Combining forces with Avast enables us to innovate further and faster with our technology as we together look to build a more trustworthy future for all internet users.” See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google has detailed its work to thwart not one but two North Korean hacking groups using a Chrome zero-day bug.Google patched the bug in February but it was being exploited a month earlier. At the time, Google said it knew of reports that hackers were exploiting the Chrome bug CVE-2022-0609. The US Cybersecurity and Infrastructure Security Agency (CISA) mandated federal agencies to patch the Chrome bug in February. Google’s Threat Analyst Group (TAG) says the exploit kit was being actively deployed from January 4, 2022. 

ZDNet Recommends

According to Google, the North Korean hacking groups who were using this exploit are linked to Lazarus, the North Korean hacking group accused of both the Sony Pictures hack and massive theft via an attack on the SWIFT international bank-messaging system. SEE: This sneaky type of phishing is growing fast because hackers are seeing big paydaysThese groups’ work have been referenced by researchers at other cybersecurity firms as Operation Dream Job and Operation AppleJeus.”We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques. It is possible that other North Korean government-backed attackers have access to the same exploit kit,” said TAG’s Adam Weidemann in a blogpost.  “In line with our current disclosure policy, we are providing these details 30 days after the patch release.” The attackers made use of an exploit kit that contained multiple stages and components. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised, according to the security researchers.The group has targeted US organizations in news media, tech, cryptocurrency and fintech sectors, according to Google. Organizations in other countries may have been targeted too, it notes.  According to Google, one of the groups targeted 250 people from 10 organizations in news media, domain registrars, web-hosting providers and software vendors with bogus job offers in emails impersonating recruiters from Disney, Google and Oracle. The emails contained links to spoofed versions of Indeed and ZipRecruiter — two popular sites used in the US for recruiting tech talent.   Blockchain analysis firm Chainalysis estimates that North Korean hackers linked to Lazarus stole nearly $400 million worth of cryptocurrency in 2021. A United Nations panel of experts in 2018 concluded that its cryptocurrency hacks contributed to North Korea’s ballistic missile programs.Google says the other group targeted over 85 users in cryptocurrency and fintech industries using the same exploit kit.Once they were discovered, all identified websites and domains were added to Google’s Safe Browsing service to protect users from further exploitation, and Google also sent all targeted Gmail and Workspace users government-backed attacker alerts notifying them of the activity. Mandiant, which Google is buying for $5.4 billion, also released a new report this week on North Korean hacking. It says North Korea is borrowing China’s strategy of corralling hacker groups to work within the government.   Mandiant identifies the Lazarus-linked hacking groups as Lab 110, TEMP.Hermit, APT38, Andariel, and Bureau 325. They operate under North Korea’s foreign intelligence agency, the Reconnaissance General Bureau, which has seven sub-organizations that handle operations, reconnaissance, foreign intelligence, relations with South Korea, technology, and support. Each group is specialized to target different industries and gather intelligence from organizations about geopolitical events or raise revenues through cryptocurrency theft. “TEMP.Hermit, APT38, and Andariel are likely subordinate to Lab 110. Lab 110 is likely an expanded and reorganized version of “Bureau 121,” Mandiant researchers said.”The country’s espionage operations are believed to be reflective of the regime’s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and political entities, information on foreign relations and nuclear information, and a slight decline in the once spiked stealing of COVID-19 vaccine research. Information collected in these campaigns will possibly be used to develop or produce internal items and strategies, as in vaccines, mitigations to bypass sanctions, funding for the country’s weapons programs, and so on.” More

Australia’s parliamentary body tasked with reviewing cyber laws has thrown its support behind the federal government’s second tranche of critical infrastructure cyber laws.”The new laws are a critical tool that will bring together government and industry to strengthen our defences against significant threats from nation state adversaries and criminal actors,” Liberal Senator and Parliamentary Joint Committee on Intelligence and Security (PJCIS) committee chair James Paterson said.The Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 (SLACIP Bill) contains outstanding elements of cyber laws passed by the Parliament last year, per recommendations from the committee for the cyber laws to be enshrined in two phases. Among these outstanding elements are requirements for entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations, such as potentially installing third-party software. It also seeks to introduce risk management programs that would apply to entities within the 11 sectors classified as critical infrastructure sectors.During the PJCIS’ review of the law, the committee heard from critical infrastructure industry representatives who criticised the software installation scheme as they believed it would introduce unnecessary security risks into those types of environments.Despite hearing these concerns, the PJCIS has supported the enshrinement of the requirement in its advisory report [PDF], saying it believes the Australian Signals Directorate (ASD) would enforce that requirement carefully.”The committee sought assurances from the Department [of Home Affairs] and ASD that the installation of system software would be used only as a ‘provision of last resort’, and received evidence from both the Department and ASD that most sophisticated entities would be able to provide section 30DB and 30DC reports through existing or current open-source tools,” the PJCIS wrote.It added that, in theory, the ASD would already be collaborating with organisations that have systems of national significance and have an understanding of their cybersecurity posture when making any calls for third-party software to be installed.Acknowledging that the Bill’s requirement are a work in progress, the committee recommended for the Department of Home Affairs and the Cyber and Infrastructure Security Centre to establish further consultation with critical infrastructure industry representatives, relevant employee representative bodies, and trade unions for further feedback about the Bill’s risk management programs.Similarly, the committee wants industry roundtables to continue for the same purpose.”The threat to Australia is increasing in scale and sophistication, and so it’s never been more important to harden our systems. That requires a collaborative effort from government and industry to identify and counter cyber threats targeted at our critical infrastructure, many of which are currently regarded as soft targets by our adversaries,” Paterson said.These recommendations came along with nine others, including for the federal government to commission an independent review of the operation of Australia’s critical infrastructure cyber laws one year after the SLACIP Bill receives Royal Assent.”To ensure the laws achieve this critical objective, the committee has recommended that their effectiveness be reviewed once fully implemented to ensure they remain fit for purpose and proportionate to the threat environment,” Paterson said.The federal government’s critical infrastructure reforms sit alongside the ransomware action plan as being its primary regulatory efforts for bolstering Australia’s cybersecurity posture.Labelled by Home Affairs Secretary Mike Pezzullo last month as the government’s defence against cyber threats, the federal government is hoping the second tranche of cyber laws will create a standardised critical infrastructure framework for Australia’s intelligence agencies.RELATED COVERAGE More

The Western Australian government has announced it will invest AU$25.5 million to expand the state’s cybersecurity services.The funding, delivered under the state government’s AU$500 million Digital Capability Fund, will put be towards ensuring the state’s cyber capabilities can facilitate secure data exchanges between agencies, and prevent, detect, and responds to cyber threats.Specifically, this will include beefing up the Office of Digital Government’s cybersecurity unit with additional headcount to make it the state’s “largest dedicated cybersecurity team” and establishing a new dedicated home for the state’s new cyber security operations centre.”Cyber threats continue to evolve, and so by investing in our world-class Cyber Security Operations Centre, Western Australians can be assured important Government services they access will continue to be safe and their information will remain secure,” Minister of Innovation and ICT Stephen Dawson said. The announcement comes on the same day Prime Minister Scott Morrison warned organisations to prioritise trust over costs and efficiency when it comes to data security, pointing to the recent cyber attacks in Ukraine as lessons for organisations to learn from.”I tell you particularly in a more troubled world, especially from a data security point of view, supply chains are frankly more about trust now than they even are about efficiency or cost,” said Morrison, during the official opening of Macquarie Telecom’s new AU$85 million hyperscale data centre in Sydney.Earlier this week, the federal government launched an AU$89 million cybercrime centre that is specifically focused on preventing cybercriminals from scamming, stealing, and defrauding Australians.Related Coverage More

Australian Prime Minister Scott Morrison officially opening Macquarie Telecom’s IC3 data centre in Macquarie Park.
Image: Campbell Kwan
Australian Prime Minister Scott Morrison has warned organisations to prioritise trust over costs and efficiency when it comes to data security, pointing to the recent cyber attacks in Ukraine as lessons for organisations to learn from. “I tell you particularly in a more troubled world, especially from a data security point of view, supply chains are frankly more about trust now than they even are about efficiency or cost,” said Morrison, who officially opened Macquarie Telecom’s new AU$85 million hyperscale data centre in Sydney. “We see that in the most terrible events, whether it’s in Ukraine or the stresses that are being placed on our own country here in the Indo-Pacific, when it comes to your data security you’ve got to be dealing with someone you trust and so words like sovereign really mean something — secure, really mean something.” In providing this warning, the prime minister said organisations need to prioritise developing data security skills and building secure critical infrastructure, pointing to Macquarie Telecom’s new data centre as an example. “I think that’s one of the great virtues of where we are today and one of the reasons why investments like this are made in Australia because of the amazing people that we’re training and bringing into our companies and our organisations. This is enabling infrastructure such as this to be built for it,” he said. Macquarie Telecom’s new 10MW data centre, called Intellicentre 3 East (IC3 East), has a federal government-level SCEC Zone 3 or higher security standard and is staffed by government-cleared engineers at all times. According to the company, the data centre has a security ops centre that will be used to support government agencies when they encounter cyber threats, Macquarie Government director Aidan Tudehope said. “The world has changed quite dramatically in recent years and particularly in recent months. This has had a direct impact on the level of cybercriminal activity which is landing on Australian shores,” he said. Macquarie Telecom said the security ops centre contains a dashboard that provides information on where cyber attacks are coming from, what cybercriminals or foreign actors are targeting, and identifying patterns of cyber threats. The IC3 East opening follows the government earlier this week launching an AU$89 million cybercrime centre that is specifically focused on preventing cybercriminals from scamming, stealing, and defrauding Australians. Related Coverage More

Four Russian nationals who worked for the Russian government were charged with two sets of US indictments last year for their alleged role in hacks performed by the DragonFly and Triton groups, which both targeted critical infrastructure around the world. The indictments were only unsealed on Friday, however, with the US Department of Justice (DOJ) saying the hacking campaigns conducted by the charged individuals targeted hundreds of companies and organisations across 135 countries. “We face no greater cyber threat than actors seeking to compromise critical infrastructure, offences which could harm those working at affected plants as well as the citizens who depend on them,” District of Columbia attorney Matthew Graves said. One of the indictments accuses three Russian individuals of being part of the DragonFly group, also known as Energetic Bear and Crouching Yeti, which conducted a two-phased campaign targeting and compromising the computers of hundreds of entities related to the energy sector worldwide. Two websites operated by the San Francisco International Airport were also allegedly hacked by the group in 2020.Access to such systems provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing, the DOJ said. In the first phase of this cyberespionage operation, which took place between 2012 and 2014, the conspirators allegedly engaged in a supply chain attack, compromising the computer networks of Supervisory Control and Data Acquisition (SCADA) system manufacturers and software providers and then hiding malware — known publicly as “Havex” — inside legitimate software updates for such systems. After unsuspecting customers downloaded Havex-infected updates, the conspirators allegedly deployed spear-phishing emails and watering hole attacks, allowing them to install malware on over 17,000 devices, including SCADA controllers used by power and energy companies. After pausing activities for two years, the group then resumed operations, under the moniker of Dragonfly 2.0, to deploy spear-phishing emails, watering hole attacks, and a range of malware in an effort to infect energy companies once again. Over two dozen energy companies and utility providers in the US and Europe were attacked as part of this second phase of cyber espionage activity. The three Russian nationals have been charged with conspiracy to cause damage to the property of an energy facility, committing computer fraud and abuse, conspiracy to commit wire fraud, and aggravated identity theft. Two of the three charged individuals could face up to 47 years in prison. The second indictment alleges another Russian national was part of the Triton hacker group, helping the group cause two separate emergency shutdowns at a Schneider Electric facility based in the Middle East. That individual subsequently made an unsuccessful attempt to hack the computers of a US company that managed similar critical infrastructure entities in the United States, the indictment alleges. The Russian national charged in the second indictment faces one count each of conspiracy to cause damage to an energy facility, attempt to cause damage to an energy facility, and conspiracy to commit computer fraud. If convicted, the alleged Triton hacker could face up to 45 years in prison. The unsealing of these indictments follows US President Joe Biden earlier this week calling for local organisations to bolster their cyber defence efforts as Russia is considering conducting cyber attacks in retaliation to sanctions imposed against the country for its invasion into Ukraine. “My administration is reiterating those warnings based on evolving intelligence that the Russian government is exploring options for potential cyber attacks,” Biden said. Related Coverage More