Last week, the U.S arrested two individuals in what is now known as the largest financial seizure ever. In today’s value, they allegedly laundered USD$3.6 billion in Bitcoin. This happened when the Bitfinex currency was hacked back in 2016. Apparently, they weren’t the actual individuals who executed the hack. The hackers have yet to be identified. And if you’re wondering about these two people who were arrested, they are husband and wife, Ilya Lichtenstein and Heather Morgan. They are facing up to 20 years in prison. (Bloomberg)
Here is how the couple was brought to justice:
“Investigators located a wallet containing more than 2,000 bitcoin accounts and followed the trail to accounts at a dark web marketplace called AlphaBay. The marketplace was dismantled by the Justice Department in 2017.
Authorities said they obtained access to files within an online account controlled by the suspect, which contained the private keys to the wallet that was used to receive and store bitcoin stolen in the 2016 Bitfinex hack.
The keys allowed agents to lawfully seize and recover more than 94,00 Bitcoin, the Department of Justice said in a statement.
Millions of dollars were cashed out through Bitcoin ATMs and used to purchase gold, non-fungible tokens (NFTs) and Walmart gift cards, prosecutors said.” (DW)
What are your thoughts? This is a jaw-dropping story, for many reasons. It reveals that criminals cannot rely on using Bitcoin for their illegal activities. It potentially solves a case dating back to 2016. Funny enough, the people behind this crime are not who you think they’d be. The husband is a tech investor and the wife is a businesswoman/rapper! The story is so wild that Netflix wants to launch a docuseries on the story. For more information on this couple, The New York Times covers them well and so does Forbes in this video. What are your thoughts?
North Korea was having bad internet connectivity earlier this month. A country with a few dozen websites, saw their websites drop offline over a few days. The US Cyber Command or any other state were not behind it. It was all the work of an American man in his pajamas. His motive? He was hacked by Korean spies last year.
As it turns out, this American man is an independent hacker who goes by the handle P4x. He was one of many victims, but revealed that they never accessed anything valuable. After a year of resentment, P4x decided it was time to teach North Korea a lesson.
This is what he had to say, “For me, this is like the size of a small-to-medium pen test,” P4x said. “It's pretty interesting how easy it was to actually have some effect in there.”
Wired states that “P4x admits he automated his attacks on the North Korean systems, periodically running scripts that enumerate which systems remain online and then launching exploits to take them down.” (Wired)
My thoughts: If only North Korea did a pen test!? If you’re not sure whether your organization should invest in regular pen tests, join our workshop this February 17, 2022 at 1pm EST. In partnership with GoSecure, we are exploring how to get the most out of a pen test and if it’s right for you. Reserve your spot here.
Cyber insurance is not a mature industry. Let’s call it an “evolving” industry. Couple this with the increasing number of cyber-attacks over the last few years, partly due to Covid-19, it’s shocking the cyber insurance industry has survived. Cyber / data breaches cost an organization on average, $4.24 million. Even if you have a cyber insurance policy, the policy typically only covers about 40% of that incident. We’ve seen many cyber insurance firms suffer due their poor predictive analysis. This poor analysis is simply because they were basing trends on past hacks, which in comparison, were small to what we are seeing today. Every month sets a new record in cyber threats and attacks. Subsequently, cyber insurance providers are starting to adapt with higher premiums and denying coverage. As the industry continues to mature, we will see higher institutional safeguards and comprehensive security measures required in order to qualify for a cyber insurance policy. (Forbes)
My thoughts: Businesses will need to invest in their cyber resilience strategies as coverage will be increasingly difficult to obtain. At this point, I’m surprised the cyber insurance industry has survived at all. As companies begin to assess and mature their cyber resilience strategy I think we can expect a huge turnaround in this industry. If you want to assess your organization’s cyber resilience, we created a short and free survey here.
Access The Untold Stories of IT Professionals.
Assurance IT launched IT Spotlight - a series putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.