Leading Cryptocurrency ATM Manufacturer General Bytes Loses $1.5M in Bitcoin in Hacking Attack
- Written by Ari Denial Cybersecurity & Tech Writer
General Bytes reportedly experienced a security breach enabling an attacker to remotely access the master service interface and transfer funds from hot wallets. As a result, the majority of cryptocurrency ATM operators in the US had to temporarily suspend operations. The attacker successfully liquidated 56.28 bitcoins worth approximately $1.5 million from about 15 to 20 crypto ATM operators nationwide.
During the weekend, the company revealed that cybercriminals took advantage of a zero-day vulnerability, known as BATM-4780, to upload a Java application remotely via the ATM’s master service interface and execute it with ‘batm’ user privileges.
General Bytes clarified in their security incident disclosure that the perpetrator scanned the Digital Ocean cloud hosting IP address range and found running CAS services on ports 7741, which included the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (which is their recommended cloud hosting provider).
Upon uploading the Java application, the attackers were able to execute the actions, General Bytes cautioned that both their customers and their own cloud service were compromised during the attacks.
While the company revealed the amount of money stolen by the attacker, they also shared a list of cryptocurrency addresses used by the hacker during the attack .
As of the latest update, the stolen cryptocurrency remains in the Bitcoin wallet. However, it seems that the attackers have converted the stolen Ethereum to USDT using Uniswap.
Even if there are no signs of a security breach, General Bytes advises all users to assume that their CAS passwords and API keys have been compromised and to immediately invalidate and generate new ones. Additionally, all user passwords should be reset as a precautionary measure.
The company has announced plans to conduct multiple security audits of its products by several firms within a short timeframe, in an effort to identify and resolve any other potential vulnerabilities before they can be exploited by malicious actors.
Saks Fifth Avenue Targeted by Clop Ransomware, Retailer Alleges No Genuine Data Compromised
- Written by Ari Denial Cybersecurity & Tech Writer
Luxury retailer Saks Fifth Avenue has reportedly been targeted by the Clop ransomware gang, according to information listed on their dark web leak site. However, the company has stated that the cyber attack did not impact any real customer data. The incident is just one example of Clop’s ongoing focus on exploiting vulnerabilities in GoAnywhere MFT servers that belong to established businesses.
Saks Fifth Avenue is a luxury brand retailer that was founded in 1867 by Andrew Saks and is currently headquartered in New York City. It serves customers in the United States, Canada, and parts of the Middle East and is considered one of the prominent names in the luxury retail industry.
The ongoing cyberattack on Saks Fifth Avenue by the Clop ransomware gang is believed to be linked to their larger campaign of targeting vulnerable GoAnywhere servers that have a security flaw.
A security flaw identified as CVE-2023-0669 is responsible for enabling the Clop ransomware gang to gain remote code execution on unpatched GoAnywhere MFT instances, particularly those with their administrative console exposed to the internet.
Fortra, the developer of GoAnywhere MFT, had informed its customers about the CVE-2023-0669 vulnerability being exploited as a zero-day in the wild and urged them to patch their systems. However, the official advisory has not been made public but was revealed by investigative journalist Brian Krebs.
According to a spokesperson from Saks Fifth Avenue, “Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks.”
The mock customer data that was taken during the security incident does not contain any actual customer or payment card information. The data is solely used for testing purposes to simulate customer orders, another spokesperson added.
Saks Fifth Avenue has confirmed that it is conducting an ongoing investigation into the cyber security incident and is working alongside outside experts and law enforcement. The company also stated that it takes information security very seriously and is committed to ensuring the safety of the information it holds.
