Friday, March 01, 2019

Hard-to-detect credential-theft malware has infected 1,200 and is still going

Comedian Brody Stevens Dead Of Suicide At 48


“His stand-up style was a seemingly contradictory mix of confrontation and self-deprecation. He would often mock the fact that he was not a household name and had managed to land only small parts in television shows and movies [such as the Hangover series]. … He was widely admired by other comedians for his willingness to venture into unsafe territory.” – The New York Times


The Hill February 21, 2019

Sen. Mark Warner (D-Va.) sent a letter to several major health care groups on Thursday asking what they have done to prevent cyberattacks and how the federal government can help them address cyber issues. “The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending,” Warner wrote in the letter, according to a release. “However, the increased use of technology has also left the health care industry more vulnerable to attack.” Warner, the vice chair of the Senate Intelligence Committee and co-chair of the Senate Cybersecurity Caucus, cited a Government Accountability Office report that found that more than 113 million health care records were stolen in 2015 through cyberattacks. The letter was sent to organizations like the American Hospital Association, the American Medical Association, the National Rural Health Association and the Healthcare Leadership Council.



FCW February 19, 2019

Congress rejected a bid to shift about $90 million in cybersecurity research funding to a newly formed agency at the Department of Homeland Security in the recent funding bill. The Science and Technology Directorate at DHS will retain that funding, which DHS sought to move to the Cybersecurity and Infrastructure Security Agency. In their conference report, appropriators suggested S&T use $3 million of that $89 million to set up a test bed to examine possible cybersecurity solutions. It also provided $8 million for the Next Generation Cyber Infrastructure (NGCI) Apex project that provides the financial services sector with technologies and tools to protect their systems and networks.




CyberScoop February 22, 2019

As Washington turns its attention to the 2020 presidential election, the Democratic National Committee on Friday released updated security guidance it says will “dramatically reduce the risk” of hackers breaching candidates’ devices. The checklist is straightforward security advice driven by an awareness of current threats. The DNC, scarred by the Russian intervention in the 2016 presidential election, has invested in improving Democrats’ cyberdefenses in the last two years. U.S. intelligence officials warn that foreign adversaries will continue to target political organizations ahead of votes being cast in 2020. “Our adversaries are already at work, whether a candidate has announced or not,” DNC Chief Security Officer Bob Lord said in a statement. The DNC checklist advises candidates and their staffers to encrypt their laptops in case they are lost or stolen and to use a password manager to make it harder for attackers to crack credentials. The committee is encouraging everyone from presidential candidates to field staffers to heed the guidance.



FCW February 21, 2019

The Defense Information Systems Agency announced it is working to address concerns in an oversight report about performance and reliability issues disrupting the Defense Department's Joint Regional Security Stacks program. The announcement comes just weeks after the Office of the Director, Operational Test and Evaluation recommended the program be suspended until the system's security posture improved. DOT&E reported that JRSS, as deployed by the Air Force, "is unable to help network defenders protect the network against operationally realistic cyberattacks." That pause is not taking place. However, JRSS portfolio manager Army Col. Greg Griffin said in a Feb. 21 blog post, resources have been "significantly realigned" as a result of the report.



Federal News Network


The National Science Foundation has set out to prove that the amorphous concept of “reskilling” doesn’t need to be so scary in government. NSF’s Career Compass Challenge, which the agency launched back in November, will soon solicit for prototypes that NSF — and later all of government — can use to match existing federal employees and their skills to other kinds of work. It’s a government challenge in the traditional sense that participants have deadlines and winners earn prize money. But the leaders behind the Career Compass Challenge say it’s more than a competition; it’s a conversation-starter. The goal is to get the federal workforce, industry, academia and others thinking about “the future of work that’s different than the way federal employees currently think about their work,” Dorothy Aronson, NSF’s chief information officer, said in a recent interview with Federal News Network. “Reskilling” has become a bit of a buzz word in the federal government over the last year. It’s certainly a priority for the Trump administration, which has discussed the need to redeploy existing federal human resources to take on new and future work in the President’s Management Agenda at a symposium at the White House last fall. The Federal Cyber Reskilling Academy launched last year in an effort to retrain certain employees to become cyber defense analysts.



Nextgov

February 20, 2019

Agencies need to step up their efforts to defend the aviation industry against a growing array of emerging threats like cyberattacks and drones, the White House said Wednesday. In its National Strategy for Aviation Security, the Trump administration called on the government to unify its efforts to combat threats in the country’s airspace. And as the airlines grow increasingly network-connected, agencies must also work to identify and protect against potential vulnerabilities in cyberspace, officials said. The last national aviation security strategy, which the Bush administration released in 2007, focused mainly on combating terrorism and physical threats posed by criminals and foreign adversaries. According to the White House, this latest iteration aims to expand the government’s defenses against the risks of the digital age. “The past decade has seen the rise of technologies that generate economic and social benefits, but also may be used to challenge the safety and security of the aviation ecosystem,” the administration wrote. “The use of ‘disruptive technologies,’ such as cyber connectivity and unmanned aircraft, in reckless or malicious ways, along with the constant evolution of terrorist threats to manned aviation, requires a fresh, whole-of-community approach.”



FCW

February 20, 2019

andia National Laboratory is working with Splunk to sharpen its virtual cybersecurity sandbox environment and evaluate how it might be used in both the federal government and industry to blunt attacks. HADES -- short for High-Fidelity Adaptive Deception & Emulation System -- is a supercharged "honeypot" system that attracts would-be cyber attackers by creating an entire virtual environment and tricks the intruders into sticking around so their actions can be monitored. The project won a 2018 Government Innovation Award. Sandia, a National Nuclear Security Administration research and development lab, develops, engineers and tests non-nuclear parts of nuclear weapons. The lab's IT infrastructure is a magnet for cyber bad actors. The lab has been working with Splunk's Enterprise system to widen and deepen the program's ecosystem, said Vincent Urias, distinguished member of the technical staff at Sandia.



StateScoop

February 20, 2019

Vermont Chief Information Officer John Quinn instructed the entire state government to determine if it uses any hardware or software made by certain companies believed to have ties to the Russian and Chinese governments, and make plans to phase them out if they’re found. In a memorandum sent Wednesday to Vermont’s executive-branch agencies, Quinn ordered the removal of products sold by Kaspersky Lab, a cybersecurity software firm suspected by U.S. officials of having ties to the Kremlin, and devices manufactured by Chinese firms including Huawei and ZTE, which the United States has accused of conducting espionage on behalf of Beijing. “The ever-evolving nature of cyber threats has continued to prove that the State of Vermont and the valuable data that we hold for our citizens is a priority target for cyber criminals and hackers alike,” Quinn’s memo reads. The order follows on federal actions against Kaspersky, Huawei, ZTE and other companies that U.S. officials accuse of threatening national security.



INDUSTRY



Reuters

February 22, 2019

Credit reporting company Equifax Inc said it was informed by several U.S. regulators that they intend to seek damages from the company related to the cybersecurity breach of 2017 that exposed personal information of nearly 145 million people. The company has received legal notices from the Federal Trade Commission, Consumer Financial Protection Bureau and the New York Department of Financial Services, it said in a filing on Thursday. The United States Securities and Exchange commission had also issued a subpoena on May 14, 2018, regarding disclosure issues relating to the data breach, while the Office of the Privacy Commissioner of Canada has informed Equifax it intends to "make certain findings and recommendation" related to the incident. The company has been named in 19 class action lawsuits in courts across the country, it said, and has spent hundreds of millions of dollars since disclosing the breach.



ZDNet

February 20, 2019

Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs. The whitelist allows Facebook Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand. Prior to February 2019, the secret Flash whitelist contained 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ, just to name the biggest names on the list. Microsoft trimmed down the list to two Facebook domains earlier this month after a Google security researcher discovered several security flaws in Edge's secret Flash whitelist mechanism.



Nextgov

February 20, 2019

Hackers are shifting their tactics away from traditional phishing and ransomware attacks, and moving toward stealthier intrusions via websites and the software supply chain, according to a recent report. In its annual report on internet security threats, the cybersecurity firm Symantec said online bad actors are increasingly exploiting vulnerabilities in commercial software and operating systems to launch cyberattacks. Supply chain attacks, which use loopholes in third-party services to strike a target, increased 78 percent between 2017 and 2018, and web attacks, which rely on malicious URLs and other online weapons, also spiked 56 percent. “A growing number of groups display[ed] an interest in compromising operational computers, which could potentially permit them to mount disruptive operations if they chose to do so,” Symantec wrote in the report. Researchers also found phishing attempts dropped roughly 7 percent and overall ransomware infections dropped 20 percent during the past year.



CyberScoop

February 20, 2019

Analysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times that of other types of ransomware. Some victims of Ryuk “either lost their data or took on staggering financial risk to pay the ransom,” the researchers wrote. In some cases, Ryuk’s purveyors took big payouts of over 100 bitcoin (nearly $400,000 at current rates), in others they were satisfied with squeezing smaller sums from the victims, the McAfee-Coveware report said. The research follows a January report from another company, CrowdStrike, saying that hackers had earned $3.7 million from Ryuk since the ransomware emerged in August. Victims have reportedly included a North Carolina water utility and multiple U.S. newspapers.



Ars Technica

February 20, 2019

WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a more than 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file. The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.



FCW

February 19, 2019

A Feb. 19 report by threat intelligence firm CrowdStrike makes the case that nation-state offensive cyber operations are here to stay, documenting how the practices have become key weapons for global powers even as the U.S. and other countries seek to impose greater costs for bad behavior in the digital space. Some nation-states "gave lip-service to curbing their clandestine cyber activities," but behind the scenes they have actually "doubled down" on such tactics over the past year, the report claimed. CrowdStrike characterized 2018 as a "transition year" for many nation-state hacking groups as they switched up tactics in response to high-profile "name and shame" tactics from the U.S. and other allies. Breakout times -- defined as the speed with which an actor moves from gaining an initial foothold within a network to gaining broader access -- continued to shrink as threat groups hone their tactics. Russian groups like Fancy Bear led the way with a breakout time of less than 19 minutes, nearly eight times faster than their closest competitor, North Korea-based groups. 



CyberScoop

February 19, 2019

The author of newly-published research that examines flaws in password managers has been kicked off Bugcrowd, a popular vulnerability-reporting platform, after one of the companies named in the research reported the author for violating Bugcrowd’s terms of service. Bugcrowd shut down Adrian Bednarek’s account after he violated the company’s rules on “unauthorized disclosure” by telling a reporter about a vulnerability in LastPass, a password management service. The vulnerability is an old bug that another researcher had already reported, but hadn’t been fixed. According to a disclosure timeline he shared with CyberScoop, Bednarek found himself banned from Bugcrowd on Feb 12., a day after he said he spoke with The Washington Post for a report that his consulting company, Independent Security Evaluators (ISE), ultimately published Tuesday. Bednarek had reported the vulnerability to Bugcrowd on Jan. 19. After being told it was a duplicate, he raised concerns that the bug still hadn’t been fixed. Bednarek told CyberScoop he wants to be reinstated and help improve the platform’s terms of service.



Gov Info Security

February 19, 2019

Where's the breach? In 2015 and 2016, it was at Wendy's, when attackers infected 1,025 of its restaurants' point-of-sale systems with malware, leading to the loss of massive quantities of payment card data. Subsequently, consumers and financial institutions filed class action lawsuits against Wendy's, alleging that it had failed to properly secure its systems or notify customers and institutions that it had been breached. The consumer class-action lawsuit - Torres v. Wendy's International - was filed in February 2016. Wendy's settled that lawsuit In October 2018 for $3.4 million. In April 2016, Pennsylvania-based First Choice Federal Credit Union filed a lawsuit, seeking class-action status on behalf of all affected financial institutions. The financial firms' lawsuit - First Choice Federal Credit Union v. The Wendy's Company - may be close to resolution. Last week, Wendy's reached a proposed settlement with financial institutions, including attorneys' fees and costs, that would pay out $50 million. Of that, Wendy's says it expects to pay about $27.5 million, while the rest will be covered by insurance.



CyberScoop

February 19, 2019

WordPress recently patched a long-running, potentially serious vulnerability in its core code. But a similar flaw in third-party plugins could still allow hackers to take over websites that use the popular publishing software, according to German web security company RIPS Technologies. Exploiting the vulnerability requires an attacker to have access to an account with “author” privileges for the target website — a common designation for WordPress users. Once logged in, a hacker could manipulate how WordPress reads and writes files in its image database, essentially tricking the software into saving a malicious script file into a directory that typically handles photos. “An attacker who gains access to an account with at least author privileges on a target WordPress site can execute arbitrary PHP code on the underlying server, leading to a full remote takeover,” RIPS researcher Simon Scannell wrote in a blog post Tuesday.



Silicon Republic

February 19, 2019

A group of researchers say that it will be difficult to avoid Spectre bugs in the future unless CPUs are dramatically overhauled. Google researchers say that software alone is not enough to prevent the exploitation of the Spectre flaws present in a variety of CPUs. The team of researchers – including Ross McIlroy, Jaroslav Sevcik, Tobias Tebbi, Ben L Titzer and Toon Verwaest – work on Chrome’s V8 JavaScript engine. The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future.



INTERNATIONAL



The Sydney Morning Herald

February 22, 2019

Top-level sources with detailed knowledge of the cyber attack on Australia's political parties and Parliament have dismissed a report that Iran and not China was behind the hack. Citing the US cyber research company Resecurity, The Wall Street Journal reported the attack was likely carried out by Iran's Mabna Institute Hackers. Resecurity president Charles Yoo said the pattern of the attack fitted with those previously carried out by the Mabna hackers, and he believed that the blame most in Australia had laid on the Chinese was a false flag. He provided a database of 7,354 records containing phone contacts and emails for Australian MPs and parliamentary staffers. But Australian sources with detailed knowledge of the hack, who are not allowed to speak on the record about the information to which they are privy, said the Mabna link was an unlikely theory and that China remained the suspect. They said that the sophistication of the attack meant only two countries were capable of conducting it, and that Iran was not on the list.



CyberScoop

February 21, 2019

Cyberwar is intensifying in South America. A new hacking group researchers have dubbed Blind Eagle is carrying out targeted attacks against Colombian government agencies, financial companies and corporations with a presence in Colombia. Blind Eagle has been active since April 2018, posing as Colombian institutions like the National Cyber Police and the Office of the Attorney General to steal intellectual property, according to research published this week by the 360 Enterprise Security Group, which is affiliated with the Chinese security giant Qihoo 360. Researchers from 360 did not specifically identify the suspects who might be behind the group, which is also referred to as APT-C-36. But they suggested the attacks originated in South America, based on the timing the attacks were sent and the use of the Spanish language in the malware, among other factors.



Vice Motherboard

February 21, 2019

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.



The Age

February 21, 2019

Cyber attackers have hit Melbourne’s Catholic Archdiocese, demanding a ransom from the church and paralysing its computer system for days, while Australia's biggest corporate superannuation fund, TelstraSuper, has admitted it has also been targeted. The Age has confirmed the attacks, after revealing on Wednesday that a cyber crime syndicate hacked and scrambled the files of Melbourne Heart Group, a cardiology unit based at Cabrini Hospital. Car maker Toyota has also been hit by a cyber attack in Australia, with employees locked out of their emails for days. Toyota Australia's servers were targeted on Tuesday and an investigation involving federal authorities is under way into who was behind the potentially malicious cyber attack.



Reuters

February 21, 2019

Ukraine's State Security Service SBU accused Russia on Thursday of meddling in the electoral process in Ukraine by creating illegal structures to help guarantee victory for a certain candidate. Ukraine holds a presidential election in late March. Its relations with Russia have been very poor since Moscow annexed the Crimea peninsula in 2014 and started backing armed separatists in eastern Ukraine. SBU deputy head Viktor Kononenko told a news briefing that a group of Russian citizens and their Ukrainian collaborators had used financial bribes to set up a network of people ready to vote for a certain candidate and to influence public opinion. "This activity is illegal and implies an impact on the election results," Kononenko said, adding that the plot involved "citizens of Ukraine who have been cooperating with Russian structures for a long time". Kononenko declined to say which of the 44 registered candidates stood to benefit from the scheme.



The New York Times

February 20, 2019

A group of hackers associated with Russian intelligence targeted civil society groups across Europe ahead of May elections there, Microsoft said on Tuesday. The attacks, disclosed by Microsoft in a blog post, demonstrate the continuing spread of a broad online campaign aimed at disrupting real and potential political opponents of Russia’s president, Vladimir V. Putin. The company said it had found that hackers targeted more than 100 email accounts at think tanks and nongovernmental organizations that work on issues including election security, nuclear policy and foreign relations. Microsoft didn’t address what country the attacks came from, but it blamed a group of hackers sometimes called Fancy Bear. Online security companies have identified Fancy Bear as a Russian group, and it is widely believed to be tied to Russian intelligence.



The New York Times

February 20, 2019

The Trump administration has spent a year trying to convince America’s allies in Europe that the Chinese telecommunications giant Huawei is a grave threat to their national security and should not be allowed any role in developing new wireless networks. A top British official indicated Wednesday that the aggressive campaign may not be working. The official, Ciaran Martin, who leads Britain’s National Cyber Security Center, expressed confidence at a conference in Brussels that any security risks Huawei posed could be managed. Britain, Mr. Martin noted, has successfully managed the company’s presence in the country’s telecommunications networks for more than 15 years by subjecting its products to strict security reviews at a laboratory run by government intelligence officials, and would continue to do so. “Our regime is arguably the toughest and most rigorous oversight regime in the world for Huawei,” he said. He added that the company’s equipment “is not in any sensitive networks, including those of the government.” “Its kit is part of a balanced supply chain with other suppliers,” Mr. Martin said.



Wired

February 18, 2019

The phony Facebook pages looked just like the real thing. They were designed to mimic pages that service members use to connect. One appeared to be geared toward a large-scale, military exercise in Europe and was populated by a handful of accounts that appeared to be real service members. In reality, both the pages and the accounts were created and operated by researchers at NATO’s Strategic Communications Center of Excellence, a research group that's affiliated with NATO. They were acting as a "red team" on behalf of the military to test just how much they could influence soldiers’ real-world actions through social media manipulation. The group "attempted to answer three questions,” Nora Biteniece, a software engineer who helped design the project, told WIRED. “The first question is, What can we find out about a military exercise just from open source data? What can we find out about the participants from open source data? And, can we use all this data to influence the participants’ behaviors against their given orders?” The researchers discovered that you can find out a lot from open source data, including Facebook profiles and people-search websites. And yes, the data can be used to influence members of the armed forces. The total cost of the scheme? Sixty dollars, suggesting a frighteningly low bar for any malicious actor looking to manipulate people online.



The New York Times

February 18, 2019

Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China. Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorized to discuss them publicly. The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month. The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements.



Reuters

February 18, 2019

Israel has launched a cyber hotline, staffed mostly by veterans of military computing units, to enable businesses and private individuals to report suspected hacking and receive real-time solutions. The 119 call-in number to the Computer Emergency Response Centre (CERT) is being billed by Israel and cyber experts as a world first. "Our job is to mitigate the damage as quickly as possible, to learn about the threats and to spread the knowledge where relevant," CERT director Lavy Shtokhamer told Reuters at the facility in the southern hi-tech hub city of Beersheba. "A cyber-attack may not be limited only to property or financial damage. It can also threaten lives." In some cases, Shtokhamer said, CERT will dispatch teams of experts to affected computer users at a few hours' notice.



Reuters

February 17, 2019

Germany has experienced a big increase in the number of security incidents hitting critical infrastructure such as power grids and water suppliers, the BSI cybersecurity agency said on Sunday, adding however that they were not all due to hacking. The Welt am Sonntag weekly had reported on Sunday that Germany had learned of 157 hacker attacks on critical infrastructure companies in the second half of 2018 compared to 145 attacks in the whole of the previous year. "The number of reports of IT security incidents has increased but it is not to be equated with the number of cyber attacks," tweeted the BSI in response to the newspaper report. "Reports are also made for other reasons such as technical problems," it added. The attacks were aimed at sabotaging power supplies and manipulating water supplies or disrupting communications lines, the paper said, adding security authorities suspected foreign intelligence agencies were behind such attacks. German and European authorities have become increasingly worried about the risk of security breaches in infrastructure as well as interference in elections especially from Russia, China and far-right groups.



TECHNOLOGY



Ars Technica

February 21, 2019

Sites that run the Drupal content management system run the risk of being hijacked until they're patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday. CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user input, managers said in an advisory. Hackers who exploited the vulnerability could, in some cases, run code of their choice on vulnerable websites. The flaw is rated highly critical. "Some field types do not properly sanitize data from non-form sources," the advisory stated. "This can lead to arbitrary PHP code execution in some cases."



Ars Technica

February 20, 2019

A deceptively simple malware attack has stolen a wide array of credentials from thousands of computers over the past few weeks and continues to steal more, a researcher warned on Tuesday. The ongoing attack is the latest wave of Separ, a credential stealer that has been known to exist since at least late 2017, a researcher with security firm Deep Instinct said. Over the past few weeks, the researcher said, Separ has returned with a new version that has proven surprisingly adept at evading malware-detection software and services. The source of its success: a combination of short scripts and legitimate executable files that are used so often for benign purposes that they blend right in. Use of spartan malware that's built on legitimate apps and utilities has come to be called "living off the land," and it has been used in a variety of highly effective campaigns over the past few years.



MIT Technology Review

February 19, 2019

Early last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. Its blockchain, the history of all its transactions, was under attack. An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million. Coinbase claims that no currency was actually stolen from any of its accounts. But a second popular exchange, Gate.io, has admitted it wasn’t so lucky, losing around $200,000 to the attacker. Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry. In total, hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly.