Category Archives: bitcoin

Trade Recommendation: district0x

Our April 14, 2018 trade recommendation for the district0x/Bitcoin (DNT/BTC) pair hit the target on April 22 when it went as high as 0.00002304. Those who followed the trade recommendation grew their investments by at least 50% in about a week. The trade recommendation also emphasized to sell immediately once the target is hit. It […]

The post Trade Recommendation: district0x appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Pop Higher as Consolidation Continues

Trading activity increased in the major coins today, amid a mixed news flow, and for now, bulls scored a small victory following last week’s bearish price action. Bitcoin, Ethereum and most of the largest digital currencies gained several percents, despite the weekend’s deterioration, and although the technical setup didn’t change significantly, an immediate breakdown has […]

The post Crypto Update: Coins Pop Higher as Consolidation Continues appeared first on Hacked: Hacking Finance.

New York Approval of Crypto Trading App Ignites Price Rally for Bitcoin, Altcoins

The cryptocurrency market on Monday added $13 billion in the span of one hour after New York’s Department of Financial Services granted Square a digital currency license. Square Cash App Approved for BitLicense San Francisco-based startup Square, Inc. announced Monday it has been granted approval by New York regulators to launch its cryptocurrency trading platform […]

The post New York Approval of Crypto Trading App Ignites Price Rally for Bitcoin, Altcoins appeared first on Hacked: Hacking Finance.

Crypto Critics: Fractured Facts

I have another confession.  As a long time investor, I believed in the theory of efficient markets. This basically means that every participant in the market has immediate and complete access to all information facts like price, earnings and other data.   I made the mistake in applying this theory to cryptocurrencies. Lately, this has […]

The post Crypto Critics: Fractured Facts appeared first on Hacked: Hacking Finance.

Bitcoin’s Stalled Recovery Keeps the Bulls in Check

The bitcoin recovery engine stalled on Monday, setting the stage for a possible price reversal that mirrors last week’s 70-day low. With the total market cap so low, a decline in bitcoin would almost assuredly lead to a similar correction for other cryptocurrencies. Bitcoin Price Levels Bitcoin prices reached a low of $6,335.77 on Monday, […]

The post Bitcoin’s Stalled Recovery Keeps the Bulls in Check appeared first on Hacked: Hacking Finance.

Trade Recommendation: Modum

The Modum/Bitcoin pair (MOD/BTC) attempted to breakout from the inverse head and shoulders formation on May 4, 2018. Our April 15, 2018 trade recommendation banked on this breakout. Unfortunately, the pair only generated about half of the required 1.5 million Modum volume. As a result, bears were able to hold on to the resistance   […]

The post Trade Recommendation: Modum appeared first on Hacked: Hacking Finance.

Crypto Expert Maintains $60,000 Price Target for Bitcoin

Back in January, cryptocurrency expert Phillip Nunn made two bold predictions: bitcoin will reach a low of $6,000 this year before rebounding to a high of $60,000. With his first prediction proving true, Nunn remains steadfast that the latter price point will also come to fruition in spite of recent market turmoil. The Bulls Will Prevail […]

The post Crypto Expert Maintains $60,000 Price Target for Bitcoin appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Consolidate Above Support but Downtrend Still Intact

It has been a very quiet weekend for the major cryptocurrencies so far, as the predominantly bearish week ended with range trading and a collapse in volumes across the board. Most of the top coins failed to gain back the ground they lost during the steep selloff, with only Binance Coin and VeChain showing meaningful […]

The post Crypto Update: Coins Consolidate Above Support but Downtrend Still Intact appeared first on Hacked: Hacking Finance.

Trade Recommendation: Cindicator

The Cindicator/Bitcoin pair (CND/BTC) started its bull run on January 18, 2018 when it took out resistance of 0.00001. The breakout attracted so much momentum that the pair went as high as 0.0000332 on January 23. In five days, the market grew by 232%. At this price level, the target of the breakout was hit. […]

The post Trade Recommendation: Cindicator appeared first on Hacked: Hacking Finance.

Long-Term Cryptocurrency Analysis: Bull Market in Jeopardy

As the crucial rally attempt that we pointed out in our previous long-term analysis failed, and the major coins sold off heavily afterwards, the segment is now in a difficult situation. While Bitcoin and especially Ethereum are still in bullish setups, the most valuable coin is now close to a major breakdown that could lead […]

The post Long-Term Cryptocurrency Analysis: Bull Market in Jeopardy appeared first on Hacked: Hacking Finance.

Trade Recommendation: POA

The POA/Bitcoin pair (POA/BTC) started its uptrend on April 7, 2018 when it took out resistance if 0.00006. This activated the cup and handle reversal pattern on the daily chart. The breakout pushed the market to as high as 0.00010248 on May 10. In a month, the pair grew by 70%. At this price level, […]

The post Trade Recommendation: POA appeared first on Hacked: Hacking Finance.

Crypto Psycho:  Crazy Price Action

Say what you will about the cryptocurrency bubble of 2017 not making sense, what about the action lately?  Prices are acting terribly. Professor John Griffin claims last year’s bitcoin rally was manufactured by Bitfinex. Economist Nouriel Roubini proclaims bitcoin is going to zero. The founder of Crypto Asset Management says about bitcoin: “We are shorting […]

The post Crypto Psycho:  Crazy Price Action appeared first on Hacked: Hacking Finance.

Trade Recommendation: FunFair

The FunFair/Bitcoin (FUN/BTC) pair started its uptrend on December 29, 2017 when it took out resistance of 0.0000039. This triggered the rounding bottom reversal pattern on the daily chart. The breakout attracted so much momentum that the pair soared to 0.00001385 on January 4, 2018. In less than a week, FUN/BTC grew by over 246%. […]

The post Trade Recommendation: FunFair appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum Leads Rebound, Boosted by the SEC

The cryptocurrency segment experienced a sudden bullish surge in late trading today, following the words of a top-level SEC official that substantially eased regulatory fears, which were among the leading negative drivers this year. The director said that the institution won’t treat ETH as a security, and it doesn’t see value in regulating it. The positive […]

The post Crypto Update: Ethereum Leads Rebound, Boosted by the SEC appeared first on Hacked: Hacking Finance.

The CIA ‘Can Neither Confirm Nor Deny’ It Has Documents on Satoshi Nakamoto

An anonymous reader shares a report: Who is Satoshi Nakamoto? Ever since this pseudonymous person or group unleashed Bitcoin on the world in 2008, Nakamoto's real identity has been one of the biggest mysteries in the cryptocurrency world. And based on a response to my recent Freedom of Information Act (FOIA) request, if the CIA knows anything, it's not talking. [...] In 2016, Alexander Muse, a blogger who mostly writes about entrepreneurship, wrote a blog post that claimed the NSA had identified the real identity of Satoshi Nakamoto using stylometry, which uses a person's writing style as a unique fingerprint, and then searched emails collected under the PRISM surveillance program to identify the real Nakamoto. Muse said the identity was not shared with him by his source at the Department of Homeland Security. [...] I figured it couldn't hurt to ask some other three-letter agencies what they know about Nakamoto. [...] I received a terse reply that informed me that "the request has been rejected, with the agency stating that it can neither confirm nor deny the existence of the requested documents."

Read more of this story at Slashdot.

Malicious Actors Generated $175 Million in Monero Via Cryptocurrency Mining, Report Reveals

Crypto-thieves have earned a total of $175 million in Monero via malicious cryptocurrency mining techniques, according to a recent study. These illicit profits represent 5 percent of all Monero in circulation today.

This surge is largely due to cybercriminals’ preference for the digital currency and the rapid proliferation of crypto-mining malware, the study found. However, since they didn’t include JavaScript or web-based mining activities in their research, the report’s authors noted that the true figure is likely much higher.

Monero: Cybercriminals’ Favorite Digital Currency

For the report, Palo Alto Networks used a threat analysis service to determine which digital currencies malicious actors prefer to mine for and how lucrative this activity is for crypto-miners. Of the 629,126 malware samples included in the research, 531,663 (approximately 85 percent) delivered software designed to mine for Monero. This figure dwarfed that of bitcoin, which came in second with 53,615 samples.

Monero’s dominance extended to the number of wallets observed in the dataset. In total, the researchers identified 2,341 Monero wallets, which was more than twice the amount of bitcoin wallets at 981. By comparison, Electroneum, Ethereum and Litecoin were barely represented at just 131, 44 and 28 wallets, respectively.

In addition, the researchers identified 3,773 emails used to connect to mining pools and 2,995 mining pool URLs.

Addressing the Cryptocurrency Mining Threat

Josh Grunzweig, senior malware researcher at Palo Alto Networks, noted that it’s difficult to defeat cryptocurrency mining software delivered by malware.

“Many malware authors will limit the CPU utilization, or ensure that mining operations only take place during specific times of the day or when the user is inactive,” Grunzweig explained. “Additionally, the malware itself is delivered via a large number of methods, requiring defenders to have an in-depth approach to security.”

To help organizations protect themselves, Palo Alto provided all Monero wallets and hashes for all the malicious samples it identified in its research.

The post Malicious Actors Generated $175 Million in Monero Via Cryptocurrency Mining, Report Reveals appeared first on Security Intelligence.

Bitcoin’s Brush With Oversold Levels Suggests Selloff May Be Over – For Now

Bitcoin’s epic collapse culminated on Thursday with a price-per-coin of around $6,130, prompting an imminent reversal. Though possibly short-lived, bitcoin’s bounce can be attributed to one of its worst RSI readings in almost two years. Bitcoin Price Update The value of bitcoin plunged toward $6,100, its lowest in two months, as volatile futures activity and […]

The post Bitcoin’s Brush With Oversold Levels Suggests Selloff May Be Over – For Now appeared first on Hacked: Hacking Finance.

Trade Recommendation: Viberate

The Viberate/Bitcoin (VIB/BTC) pair showed further signs of bearishness on February 20, 2018 when it broke below support of 0.000025. The new resistance was then tested on March 1 when the pair rallied to 0.0000307 only to close at 0.00002427. The confirmation of the resistance triggered a waterfall event that saw the pair drop to […]

The post Trade Recommendation: Viberate appeared first on Hacked: Hacking Finance.

Smashing Security #082: World Cup cybersecurity, crypto crashes, and a bang of a password fail

Ss episode 82 thumb

Coinrail cryptocurrency exchange goes offline after hack, Russia appears to be ‘live testing’ cyber attacks, and Florida stopped running background checks on gun buyers because of forgotten password.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by football-mad John Leyden from The Register.

Crypto Update: Coins Dumped Again as Bitcoin Nears $6000

The bloody week continued in the cryptocurrency segment on Fed-day too as the major coins suffered another hit, falling around 10% on average compared to yesterday’s price levels. The move dragged down the previously relatively stronger coins too, and that led to further deterioration of the short-term technical picture, as several key support levels were […]

The post Crypto Update: Coins Dumped Again as Bitcoin Nears $6000 appeared first on Hacked: Hacking Finance.

Bitcoin’s Price Was Artificially Inflated Last Year, Researchers Say

A concentrated campaign of price manipulation may have accounted for at least half of the increase in the price of Bitcoin and other big cryptocurrencies last year, according to a paper released on Wednesday by an academic with a history of spotting fraud in financial markets. From a report, first shared to us by reader davidwr: The paper by John Griffin, a finance professor at the University of Texas, and Amin Shams, a graduate student, is likely to stoke a debate about how much of Bitcoin's skyrocketing gain last year was caused by the covert actions of a few big players, rather than real demand from investors. Many industry players expressed concern at the time that the prices were being pushed up at least partly by activity at Bitfinex, one of the largest and least regulated exchanges in the industry. The exchange, which is registered in the Caribbean with offices in Asia, was subpoenaed by American regulators shortly after articles about the concerns appeared in The New York Times and other publications. Mr. Griffin looked at the flow of digital tokens going in and out of Bitfinex and identified several distinct patterns that suggest that someone or some people at the exchange successfully worked to push up prices when they sagged at other exchanges. To do that, the person or people used a secondary virtual currency, known as Tether, which was created and sold by the owners of Bitfinex, to buy up those other cryptocurrencies.

Read more of this story at Slashdot.

RSAs CTO is Bullish on Security. Blockchain? Not so much.

The success of blockchain technology in securing cryptocurrencies doesn’t make the technology a good fit for securing the Internet of Things, RSA Security Chief Technology Officer Zulfikar Ramzan says. Check out our exclusive conversation with Zully about IoT, blockchain and the state of the information security industry.   I had the...

Read the whole entry... »

Related Stories

McAfee Blogs: Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security

On May 19 researchers discovered a series of vulnerabilities in the blockchain-based EOS platform that can lead to remote control over participating nodes. Just four days prior, a mining pool server for the IOT platform HDAC was compromised, impacting the vast majority of miners. In January the largest-ever theft of cryptocurrencies occurred against the exchange Coincheck, resulting in the loss of US$532 million in NEM coin. Due to its increased popularity and profitability cybercriminals have been targeting all things blockchain. McAfee Advanced Threat Research team analysts have now published the McAfee Blockchain Threat Report to explain current threats against the users and implementers of blockchain technologies.

What is Blockchain?

Even if you have not heard of blockchain, you have likely heard of cryptocurrencies, namely Bitcoin, the most popular implementation. In late 2017 Bitcoin reached a value of $20,000 per coin, prompting a lot of interest in the currency—including from cybercriminals. Cryptocurrencies are built on top of blockchain, which records transactions in a decentralized way and enables a trusted “ledger” between trustless participants. Each block in the ledger is linked to the next block, creating a chain. Hence, the system is called a blockchain. The chain enables anyone to validate all transactions without going to an outside source. From this, decentralized currencies such as Bitcoin are possible.

Proof-of-work blockchain. Source: https://bitcoin.org/bitcoin.pdf.

Blockchain Attacks

Attackers have adopted many methods targeting consumers and businesses. The primary attack vectors include phishing, malware, implementation vulnerabilities, and technology. In a phishing scheme in January, Iota cryptocurrency lost $4 million to scams that lasted several months. Malware authors often change their focus. In late 2017 to early 2018 some have migrated from deploying ransomware to cryptomining. They have been found using open-source code such as XMRig for system-based mining and the mining service Coinhive.

Source: McAfee Labs

Implementation vulnerabilities are the flaws introduced when new technologies and tools are built on top of blockchain. The recent EOS attack is one example. In mid-July 2017 Iota suffered an attack that essentially enabled attackers to steal from any wallet. Another currency, Verge, was found with numerous vulnerabilities. Attackers exploiting the vulnerabilities were able to generate coins without spending any mining power.

Known attacks against the core blockchain technology are much more difficult to implement, although they are not unheard of. The most widely known attack is the 51% attack, or majority attack, which enables attackers to create their own chains at will. The group 51 Crew targeted small coins, including Krypton, and held them for ransom. Another attack, known as a Sybil attack, can allow an attacker to completely control a targeted victim’s ledger. Attempts have been made for larger scale Sybil attacks such as one in 2016. 

Dictionary Attacks

Blockchain may be a relatively new technology but that does not mean that old attacks cannot work. Mostly due to insecure user behavior, dictionary attacks can leverage some implementations of blockchain. Brain wallets, or wallets based on weak passwords, are insecure, yet people still use them. These wallets are routinely stolen, as was the case with the nearly BTC60 stolen from the following wallet:

This wallet recorded two transactions as recently as March 5, 2018. One incoming and one outgoing transaction occurred within roughly 15 minutes. Source: https://blockchain.info.

Exchanges Under Attack

The biggest players, and targets, in blockchain are cryptocurrency exchanges. Cryptocurrency exchanges can be thought of as banks in which you users create accounts, manage finances, and even trade currencies including traditional ones. One of the most notable incidents is the attack against Mt. Gox between 2011‒2014 that resulted in $450 million of Bitcoin stolen and led to the liquidation and closure of the company. Coincheck, previously mentioned, survived the attack and began reimbursing victims for their losses in March 2018. Not all recent exchanges fared so well. Bitcurex abruptly closed and led to an official investigation into the circumstances; Youbit suffered two attacks, leading the company into bankruptcy.

An advertisement for the shuttered Polish exchange Bitcurex.

Conclusion 

Blockchain technologies and its users are heavily targeted by profit-driven cybercriminals. Current attackers are changing their tactics and new groups are entering the space. As more businesses look to blockchain to solve their business problems and consumers increasingly rely on these technologies, we must be diligent in understanding where the threats lie to achieve proper and tailored risk management. New implementations must place security at the forefront. Cybercriminals have already enjoyed successes against the users and implementations of blockchain so we must prepare accordingly.

The post Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security appeared first on McAfee Blogs.



McAfee Blogs

Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security

On May 19 researchers discovered a series of vulnerabilities in the blockchain-based EOS platform that can lead to remote control over participating nodes. Just four days prior, a mining pool server for the IOT platform HDAC was compromised, impacting the vast majority of miners. In January the largest-ever theft of cryptocurrencies occurred against the exchange Coincheck, resulting in the loss of US$532 million in NEM coin. Due to its increased popularity and profitability cybercriminals have been targeting all things blockchain. McAfee Advanced Threat Research team analysts have now published the McAfee Blockchain Threat Report to explain current threats against the users and implementers of blockchain technologies.

What is Blockchain?

Even if you have not heard of blockchain, you have likely heard of cryptocurrencies, namely Bitcoin, the most popular implementation. In late 2017 Bitcoin reached a value of $20,000 per coin, prompting a lot of interest in the currency—including from cybercriminals. Cryptocurrencies are built on top of blockchain, which records transactions in a decentralized way and enables a trusted “ledger” between trustless participants. Each block in the ledger is linked to the next block, creating a chain. Hence, the system is called a blockchain. The chain enables anyone to validate all transactions without going to an outside source. From this, decentralized currencies such as Bitcoin are possible.

Proof-of-work blockchain. Source: https://bitcoin.org/bitcoin.pdf.

Blockchain Attacks

Attackers have adopted many methods targeting consumers and businesses. The primary attack vectors include phishing, malware, implementation vulnerabilities, and technology. In a phishing scheme in January, Iota cryptocurrency lost $4 million to scams that lasted several months. Malware authors often change their focus. In late 2017 to early 2018 some have migrated from deploying ransomware to cryptomining. They have been found using open-source code such as XMRig for system-based mining and the mining service Coinhive.

Source: McAfee Labs

Implementation vulnerabilities are the flaws introduced when new technologies and tools are built on top of blockchain. The recent EOS attack is one example. In mid-July 2017 Iota suffered an attack that essentially enabled attackers to steal from any wallet. Another currency, Verge, was found with numerous vulnerabilities. Attackers exploiting the vulnerabilities were able to generate coins without spending any mining power.

Known attacks against the core blockchain technology are much more difficult to implement, although they are not unheard of. The most widely known attack is the 51% attack, or majority attack, which enables attackers to create their own chains at will. The group 51 Crew targeted small coins, including Krypton, and held them for ransom. Another attack, known as a Sybil attack, can allow an attacker to completely control a targeted victim’s ledger. Attempts have been made for larger scale Sybil attacks such as one in 2016. 

Dictionary Attacks

Blockchain may be a relatively new technology but that does not mean that old attacks cannot work. Mostly due to insecure user behavior, dictionary attacks can leverage some implementations of blockchain. Brain wallets, or wallets based on weak passwords, are insecure, yet people still use them. These wallets are routinely stolen, as was the case with the nearly BTC60 stolen from the following wallet:

This wallet recorded two transactions as recently as March 5, 2018. One incoming and one outgoing transaction occurred within roughly 15 minutes. Source: https://blockchain.info.

Exchanges Under Attack

The biggest players, and targets, in blockchain are cryptocurrency exchanges. Cryptocurrency exchanges can be thought of as banks in which you users create accounts, manage finances, and even trade currencies including traditional ones. One of the most notable incidents is the attack against Mt. Gox between 2011‒2014 that resulted in $450 million of Bitcoin stolen and led to the liquidation and closure of the company. Coincheck, previously mentioned, survived the attack and began reimbursing victims for their losses in March 2018. Not all recent exchanges fared so well. Bitcurex abruptly closed and led to an official investigation into the circumstances; Youbit suffered two attacks, leading the company into bankruptcy.

An advertisement for the shuttered Polish exchange Bitcurex.

Conclusion 

Blockchain technologies and its users are heavily targeted by profit-driven cybercriminals. Current attackers are changing their tactics and new groups are entering the space. As more businesses look to blockchain to solve their business problems and consumers increasingly rely on these technologies, we must be diligent in understanding where the threats lie to achieve proper and tailored risk management. New implementations must place security at the forefront. Cybercriminals have already enjoyed successes against the users and implementations of blockchain so we must prepare accordingly.

The post Threat Report: Don’t Join Blockchain Revolution Without Ensuring Security appeared first on McAfee Blogs.

Trade Recommendation: AirSwap

Our March 21, 2018 trade recommendation for AirSwap/Bitcoin (AST/BTC) hit its target on April 15 when it went as high as 0.00005921. Those who followed the trade recommendation grew their investments by over 40% in less than a month. While the pair overshot our target, we expected that the move up would be unsustainable. First, […]

The post Trade Recommendation: AirSwap appeared first on Hacked: Hacking Finance.

Technical Analysis: Bitcoin Trades at $6500 as Crucial Support Levels Fall

The cryptocurrency market suffered a big hit in past three days, as all of the major coins sold off heavily after Sunday’s Coinrail hack.  Following the failure of the recent crucial rally attempt, the plunge of Bitcoin and major altcoins sent shockwaves throughout the segment, pushing several majors, like BTC, DASH, Monero, and NEO to […]

The post Technical Analysis: Bitcoin Trades at $6500 as Crucial Support Levels Fall appeared first on Hacked: Hacking Finance.

Crypto Carnage Resumes as Bitcoin Comes Within $500 of Yearly Low

Cryptocurrencies suffered yet another selloff on Tuesday, as bitcoin approached new lows for the year and Ethereum fell below a key psychological level. Market Update: Downtrend Continues Crypto markets bled more than $20 billion on Tuesday, including a flash crash that wiped out $10 billion in the span of 30 minutes. The market capitalization for […]

The post Crypto Carnage Resumes as Bitcoin Comes Within $500 of Yearly Low appeared first on Hacked: Hacking Finance.

As Bitcoin Searches for Bottom, Miners Lose Profitability

For miners, bitcoin’s profitability has been called into question as plunging price points and rising energy costs make rig operations more expensive to maintain. As bitcoin’s bear market deepens, the mining ecosystem will struggle just to break even. Bitcoin Mining in Perspective The arms race for hash power has intensified since early 2017 as the […]

The post As Bitcoin Searches for Bottom, Miners Lose Profitability appeared first on Hacked: Hacking Finance.

Trade Recommendation: Gas

Our March 20, 2018 trade recommendation for the Gas/Bitcoin pair (GAS/BTC) hit its target on May 4, 2018 when it went as high as 0.004035. Those who followed the trade recommendation grew their investments by over 92%. We expected that the pair was not yet ready to launch another bull run considering its technical damage. […]

The post Trade Recommendation: Gas appeared first on Hacked: Hacking Finance.

Bitcoin drops 10% after hack of South Korean exchange service

CoinRail, a small cryptocurrency exchange service based in South Korea, reported on Sunday that it fell victim to a cyberattack and publicly confirmed it on Twitter. As a result, bitcoin prices collapsed by 10 percent to the lowest since April.

“The price of bitcoin dropped $500 in a single hour Sunday to hit a two-month low below $6,700,” wrote CoinDesk.

Following the hack, CoinRail lost some 30 percent of the tokens traded at the time of the hack, namely Pundi X (NPXS), NPER (NPER) and Aston (ATX). Local media estimated the loss at $37.28 million. CoinRail’s website has been in maintenance mode ever since the hack was identified. Their website said most of the cryptocurrency has been moved to offline wallets but it gave no detail about the actual financial loss.

“At present, 70% of your coin rail total coin / token reserves have been confirmed to be safely stored and moved to a cold wallet and are in storage,” reads their website (according to Google translate). “Two-thirds of the coins confirmed to have been leaked are covered by freezing / recalling through consultation with each coach and related exchanges. The remaining one-third of coins are being investigated with investigators, relevant exchanges and coin developers.”

CoinRail is working with an external forensics agency to investigate the breach and recover from the damage. Together with the compromised ICOs, they are trying to freeze the stolen tokens.

As South Korea is an important cryptocurrency trading center, this is not the first time a cryptocurrency exchange service has been attacked. After it was hacked twice, Youbit shut down in December.

Bitcoin’s Latest Collapse Mirrors the 2014 Bear Market

The yearlong selloff in cryptocurrencies deepened over the weekend, erasing more than $40 billion of market value in less than 24 hours. Investors, analysts and general observers are now struggling to understand why. According to one long-time observer, bitcoin’s recent price collapse is almost identical to the onset of the bear market all the way […]

The post Bitcoin’s Latest Collapse Mirrors the 2014 Bear Market appeared first on Hacked: Hacking Finance.

Apple’s App Store Officially Bans Cryptocurrency Mining

Apple has updated the App Store's Review Guidelines to explicitly ban on-device mining across any type of app, and all of Apple's platforms. The new section 3.1.5 (b), titled Cryptocurrencies, provides five clear rules for what will and won't be allowed in macOS, iOS, tvOS, and watchOS apps going forward. VentureBeat reports: The upshot of the new rules is that while Apple will permit cryptocurrencies to exist on its platforms, it's adding requirements to stop scammers and individuals from exploiting App Store customers, while making explicit that it's blocking developers from eating Apple device processing power for mining activities. As AppleInsider notes, the Review Guidelines were previously less concerned with cryptocurrencies, allowing an app to facilitate crypto and ICO transactions if it complied with the laws in the app's distributed territories. Since the App Store is virtually the only place to acquire software for iPhones, iPads, iPod touches, Apple TVs, and Apple Watches, Apple's decision will effectively end crypto mining on those devices. On macOS, however, users will continue to be able to acquire apps outside of the Mac App Store, enabling mining and other activities to continue without Apple's seal of approval.

Read more of this story at Slashdot.

Wells Fargo Bans Cryptocurrency Purchases On Its Credit Cards

An anonymous reader quotes a report from Bloomberg: Wells Fargo customers hoping to use their credit cards to buy Bitcoin will have to look elsewhere. While putting a prohibition on such cryptocurrency purchases for now, Wells Fargo "will continue to evaluate the issue as the market evolves," Shelley Miller, a spokeswoman, said in an emailed statement. Wells Fargo joins Citigroup, JPMorgan Chase and Bank of America, which limited cryptocurrency purchases on their credit cards in February, citing market volatility and credit risks. Lenders have said they're worried they'd be left on the hook if a borrower lost money on a digital currency bet and couldn't repay. A study conducted by LendEDU last year found that roughly 18 percent of Bitcoin investors used a credit card to fund the purchases. Of those, 22 percent couldn't pay off their balance after buying the digital coin.

Read more of this story at Slashdot.

The Secret Behind What’s Driving Cryptocurrency Prices

What’s been driving crypto prices? During a period roughly between May 23rd and last weekend, crypto prices were holding a steady course and then suddenly within a brief 24 hour period both bitcoin and Ethereum lost over 12% of their value.  During that same period virtually all of the 100 largest cryptos were also falling […]

The post The Secret Behind What’s Driving Cryptocurrency Prices appeared first on Hacked: Hacking Finance.

Don’t Be a Coinmining Zombie – Part 1: Getting Cryptojacked

When your computer or mobile device (and now, even your IoT device) is hijacked to secretly mine cryptocurrencies, it’s been cryptojacked and becomes a coinmining zombie. Its CPU, memory, disk, and power are enlisted in varying degrees in the service of the mining botnet, which labors on behalf of those who use it, with other zombies, to make money in the currency. Cryptojacking not only increases the wear and tear on your PC or Mac; if it’s a mobile device it can overheat and swell the battery, even destroy the device itself. Not a good payment for all that service!

So how do you get cryptojacked? And what can you do to prevent it?

What is cryptocurrency, anyway?

First, a refresher, to clarify the security issues.

A cryptocurrency is a digital currency “designed to work as a medium of exchange, that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets.” (See Cryptocurrency, Wikipedia) Unlike electronic or printed currencies produced by central banking systems, cryptocurrencies use peer-to-peer networked decentralized computers—distributed ledgers, typically blockchains (explained below)—to serve as the public databases that process and verify the transactions conducted in the currency.

First released in 2009, Bitcoin is generally considered to be the first cryptocurrency. Since then, over 4,000 alternative currencies have been created—and some of them, like Ethereum, Ripple, Litecoin, and Monero, are very active among a list of over 1500 cryptocurrencies in circulation today. Companies like Microsoft, Dell, Virgin Galactic, Shopify, and Tesla, as well as others (the list is growing) are now among the companies accepting Bitcoin and other cryptocurrencies. Countries like the US, South Korea, Hong Kong, and Japan, as well as  Australia, are now among the countries accepting and regulating cryptocurrencies. This list too is growing, though some countries have refused to recognize cryptocurrencies or have banned them altogether (see Cryptocurrencies by Country, Dividends Magazine, 25 Oct 2017).

Next, what is cryptocurrency mining?

Cryptocurrency mining (aka coinmining for short) is the way transactions are processed and verified over the peer-to-peer network by the cryptocurrency’s coinminers installed on innumerable users’ computers. Each set of transactions are processed as a “block” then added to the “blockchain—the public ledger—when they’re confirmed by a cryptographic hash (a fixed-sized alphanumeric string) generated by the miners. The blockchain is then ready for the next block. The coin-owner’s private key or seed in their cryptocurrency wallet is what identifies the ownership of the coins, seals the transaction for the specified amount, and prevents the transaction from being altered—as verified by the hash. The miners that first calculate the hash, before any others, are rewarded with free currency units—hence the high processing power required to do this quickly (usually, in about ten minutes). To that end, mining can be done by one or more big computers with lots of processing power and high-end graphic cards (GPUs); or it can be done in a pool by many smaller mining computers working simultaneously across the network. Legitimate mining pools may be set up by partners who share any profits by calculating the precise contribution of each of the participating miners in creating the cryptographic hash.

How do you become a coinmining zombie?

That said, it’s not just legitimate entrepreneurs who use pools of computers to mine cryptocurrencies. Transgressive or criminal coinmining can occur whenever your computer and others are “hijacked” (i.e., cryptojacked) to mine without your permission.

Trend Micro identifies three types of cryptojacking in use today, (apart from the outright theft of cryptocurrency from the wallet that contains it, which can also occur):

  • Web coinminers. Some websites now incorporate known transgressive web coinminers, as in the now infamous example of the publicly-advertised CoinHive miner installed on PirateBay. Sold by the CoinHive creators as a clever alternative to using website ads, when users clicked anywhere on PirateBay, a popup would initiate a coinmining process, significantly increasing the CPU usage of the visitor’s machine via the Javascript coinminer. Hidden web coinminers take this process a step further, allowing aggressive or criminal attackers to compromise a site for coinmining in a clandestine way, even after you close your browser. They do this by minimizing the browser behind the Windows Taskbar, to persist in the mining at a reduced processing rate, so you may not even notice it—though your CPU usage remains higher than normal.
  • Local coinminers. In this case, a fake app masquerading as an update installs a coinminer on your computer, as with the Fake Flash Player Updater you might install because a malicious popup tells you that you need it to make the website work properly. Another example is HiddenMiner, which poses as a legitimate Google Play update app that continuously mines the Monero cryptocurrency on Android, which can cause the device to overheat and potentially fail. It’s similar to the Loapi Monero-mining Android malware, which security researchers report can cause a device’s battery to bloat.
  • Fileless coinminers. Finally, fileless coinminers may be initially executed as a PowerShell script, which then propagates on the target machine using Mimikatz or EternalBlue for Lateral Movement, then Windows Management Instrumentation (WMI) for the exploit in the scanned network connection. This opens a persistent, asynchronous, fileless backdoor on your computer for the purposes of clandestine coinmining. The result, again, is increased CPU usage on your machine.

So what do you do about such threats? Watch for Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

Related Links:

The post Don’t Be a Coinmining Zombie – Part 1: Getting Cryptojacked appeared first on .

Trade Recommendation: Simple Token

The Simple Token/Bitcoin pair (OST/BTC) has been in a downtrend since January 11, 2018. The pair has shown further signs of weakness on February 23, 2018 when it posted a false breakout above 0.00003 resistance. The pair went as high as 0.00003896 on that day with volume of 34.5 million OST units only to close […]

The post Trade Recommendation: Simple Token appeared first on Hacked: Hacking Finance.

Crypto Market Selloff Intensifies Amid CFTC Probe; Bitcoin Plunges Below $6,700

Cryptocurrency prices experienced a massive selloff on Sunday, as investors grappled with multiple pain points ranging from cyber security to regulation. At the time of writing, the overall market was trading at its lowest level since mid-April. Market Meltdown The cryptocurrency market has shed $47 billion over the past 24 hours, according to data provider […]

The post Crypto Market Selloff Intensifies Amid CFTC Probe; Bitcoin Plunges Below $6,700 appeared first on Hacked: Hacking Finance.

South Korean Exchange Suffers a Hack, Sending Crypto Markets Tumbling

If you haven’t checked the cryptocurrency market in the past 24 hours, you may be in for a shock. Bitcoin has fallen the most that it has since May 23, as Bloomberg pointed out, and is currently hovering at $7,200, down 5%. The broader cryptocurrency market is in selloff mode too, with just about each […]

The post South Korean Exchange Suffers a Hack, Sending Crypto Markets Tumbling appeared first on Hacked: Hacking Finance.

Bitcoin Tumbles Most in Two Weeks Amid South Korea Hack

Bitcoin extended losses for a third day, tumbling as much as 6 percent Sunday as South Korean cryptocurrency exchange Coinrail said there was a "cyber intrusion" in its system. From a report: The largest cryptocurrency declined 4.6 percent to $7,277 as of 10 a.m. time, the biggest drop since May 23, according to data compiled by Bloomberg from Bitstamp pricing. That widens Bitcoin's losses for the year to 49 percent. Peer cryptocurrencies Ethereum and Ripple fell 5 percent and 6.6 percent, respectively.

Read more of this story at Slashdot.

Trade Recommendation: Aion

The Aion/Bitcoin pair (AION/BTC) lost all bullishness on January 28, 2018 when it generated a lower high of 0.0005492. Things went from bad to worse when the market broke support of 0.00045 on January 30. This triggered the head and shoulders reversal pattern on the daily chart. The trend reversal ignited a selling frenzy that […]

The post Trade Recommendation: Aion appeared first on Hacked: Hacking Finance.

Trade Recommendation: BitShares

The BitShares/Bitcoin pair (BTS/BTC) started to show signs of bearishness on January 6, 2018 when it generated a lower high of 0.00005505. This was a clear signal that the pair’s impressive parabolic run between December 14, 2017 – January 2, 2018 was over. Savvy traders who saw the signal dumped their positions. As a result, […]

The post Trade Recommendation: BitShares appeared first on Hacked: Hacking Finance.

Crypto Update: Quiet Days in Crypto Land

The major coins have been drifting sideways for several days now, with progressively declining volatility and trading volumes. Bitcoin, Ethereum, and Ripple are all stuck below key resistance levels, while holding up above primary support, leaving the technical setup unchanged. Out of the top 10 coins, only EOS experienced relatively larger swings, but it also […]

The post Crypto Update: Quiet Days in Crypto Land appeared first on Hacked: Hacking Finance.

Blockchain’s Once-Feared 51% Attack Is Now Becoming Regular

Monacoin, bitcoin gold, zencash, verge and now, litecoin cash. At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. From a report: In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist. More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector. While there have been some instances of such attacks working successfully in the past, they haven't exactly been all that common. They've been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It's too costly and they wouldn't get all that much money out of it. But that doesn't seem to be the case anymore. NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment. One conclusion he drew? These attacks were likely to increase. And, it turns out he was right. "Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk," he told CoinDesk, adding: "Even I didn't think it would start happening this soon."

Read more of this story at Slashdot.

Trade Recommendation: Kyber Network

The Kyber Network/Bitcoin pair (KNC/BTC) began to look bearish on February 14, 2018 when it broke below support of 0.0003. This ignited a selling frenzy that drove the pair down to 0.00010859 on March 18. The move down was so quick that the pair lost almost 65% of its value in a month. At this […]

The post Trade Recommendation: Kyber Network appeared first on Hacked: Hacking Finance.

EOS Will Be the Best Performing Cryptocurrency of the Year, According to Finder.com Survey

Of all the major cryptocurrencies, EOS has the most potential to outperform the market this year, according to Finder.com’s latest survey of fintech leaders. In fact, with the exception of Monero, all major coins are poised for at least double digit growth. A Bright Future for Cryptocurrency Despite a difficult six months, cryptocurrencies prices are […]

The post EOS Will Be the Best Performing Cryptocurrency of the Year, According to Finder.com Survey appeared first on Hacked: Hacking Finance.

Crypto Update: EOS Eyes Breakout as Major Coins Settle Down

The cryptocurrency segment has been trading in a bullish short-term consolidation pattern, with the largest coin staying in very short ranges throughout the day. The majority of the digital currencies are sporting small gains, but no crucial levels have been broken with regards to the top ten coins, leaving the technical setup unchanged. Small-cap coins […]

The post Crypto Update: EOS Eyes Breakout as Major Coins Settle Down appeared first on Hacked: Hacking Finance.

Trade Recommendation: Lunyr

The Lunyr/Bitcoin pair (LUN/BTC) started its uptrend on August 11, 2017 when it took out resistance of 0.002. The breakout attracted so much momentum that the pair became parabolic on the daily chart. With its supercharged velocity, LUN/BTC skyrocketed to 0.0072886 on August 12. In one day, the pair climbed by almost 265%! At this […]

The post Trade Recommendation: Lunyr appeared first on Hacked: Hacking Finance.

Crypto Update: Bitcoin Gathers Strength as Crucial Rally Still Intact

The largest cryptocurrencies are little changed after a choppy Wednesday session, despite a late day sell-off that briefly dragged down all of the top coins. Bitcoin emerged quickly from the dip, and after a period of clear relative weakness, the most valuable digital currency is close to finally giving a short-term buy signal in our […]

The post Crypto Update: Bitcoin Gathers Strength as Crucial Rally Still Intact appeared first on Hacked: Hacking Finance.

Google Searches for Bitcoin Plummet to Nine-Month Lows

Interest in bitcoin has waned through the first six months of the year and has now reached its lowest level since September, according to the latest Google search trends. Bitcoin Searches Way Down This Year An evaluation of Google search trends reveals a sharp decline in interest for bitcoin and the broader cryptocurrency market. Bitcoin’s […]

The post Google Searches for Bitcoin Plummet to Nine-Month Lows appeared first on Hacked: Hacking Finance.

Radware Blog: Malicious Cryptocurrency Mining: The “Shooting Star” in the Cybercrime Domain

It’s quite evident how these days, attacks assume new forms along with transformations in the types of services that are widely used by consumers in a given period of time. Needless to mention, malware or malicious activities will find their presence in new applications and services as they evolve to occupy a prominent position in […]

The post Malicious Cryptocurrency Mining: The “Shooting Star” in the Cybercrime Domain appeared first on Radware Blog.



Radware Blog

Cryptocurrency, Terrorists and the Best Coins for Criminals

Expecting criminal operators not to make use of cryptocurrency is like expecting a burglar not to make use of a ski-mask. Cryptocurrency offers a decentralized, accessible path to illegal fund generation, money laundering and liquidity pools, to be used by anyone in any corner of the world, without the oversight of a centralized authority, such […]

The post Cryptocurrency, Terrorists and the Best Coins for Criminals appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum and Ripple Lead Rally After Pullback

The major coins are sporting meaningful gains today after yesterday’s negative session, as altcoins are emerging from the short-term dip. While the top digital currencies are still below their recent rally highs and they continue to be in a crucial position from a long-term perspective, the key support levels held up, and the advancing trend […]

The post Crypto Update: Ethereum and Ripple Lead Rally After Pullback appeared first on Hacked: Hacking Finance.

Cryptocurrency Ebb and Flow Continues as Bitcoin Claws Back Above $7,500

Cryptocurrency markets were back in positive territory Tuesday, as bitcoin reversed earlier losses and major altcoins led by Monero posted steady gains. Market Update Cryptocurrency prices were mostly higher on Tuesday, as the market stabilized following a volatile start to the week. Bitcoin touched an intraday high of $7,599.74 and would later settle around $7,570. […]

The post Cryptocurrency Ebb and Flow Continues as Bitcoin Claws Back Above $7,500 appeared first on Hacked: Hacking Finance.

Trade Recommendation: Yoyow

Our March 19, 2018 trade recommendation for the Yoyow/Bitcoin pair (YOYO/BTC) achieved its target on April 30 when it went as high as 0.00001935. In about a month, those who followed the trade recommendation grew their investments by almost 130%. While the pair was able to muster a massive rally, we expected it to consolidate […]

The post Trade Recommendation: Yoyow appeared first on Hacked: Hacking Finance.

Regulating Bitcoin

Ross Anderson has a new paper on cryptocurrency exchanges. From his blog:

Bitcoin Redux explains what's going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a "balance" and allow them to transact with others. However if Alice sends Bob a bitcoin, and they're both customers of the same exchange, it just adjusts their balances rather than doing anything on the blockchain. This is an e-money service, according to European law, but is the law enforced? Not where it matters. We've been looking at the details.

The paper.

Long-Term Cryptocurrency Analysis: Crucial Rally Attempt

The crypto segment is at a very important point from a technical perspective following the strong late-April rally and the subsequent correction. The major coins formed a bottom last week after triggering long-term buy signals and now a very important rally attempt is underway. Several weaker coins drifted back to their April lows, with Bitcoin […]

The post Long-Term Cryptocurrency Analysis: Crucial Rally Attempt appeared first on Hacked: Hacking Finance.

Trade Recommendation: Everex

The Everex/Bitcoin (EVX/BTC) pair has looked bearish since January 19, 2018 when it generated a lower high of 0.00045. From that point, the pair has been generating a series of lower highs and lower lows. It initially bounced at the 38.2% Fibonacci level on February 10 only to be repelled by bears at the 61.8% […]

The post Trade Recommendation: Everex appeared first on Hacked: Hacking Finance.

Trade Recommendation: ETHOS

The ETHOS/Bitcoin pair (BQX/BTC) launched its uptrend on January 1, 2018 when it took out resistance of 0.000265. This triggered the double bottom reversal pattern on the daily chart. More importantly, the breakout attracted so much momentum that BQX/BTC became parabolic. Its supercharged velocity catapulted it to as high as 0.00089899 on January 5, 2018. […]

The post Trade Recommendation: ETHOS appeared first on Hacked: Hacking Finance.

ASUS’s new motherboard for crypto-mining can hold 20 GPUs

ASUS’ H370 crypto-mining motherboard supports up to 20 GPUs over USB

Banking on the popularity of cryptocurrency mining, Asus, the Taiwan-based electronic manufacturer, has unveiled its own new monster motherboard specifically built for cryptocurrency miners that has the ability to support up to 20 GPUs. In other words, with the introduction of the new motherboard, ASUS is looking to simplify the process of connecting multiple GPUs to it.

Called as the ASUS H370 Mining Master motherboard, the device enables the users to effectively power an entire mining farm with one single board. The ASUS H370, which is a follow up to the B250 Mining Expert launched in September last year, also supports streamlined connectivity by allowing USB riser cables to plug directly into the PCB (Printed Circuit Board) to simplify connectivity.

According to the company, it will be easier to identify problems with the motherboard reducing the downtime and ensure fewer PCIe (Peripheral Component Interconnect Express) disconnects.

The H370 mining motherboard is so focused on optimizing crypto-mining that ASUS has made mining-specific tweaks, with one of them being the GPU state detection before the board boots, which identifies the location and status of each port and allocates alphanumeric codes for easy identification.

ASUS's new motherboard for crypto-mining can hold 20 GPUs

Let’s have a look at the full specifications of the motherboard in a glance:

Size: ATX, 12″x9.1″

Socket: LGA 1151 for Intel 8th Gen Core / Pentium / Celeron processors

Memory: 2 x DIMMs (max. 32GB), DDR4 2666 / 2400 / 2133 MHz , Non-ECC, unbuffered memory

PCIe: 1 x PCIe x16 slot

Storage: 2 x Serial ATA 6.0 Gb/s connectors

Networking: 1 x Intel Gigabit LAN

USB GPU Riser Ports: 20 x Vertical USB ports over PCIe

USB Ports: 6 x USB 3.1 Gen 1, 4 x USB 2.0 / 1.1 ports

Other Ports: 1 x COM header

The ASUS H370 Mining Master motherboard is expected to be available initially in the North American countries between July to September this year. However, there is no word on pricing from ASUS on the H370 yet.

The post ASUS’s new motherboard for crypto-mining can hold 20 GPUs appeared first on TechWorm.

Trade Recommendation: Stellar

Our April 16, 2018 trade recommendation for the Stellar/Bitcoin pair (XLM/BTC) hit its mark on April 29 when it went as high as 0.00004899. Those who followed the trade recommendation grew their investments by over 30% in less than two weeks. We knew that resistance of 0.000048 would hold as it is the 78.6% Fibonacci […]

The post Trade Recommendation: Stellar appeared first on Hacked: Hacking Finance.

Crypto Update: Buy Signals Popping Up

The weekend started out on a clearly positive note in the cryptocurrency segment, with the major coins adding around 3% on average compared to Friday’s price levels. What’s more is that several coins finally triggered short-term buy signals following a long period when selling pressure dominated the market. While the majority of the top digital […]

The post Crypto Update: Buy Signals Popping Up appeared first on Hacked: Hacking Finance.

Week in Review: Cryptocurrencies Show Signs of Stabilizing; Trade War Roils Global Markets

Fresh off their fourth consecutive weekly decline, cryptocurrencies have shown signs of stability in recent sessions, as bitcoin avoided a major technical breakdown and Ethereum recovered from a two-day dump at the hands of EOS. Although rally attempts are building, unusually low trading volumes are keeping the bulls at bay for the time being. A […]

The post Week in Review: Cryptocurrencies Show Signs of Stabilizing; Trade War Roils Global Markets appeared first on Hacked: Hacking Finance.

Crypto Update: IOTA Hits $1.9 as Range Trading Continues

The major cryptocurrencies are still trading without clear direction, although most of the coins are slightly in the red in US trading. The biggest outlier is IOTA, as the only coin that triggered a buy signal in our trend model since the Monday bottom is now up by almost 40% off the lows. The top […]

The post Crypto Update: IOTA Hits $1.9 as Range Trading Continues appeared first on Hacked: Hacking Finance.

Hedge Fund Manager and Market Technician Agree Bitcoin Has Found a Bottom

Pantera Capital Management’s Dan Morehead and Fundstrat’s Robert Sluymer believe the worst is over for the bitcoin price. Bitcoin has fallen from glory in 2018 and is currently hovering at about the $7,400 threshold after racing to nearly $20,000 in 2017. Morehead, whose hedge fund Pantera Capital is dedicated to investing in bitcoin, altcoins and […]

The post Hedge Fund Manager and Market Technician Agree Bitcoin Has Found a Bottom appeared first on Hacked: Hacking Finance.

Trade Recommendation: Verge

The Verge/Bitcoin pair (XVG/BTC) launched its bull run on December 19, 2017 when it took out resistance of 0.00000333. This triggered the rounding bottom reversal pattern on the daily chart. The breakout attracted so much momentum that the pair became parabolic. With its hypercharged velocity, XVG/BTC catapulted to 0.00002 on December 23. In four days, […]

The post Trade Recommendation: Verge appeared first on Hacked: Hacking Finance.

Cryptocurrencies Attempt New Rally as Bitcoin Tests $7,600

Crypto assets advanced on Thursday, recouping from an earlier loss as bitcoin and the major altcoins set their sights on a corrective rally. Market Update After a failed rally attempt on Wednesday, cryptocurrencies were back on the offensive 24 hours later, with the total market peaking near $334 billion. That’s broadly consistent with the two […]

The post Cryptocurrencies Attempt New Rally as Bitcoin Tests $7,600 appeared first on Hacked: Hacking Finance.

Technical Analysis: Durable Bottom Forming?

The major cryptocurrencies are still consolidating after last week’s steep decline, with a failed breakdown on Monday and the subsequent recovery providing hope for bulls. The declining short-term trends remained intact in most cases, and correlations between the coins are still high, but bearish momentum is weakening in the segment. The decline that followed the […]

The post Technical Analysis: Durable Bottom Forming? appeared first on Hacked: Hacking Finance.

Trade Recommendation: Cardano

Our April 22, 2018 trade recommendation for the Cardano/Bitcoin pair (ADA/BTC) hit its target on April 29 when it went as high as 0.00004113. In one week, those who followed the trade recommendation grew their investments by over 30%. As expected, ADA/BTC corrected after hitting the 0.00004 resistance. Those who bought the false breakout had […]

The post Trade Recommendation: Cardano appeared first on Hacked: Hacking Finance.

Cryptomining apps are on the rise, malicious apps in app stores decline

RiskIQ analyzed 120 mobile app stores and more than two billion daily scanned resources. The findings showed that taking advantage of the popularity and volatility of the cryptocurrency landscape is paying off for threat actors via the mobile attack vector and that malicious apps leveraged by nation-state actors are becoming more prominent. In Q1 RiskIQ issued an alert, warning of blacklisted apps masquerading as, or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just cryptocurrency … More

The post Cryptomining apps are on the rise, malicious apps in app stores decline appeared first on Help Net Security.

Crypto Update: Bitcoin Hits $7000 Then $7500 amid Strong Snap-Back Rally

While the week started out on a negative note in the cryptocurrency segment, the tide has turned on Tuesday, as the major coins staged a rebound after hitting multi-week lows on Monday. While the rally is encouraging, the short-term downtrends remained intact, and for now, most of the coins are still not on buy signals […]

The post Crypto Update: Bitcoin Hits $7000 Then $7500 amid Strong Snap-Back Rally appeared first on Hacked: Hacking Finance.

Cryptocurrency Prices Rebound $27 Billion as Bearish Momentum Ebbs

Digital currency prices led by bitcoin retraced $27 billion in lost market cap on Tuesday, as volumes rebounded from six-week lows and sentiment improved. Cryptos Rally, but Risks Remain The cryptocurrency market as a whole reached a high of $330 billion on Tuesday, according to CoinMarketCap. Total market values had bottomed near $303 billion earlier, […]

The post Cryptocurrency Prices Rebound $27 Billion as Bearish Momentum Ebbs appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Suffer Another Hit as Bounce Fades

Bulls were only in control for a short period during the weekend, as the declining short-term trend continued in the cryptocurrency segment. Most of the majors hit marginal new lows today in early trading, and small caps are also under pressure, as correlations between the coins spiked higher again. Bitcoin is holding up relatively well […]

The post Crypto Update: Coins Suffer Another Hit as Bounce Fades appeared first on Hacked: Hacking Finance.

Bitcoin Backlash as ‘Miners’ Suck Up Electricity, Stress Power Grids in Central Washington

An anonymous reader shares a report: Public hearings for rural electric utilities are rarely sellout events. But the crowd that showed up in Wenatchee two weeks ago for a hearing about Bitcoin mining in Chelan County was so large that utility staff had to open a second room with a video feed for the overflow. The turnout wasn't surprising. Chelan County, along with neighboring Douglas and Grant counties, has been at the center of the U.S. Bitcoin boom since 2012, when the region's ultracheap hydropower began attracting cryptocurrency "miners." [...] As a result, an area famous for apples, wheat and conservative politics has been transformed into a kind of cyber-boomtown, with Bitcoin mining operations that range from large-scale, state-of-the-art warehouses to repurposed cargo containers to backyard sheds. By the end of this year, according to some estimates, the Mid-Columbia Basin could account for as much as 30 percent of the global output of new Bitcoin and large shares of other digital currencies, such as Litecoin and Ethereum. But as in any boomtown, success has come at a cost. As the cryptocurrency industry morphs into larger, more energy-intensive operations, the Basin's three public utilities districts (PUDs) are reassessing how they deal with it, and whether they can -- or should even try to -- keep up.

Read more of this story at Slashdot.

Bitcoin, Ethereum Lead Cryptocurrency Market Lower as Trade Volumes Plunge to Six-Week Lows

Cryptocurrencies continued lower on Sunday after a stalled recovery limited gains to the low single digits, as weak trading volumes kept prices locked in a downtrend. Crypto Market Price Update Digital currency prices were down across the board Sunday, with bitcoin and Ethereum leading the declines. Bitcoin bottomed at $7,243.90, its lowest since April 11. […]

The post Bitcoin, Ethereum Lead Cryptocurrency Market Lower as Trade Volumes Plunge to Six-Week Lows appeared first on Hacked: Hacking Finance.

Trade Recommendation: OAX

The OAX/Bitcoin pair (OAX/BTC) started its uptrend on December 30, 2017 when it took out resistance of 0.00006. The breakout attracted so much momentum that it became parabolic on the daily chart. Powered by its supercharged velocity, the pair rose to 0.000199 on January 13, 2018. In a couple of weeks, OAX/BTC grew by over […]

The post Trade Recommendation: OAX appeared first on Hacked: Hacking Finance.

Trade Recommendation: Florincoin

The Florincoin/Bitcoin pair (FLO/BTC) launched its bull run on April 6, 2017 when it took out resistance of 0.00001. This triggered the large cup and handle pattern on the daily chart. The breakout attracted so much momentum that the market went as high as 0.00006541 on May 13. In less than a month, FLO/BTC grew […]

The post Trade Recommendation: Florincoin appeared first on Hacked: Hacking Finance.

Long-Term Cryptocurrency Analysis: Correction Deepens but Leaders Remain Stable

As the major cryptocurrencies got hit hard this week, losing around 20% on average, the long-term picture in the segment got close to an entry point for investors. The overbought readings that developed during the late-April rally are now cleared and although the short-term trends are still clearly negative, we still expect the coins to […]

The post Long-Term Cryptocurrency Analysis: Correction Deepens but Leaders Remain Stable appeared first on Hacked: Hacking Finance.

Trade Recommendation: Gifto

The Gifto/Bitcoin pair (GTO/BTC) started to look bullish on January 3, 2018 when it took out resistance of 0.000025. This activated the small rounding bottom pattern on the daily chart. Also, the breakout attracted a lot of momentum that skyrocketed the pair to 0.00007499 on January 12. In a little over a week, the pair […]

The post Trade Recommendation: Gifto appeared first on Hacked: Hacking Finance.

John McAfee Just Made Some Bold Predictions for Bitcoin, Bitcoin Private

Technologist and crypto bull John McAfee has made a series of eyebrow-raising predictions concerning bitcoin and bitcoin private. While McAfee is no stranger to gutsy calls, his new forecast sees bitcoin prices doubling in a matter of weeks. And yes, the forecast came after the Wednesday price collapse. McAfee Raises the Stakes on Bullish Bets In a […]

The post John McAfee Just Made Some Bold Predictions for Bitcoin, Bitcoin Private appeared first on Hacked: Hacking Finance.

About $1.2 Billion in Cryptocurrency Stolen Since 2017

Criminals have stolen about $1.2 billion in cryptocurrencies since the beginning of 2017, as bitcoin's popularity and the emergence of more than 1,500 digital tokens have put the spotlight on the unregulated sector, according to estimates from the Anti-Phishing Working Group released on Thursday. From a report: The estimates were part of the non-profit group's research on cryptocurrency and include reported and unreported theft. "One problem that we're seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys," Dave Jevans, chief executive officer of cryptocurrency security firm CipherTrace, told Reuters in an interview.

Read more of this story at Slashdot.

Trade Recommendation: WaBi

The WaBi/Bitcoin pair (WABI/BTC) started its uptrend on December 31, 2017 when it took out resistance of 0.00016. This triggered the small cup and handle reversal pattern on the daily chart. The breakout attracted so much momentum that it went parabolic and skyrocketed to 0.00040733 on January 10, 2018. In less than two weeks, WABI/BTC […]

The post Trade Recommendation: WaBi appeared first on Hacked: Hacking Finance.

Bitcoin’s Plunge Has Not Shaken Tom Lee

Bitcoin’s latest technical breakdown hasn’t affected Tom Lee’s bullish outlook on the digital currency. The head of research at Fundstrat Global Advisors is standing by his target of $25,000 by year’s end. Typical Volatility In an email conversation with CNBC, Lee said the latest drop in market prices can be attributed to “typical market volatility” […]

The post Bitcoin’s Plunge Has Not Shaken Tom Lee appeared first on Hacked: Hacking Finance.

US Launches Criminal Probe Into Bitcoin Price Manipulation

The Justice Department has opened a criminal probe into whether traders are manipulating the price of Bitcoin and other digital currencies, dramatically ratcheting up U.S. scrutiny of red-hot markets that critics say are rife with misconduct, Bloomberg reported Thursday, citing people familiar with the matter. From the report: The investigation is focused on illegal practices that can influence prices -- such as spoofing, or flooding the market with fake orders to trick other traders into buying or selling, said the people, who asked not to be identified because the review is private. Federal prosecutors are working with the Commodity Futures Trading Commission, a financial regulator that oversees derivatives tied to Bitcoin, the people said. Authorities worry that virtual currencies are susceptible to fraud for multiple reasons: skepticism that all exchanges are actively pursuing cheaters, wild price swings that could make it easy to push valuations around and a lack of regulations like the ones that govern stocks and other assets.

Read more of this story at Slashdot.

Crypto Update: Coins Spike Lower amid Regulatory Woes, Technical Breakdown

Following a period of directionless range trading in the segment, cryptocurrencies got hit hard yesterday, on a very busy day in financial markets. The largest coins and small caps are down by 20% in two days on average, with the total value of the market declining by around $70 billion. The Indian tax plan, and […]

The post Crypto Update: Coins Spike Lower amid Regulatory Woes, Technical Breakdown appeared first on Hacked: Hacking Finance.

Trade Recommendation: Populous

The Populous/Bitcoin (PPT/BTC) pair launched its uptrend on January 7, 2018 when it took out resistance of 0.0032. This triggered the cup and handle reversal pattern on the daily chart. The breakout attracted so much momentum that the pair quickly became parabolic. With its supercharged velocity, PPT/BTC skyrocketed to 0.007901 on January 31. In less […]

The post Trade Recommendation: Populous appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Lose Ground as Range Trading Continues

While the weekend rally got bulls hope up that the consolidation phase might have ended, the technical setup hasn’t changed much in the segment, and today all of the major coins are lower again. The losses, which range from 2-5%, are not significant from a long-term standpoint, and most of the top coins are still […]

The post Crypto Update: Coins Lose Ground as Range Trading Continues appeared first on Hacked: Hacking Finance.

Trade Recommendation: CoinDash

Our trade recommendation for CoinDash/Bitcoin (CDT/BTC) on March 23, 2018 hit its target on April 29 when the market went as high as 0.0000086. In a little over a month, those who followed the recommendation grew their investments by close to 80%. The next step after the market hit the resistance was to wait for […]

The post Trade Recommendation: CoinDash appeared first on Hacked: Hacking Finance.

It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump

In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On May 14, a Reddit post linked to LamePT, claiming to have leaked their infrastructure including a database containing victim information.

Figure 1 – Screenshot of the site hosting the leaked data

The current leaked assets include:

  • MYSQL database
  • Audio recordings
  • The old C2 server and assets
  • AppData folder (presumably of the C2 server)
  • Current C2 server and control panel

Further leaked documents are behind a paywall payable to a fresh bitcoin address. The first payment was made on May 13th, 2018 leaving a balance of $1,110.87. It’s difficult to verify if someone paid to have the first dataset released or the actor paid themselves to appear more authentic. With that said, the authenticity of the data is still in question as we have some significant doubts on at least a portion of the data. For example, the following SMS caught our attention:

“Wife.how she knew the time of murder exactly”.

This text can be found in an SMS spam dataset used for training spam engines. Many other English based SMS messages can also be found here. “will be office around 4 pm. Now I am going hospital” is another example. Universities tend to use these datasets to teach computer science concepts. In this case, the concept is likely related to machine learning techniques for categorizing messages into spam. One university came up often when searching for these messages based on its Computer Science I: Fundamentals homework postings. Other messages could be found in cached websites.

“Credit shuma ka mast jahat ezdiad credit ba hesab tan shumarai 222 ra dair namoda w aba taqeeb aan code 14 raqami ra dakhel nomaed .”

This translates to “Credit card is not available for sale at 222 days or less than 142 days.” and found cached in a language translation site. This particular phrase was being translated from Turkish to Urdu. Not all of the messages were found publicly online. Most of the messages were in Middle Eastern languages presenting its own challenges. Other sources were found such as Facebook posts; however, sources for the vast majority of the SMS message have not yet been located. For these reasons, we remain skeptical of the authenticity of the data.

Figure 2 – Facebook post with the same text as an SMS message

Other data such as the recordings do not appear to be publicly available. After sampling 100 of these files we’ve found them to sound like authentic recordings. The majority are in 7 minute 59 second .3gpp files. Most appear to be ambient conversations and daily activities and not phone calls as was expected. Searching for public audio is difficult but we can verify that the hashes of the 100 are not publicly indexed by major search engines nor are the file names themselves.

Until we know for certain whether the data is authentic we cannot grantee that this data dump represents ZooPark and its capabilities but we can look at what they could be up to. After reviewing the leaked MySQL database we’ve learned much about the ZooPark’s potential operations.

Tables Included:

  • Appinfotracking
  • Audiotracking
  • Calltracking
  • Emailtracking
  • geolog
  • gpslocation
  • phonebookaccess
  • phototracking
  • recordcall
  • registration
  • sales_user_info
  • settings
  • smstracking
  • urltracking

From the table names alone, we can infer a lot of the access ZooPark had to user devices and the data they were after. Call tracing, phonebook access, and SMS tracking are unfortunately very common to collect amongst malicious app developers. However, audio tracking caught our attention. While we are still analyzing the dataset, the database records indicate over 102,571 recordings have been uploaded to their C2 server between 2015 and 2018. The dump contains approximately 3,887 of these, jeopardizing private and potentially highly sensitive conversations. Our sampling of these files indicate that the audio was recorded in roughly 8-minute blocks. Most, but not all audio files took place with time gaps between them. There was at least one group conversation that continued on for at least 3 recorded blocks. A surprisingly low number of phone numbers generated these recordings. Only eight phone numbers are part of the recording available through this data dump.

Other conversations were also captured such as SMS texts although portions of these have been found publicly in open datasets. Conceivably, these could have been generated by researchers investigating the malicious Android apps but it’s more likely they were generated by the data leaker to sell the dump. The SMS texts contain much of what you expect such as general chat, and advertisements. However, it’s also riddled with embarrassing or explicit texts which could be used against the users should they prove legitimate. Additionally, we’ve found cleartext two-factor authentication messages from major services such as Google and LinkedIn, and popular chat apps such as Telegram. ZooPark could have used these to gain access to additional services unbeknownst to the victims. After attempting and failing to rebuild several English based conversations we have little confidence that the entire data set came from ZooPark. However, It does exemplify the real danger of sensitive conversations being collected by Zoopark and available for their operations.

Another surprising find is in the Appinfotracking table, where there are 1541 unique apps listed, indicating a very large campaign. Here are a few notable ones:

  • Youtube
  • Wikipedia
  • WhatsApp
  • WinZip
  • Weather
  • VLC
  • Twitter
  • Telegram
  • TrueCaller
  • Tango
  • Pinterest
  • ICQ
  • Flashlight
  • Facebook
  • DUO
  • Dropbox
  • Crunchyroll

There were relatively few games listed compared to other social and utility apps, perhaps suggesting a more utilitarian or professional target. Approximately, 92 phone numbers are listed in relation to the apps. Of the GPS coordinates we’ve checked the middle east is still the main focus, with a significant footprint in Egypt.

While the data leakers request is for Bitcoin payment, we believe they are primarily interested in acquiring Monero coin. Once payments are made the actors use a popular tool called ShapeShift to turn the Bitcoin into Monero (XMR). Shapeshift allows the actors to pay in from one cryptocoin and receive a payout in another without creating an account for the service. The added Monero features enable them to maintain greater anonymity during the transfer. It is anonymity that usually motivates cybercriminals to move to Monero.  Monero coins are of interest due to their improved anonymity and privacy-related improvements, making it difficult to for law enforcement and security researchers to trace.

Shapeshift Transaction from BitCoin (BTC) to Monero (XMR)

The actor who leaked this data is obviously motivated by money as evidenced by the requested payment for further data leaks. Fake datasets, especially those that contain credit card information, email addresses and passwords, have been known to be for sale to scam other cybercriminals. It’s a distinct possibility that this could be the case with the current data dump but it has yet to be determined. However, competition also can play a primary motivator. Many times competing bad actors will attempt to sabotage others in the space. Altruism can play a role as well. Some vigilante actors may believe that their motivations are for the greater good regardless of the laws they break and collateral damage. Whatever the motivations are, data leaks like these can be embarrassing, damaging and in some cases dangerous for the victims whose information it may contain.
Other points of interest:

  • There are a surprisingly low number of unique victim numbers in the database with only 169.
  • The latest URL record is as recent as May 12,2018
  • The latest SMS record is as recent as May 8,2018
  • 81 unique numbers had 47,784 records of GPS data stored

Bitcoin Address:

  • 1AUMs2ieZ7qN4d3M1oUPCuP3CH9WGQxpbd

The post It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump appeared first on McAfee Blogs.

Crypto Update: Sideways Drift Continues as Bitcoin Fights with the $8400 Level

The largest coins attempted another rally towards the end of the weekend, but today the, not too strong, momentum faded and the majority of the majors is sliding lower today. The coins are in or close to the recent trading ranges, with the whole segment hovering in or near the recent ranges, without major changes […]

The post Crypto Update: Sideways Drift Continues as Bitcoin Fights with the $8400 Level appeared first on Hacked: Hacking Finance.

Trade Recommendation: POWR/BTC

The Power Ledger/Bitcoin pair (POWR/BTC) bottomed out on March 18 at 0.000036 (A-wave). At this price level, the market was already flashing signs of reversal. First is the bullish divergence that can be spotted on the RSI. Second is the hammer candlestick on the daily chart that suggests the presence of buyers below 0.0000395. Bottom […]

The post Trade Recommendation: POWR/BTC appeared first on Hacked: Hacking Finance.

Cryptocurrencies Rebound 8% from Recent Low as Tom Lee Gives Post-Consensus Takeaways

Cryptocurrenc prices have begun the week on a positive note, as bullish sentiment returned to the market following an underwhelming reaction to the Consensus blockchain summit. Crypto Prices Rally Bitcoin and the broader altcoin universe booked solid gains Monday. The combined value of all cryptocurrencies peaked at $392 billion, according to CoinMarketCap. At time time […]

The post Cryptocurrencies Rebound 8% from Recent Low as Tom Lee Gives Post-Consensus Takeaways appeared first on Hacked: Hacking Finance.

Trade Recommendation: aelf

The Aelf/Bitcoin pair (ELF/BTC) has been trapped in a wide range between 0.000056 to 0.00022 since December 22, 2017. For about a month and a half, market participants accumulated positions as seen on the daily average Aelf volume of 30 – 40 million units. By February 6, 2018, volume began to exponentially decline. This suggests […]

The post Trade Recommendation: aelf appeared first on Hacked: Hacking Finance.

Trade Recommendation: WAVES/BTC

Our April 10, 2018 trade recommendation for the Waves/Bitcoin pair (WAVES/BTC) achieved its target on April 28 when it went as high as 0.00073. Those who followed the trade recommendation grew their investments by over 37% in two weeks. While we expected the pair to range trade, WAVES/BTC is showing signs of strength by overshooting […]

The post Trade Recommendation: WAVES/BTC appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum Back Above $700 as Coins Rise but Buy Signals Still Lacking

The major cryptocurrencies are all sporting gins today, with Ethereum, EOS, Stellar, and Monero leading the way higher percentage-wise. Despite the rally, the short-term technical setup is unchanged in most cases, with the top coins still on neutral trend signals, and with no buy signals having been triggered just yet. From a technical standpoint, Ethereum […]

The post Crypto Update: Ethereum Back Above $700 as Coins Rise but Buy Signals Still Lacking appeared first on Hacked: Hacking Finance.

Long-Term Cryptocurrency Analysis: Bitcoin Remains Under Pressure as Divergence Deepens

The segment has been drifting lower in a choppy fashion ever since our latest look at the long-term charts and the two-faced nature of the market is still apparent. Bitcoin and the other relatively weak majors, like Litecoin, Monero, Dash, and NEO are clearly lagging the leaders from a technical standpoint, while Ethereum is still […]

The post Long-Term Cryptocurrency Analysis: Bitcoin Remains Under Pressure as Divergence Deepens appeared first on Hacked: Hacking Finance.

Trade Recommendation: TRON

Our March 21, 2018 trade recommendation for TRON/Bitcoin (TRX/BTC) hit its mark on April 24 when the market reached 0.000008. Those who followed the trade recommendation grew their investments by 100% in a month. While we were expecting the pair to range trade, it overshot our target and climbed to 0.00001 resistance on April 30. […]

The post Trade Recommendation: TRON appeared first on Hacked: Hacking Finance.

Cryptocurrency Prices Approach One-Month Lows as Altcoins Plunge, Bitcoin Falls Below $8,000

Crypto prices were down sharply at the start of Friday trading, with the total market capitalization falling $22 billion over the past 24 hours. Market Update At the time of writing, cryptocurrencies were collectively valued at $361.6 billion, according to the latest data from CoinMarketCap. The asset class peaked above $391 billion roughly 20 hours […]

The post Cryptocurrency Prices Approach One-Month Lows as Altcoins Plunge, Bitcoin Falls Below $8,000 appeared first on Hacked: Hacking Finance.

Investors Have Placed $1 Billion in Cryptocurrency Offerings Rampant With Red Flags For Fraud

Investors have sent $1 billion into digital coin projects that flash warning signs for fraud, The Wall Street Journal reported Thursday. The revelation comes a day after the SEC created its own fake ICO to teach investors a lesson. From a report: In a review of 1,450 digital coin offerings, the Journal said it found 271 bore red flags such as plagiarized documents or fake executive information. Investors have already claimed losses of up to $273 million in these projects, the newspaper said, according to lawsuits and regulatory actions. The coin sales, or "initial coin offerings," give investors the chance to buy into a new digital token while letting developers get easy access to funding. The process may be a little too easy for many projects that are unproven or outright scams. Coin offerings have raised roughly $9.8 billion in the two years through mid-March, according to financial research firm Autonomous Next. The Journal found widespread plagiarism in 111 projects' online whitepapers, including word-for-word copies of marketing plans and technical features.

Read more of this story at Slashdot.

Trade Recommendation: Bytecoin/Bitcoin

The Bytecoin/Bitcoin pair (BCN/BTC) started its uptrend on May 16, 2017 when it took out resistance of 0.0000004. The price action marked the end of the long base building process that began in May 2016. As a result, the pair attracted so much momentum that it quickly became parabolic. On May 21, 2017 it skyrocketed […]

The post Trade Recommendation: Bytecoin/Bitcoin appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin

This is a longer term buy trade. Since the pullback we have seen off the 10,000 level the price has essentially been range bound with Bitcoin, and this is reflected in the Monthly Pivot Price.  However, we can be confident in the support levels. You can see the Monthly Pivot Range low was key support, […]

The post Trade Recommendation: Bitcoin appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum Stuck at $700 as Choppy Trading Continues

Crypto traders are a having another slightly frustrating and directionless session, as the major digital currencies are all trading in narrow short-term ranges. Trading activity declined too, as volumes are down across the board, and the technicals are still not decisive. The weakness of Bitcoin and the strength of Ethereum are balancing the segment out, […]

The post Crypto Update: Ethereum Stuck at $700 as Choppy Trading Continues appeared first on Hacked: Hacking Finance.

Altcoins Lead Crypto Market Recovery as Consensus Summit Draws to a Close

Cryptocurrencies rose in overnight trading Thursday, as altcoins rebounded from a double-digit slump on the heels of the biggest blockchain summit of the year. Altcoins Lead Recovery All major crypto assets reported gains Thursday, clawing back nearly $18 billion in lost market cap from the previous day’s low. At press time, the combined value of […]

The post Altcoins Lead Crypto Market Recovery as Consensus Summit Draws to a Close appeared first on Hacked: Hacking Finance.

Nobody Knows How Much Energy Bitcoin Is Using

dmoberhaus writes: A new report published in 'Joule' today claims Bitcoin may use up to 0.5% of the world's energy by the end of this year. We often hear about how bad Bitcoin is for the environment -- it already uses the same amount of energy as the country of Ireland -- but these numbers are usually just the /minimum/ amount of energy the network must be using. The actual amount of energy used by the Bitcoin network is likely substantially higher, but getting an accurate reading on that energy level is hard. The only researcher trying to quantify Bitcoin's energy use spoke to Motherboard about opening Bitcoin's 'black box.'

Read more of this story at Slashdot.

Crypto Update: Another Bearish Session but Technical Damage Limited

While today’s trading has been dominated by sellers, so far, the cryptocurrency segment continues to trade without a clear direction, even as the bearish short-term bias is apparent in the case of the majors and especially Bitcoin. The most valuable coin continues to lag the leaders of the market, and it hit a new correction […]

The post Crypto Update: Another Bearish Session but Technical Damage Limited appeared first on Hacked: Hacking Finance.

Cryptocurrencies Plunge $23 Billion as Consensus Summit Fails to Provide a Boost

Cryptocurrency prices slumped further into the red on Wednesday after a high-profile blockchain summit failed to spark a sustained recovery. Crypto Prices Sink Measured by market capitalization, cryptocurrencies are down roughly $23 billion on Wednesday. The combined value of all currencies is currently hovering around $380.4 billion, according to data provider CoinMarketCap. Market valued had […]

The post Cryptocurrencies Plunge $23 Billion as Consensus Summit Fails to Provide a Boost appeared first on Hacked: Hacking Finance.

Technical Analysis: Coins Stabilize After Correction, Bullish Trend Still On

Although the major cryptocurrencies are still well below the highs hit in late April, and none of the top coins resumed the uptrend yet, the market remains positive, with price action still being consistent with an ongoing recovery. The technical divide between Bitcoin and Ethereum is still dominant, with the ETH/BTC pair hovering around its […]

The post Technical Analysis: Coins Stabilize After Correction, Bullish Trend Still On appeared first on Hacked: Hacking Finance.

Bitcoin millionaire Dies In Suspected Suicide after social media show off

Young Bitcoin millionaire found dead in St. Petersburg apartment

While social networking may be one of the best way to instantly reach people from anywhere and keep them updated of your life, it can at the same time invite all kinds of problems that sometimes can’t ever be undone.

A Russian cryptocurrency investor and YouTube blogger who had taken to social media and posted videos to show off his wealth online has been found dead in an apparent suicide in his apartment.

Pavel Myakushin, 23, also known as Pavel Nyashin, was the victim of a robbery in January, which saw 24 million Russian rubles (approximately $38,000 USD) stolen from his safe. At that time, the blogger had mentioned that he had boasted about his wealth on YouTube which accidentally revealed his address and made him an easy target for robbers.

The assault was carried out by a gang dressed in Santa Claus costumes in the village of Lazurniye Berega, just outside St. Petersburg in northwest Russia. Besides stealing a large amount of money, the gang also fled away with a number of iPhone X handsets and crashed Myakushin’s Bitcoin mining farm, which he used to assemble his cryptocurrency fortune.

According to Myakushin’s mother, a large amount of the stolen cash belonged to potential Bitcoin investors. The robbery had left Myakushin depressed since January, as he was unable to pay the money back. His mother was reported to have pointed that the robbery could have led him to take his own life.

The police say that there was no sign of anyone else being involved in Pavel’s death. Also, there is no news if the gang who robbed him has ever been caught.

Myakushin, who blogged about cryptocurrency as well as provided consultancy service for potential investors had a popular YouTube channel with almost 20,000 subscribers.

Source: nzherald

The post Bitcoin millionaire Dies In Suspected Suicide after social media show off appeared first on TechWorm.

Devs Find Fake Version of Bitcoin Wallet Stealing Users’ Seeds

Developers have found that a fake version of a popular Bitcoin Wallet comes equipped with the ability to steal users’ seeds. On 9 May, the Electrum team published a document on GitHub calling out “Electrum Pro” as “stealware” and “bitcoin-stealing malware.” According to the developers, the individuals behind Electrum Pro took control of “electrum dot […]… Read More

The post Devs Find Fake Version of Bitcoin Wallet Stealing Users’ Seeds appeared first on The State of Security.

Blockchain-powered e-commerce startup leaks personal information of 25,000 early investors

A misconfigured MongoDB database has led to the leak of names, email and physical addresses, wallet information, encrypted passwords, and driver’s license and passport numbers of 25,000 early investors in Bezop. The leak deals a second security-related blow in months to the e-commerce startup, which hopes to give retail giant Amazon a run for its money by fashioning its business around digital currency.

Bezop is a decentralized blockchain-powered commerce platform, similar in some ways to Amazon, that hopes to be “the future of global trade,” according to its creators.

“No monthly fees, Build professional amazon-like stores and start accepting cryptocurrency in minutes,” reads a marketing tagline on the firm’s website.

The business is based on its own Bezop cryptocurrency, which trades under the name BEZ. Users are promised several sure-fire ways to generate profits, not just by selling goods in exchange for crypto coins, but also by participating in “mining” programs for an extra incentive.

However, things went awry for Bezop when researchers at Kromtech (a developer of popular macOS utilities) found a misconfigured MongoDB database that was showing the personal information of 25,000 Bezop investors in plain text – publicly, for anyone with access to the Internet to see.

When alerted to the breach in March, Bezop fixed the problem but made no public admission that it messed up so badly – if there’s one thing a startup needs like air, it’s the trust of its early backers.

Sadly for Bezop, it’s not the first time the company has made headlines for insecure handling of user data. As reported by hackread.com, only a few months ago the company sent usernames and passwords in cleartext format.

John McAffee (the founder of the security firm with the same name) sits on Bezop’s board of directors, but his expertise has apparently yet to rub off on the company he is backing.

‘McAfee Labs Threats Report’ Examines Cryptocurrency Hijacking, Ransomware, Fileless Malware

Today McAfee published the McAfee Labs Threats Report: March 2018. The report looks into the growth and trends of new malware, ransomware, and other threats in Q4 2017. McAfee Labs saw on average eight new threat samples per second, and the increasing use of fileless malware attacks leveraging Microsoft PowerShell. The Q4 spike in Bitcoin value prompted cybercriminals to focus on cryptocurrency hijacking through a variety of methods, including malicious Android apps.

Each quarter, McAfee Labs, led by the Advanced Threat Research team, assesses the state of the cyber threat landscape based on threat data gathered by the McAfee Global Threat Intelligence cloud from hundreds of millions of sensors across multiple threat vectors around the world. McAfee Advanced Threat Research complements McAfee Labs by providing in-depth investigative analysis of cyberattacks from around the globe.

Cybercriminals Take on New Strategies, Tactics

The fourth quarter of 2017 saw the rise of newly diversified cybercriminals, as a significant number of actors embraced novel criminal activities to capture new revenue streams. For instance, the spike in the value of Bitcoin prompted actors to branch out from moneymakers such as ransomware, to the practice of hijacking Bitcoin and Monero wallets. McAfee researchers discovered Android apps developed exclusively for the purpose of cryptocurrency mining and observed discussions in underground forums suggesting Litecoin as a safer model than Bitcoin, with less chance of exposure.

Cybercriminals also continued to adopt fileless malware leveraging Microsoft PowerShell, which surged 432% over the course of 2017, as the threat category became a go-to toolbox. The scripting language was used within Microsoft Office files to execute the first stage of attacks.

Health Care Targeted

Although publicly disclosed security incidents targeting health care decreased by 78% in the fourth quarter of 2017, the sector experienced a dramatic 210% overall increase in incidents in 2017. Through their investigations, McAfee Advanced Threat Research analysts conclude many incidents were caused by organizational failure to comply with security best practices or address known vulnerabilities in medical software.

McAfee Advanced Threat Research analysts looked into possible attack vectors related to health care data, finding exposed sensitive images and vulnerable software. Combining these attack vectors, analysts were able to reconstruct patient body parts, and create three-dimensional models.

Q4 2017 Threats Activity

Fileless malware. In Q4 JavaScript malware growth continued to slow with new samples decreasing by 9%, while new PowerShell malware more than tripled, growing 267%.

Security incidents. McAfee Labs counted 222 publicly disclosed security incidents in Q4, a decrease of 15% from Q3. 30% of all publicly disclosed security incidents in Q4 took place in the Americas, followed by 14% in Europe and 11% in Asia.

Vertical industry targets. Public, health care, education, and finance, respectively, led vertical sector security incidents for 2017.

  • Health Care. Disclosed incidents experienced a surge in 2017, rising 210%, while falling 78% in Q4.
  • Public sector. Disclosed incidents decreased 15% in 2017, down 37% in Q4.
  • Disclosed incidents rose 125% in 2017, remaining stagnant in Q4.
  • Disclosed incidents rose 16% in 2017, falling 29% in Q4. 

Regional targets

  • Disclosed incidents rose 46% in 2017, falling 46% in Q4.
  • Disclosed incidents fell 58% in 2017, rising 28% in Q4.
  • Disclosed incidents fell 20% in 2017, rising 18% in Q4.
  • Disclosed incidents rose 42% in 2017, falling 33% in Q4. 

Attack vectors. In Q4 and 2017 overall, malware led disclosed attack vectors, followed by account hijacking, leaks, distributed denial of service, and code injection.

Ransomware. The fourth quarter saw notable industry and law enforcement successes against criminals responsible for ransomware campaigns. New ransomware samples grew 59% over the last four quarters, while new ransomware samples growth rose 35% in Q4. The total number of ransomware samples increased 16% in the last quarter to 14.8 million samples.

Mobile malware. New mobile malware decreased by 35% from Q3. In 2017 total mobile malware experienced a 55% increase, while new samples declined by 3%.

Malware overall. New malware samples increased in Q4 by 32%. The total number of malware samples grew 10% in the past four quarters.

Mac malware. New Mac OS malware samples increased by 24% in Q4. Total Mac OS malware grew 58% in 2017.*

Macro malware. New macro malware increased by 53% in Q4, declined by 35% in 2017.

Spam campaigns. 97% of spam botnet traffic in Q4 was driven by Necurs—recent purveyor of “lonely girl” spam, pump-and-dump stock spam, and Locky ransomware downloaders—and by Gamut—sender of job offer–themed phishing and money mule recruitment emails.

*This blog post has been edited to correct the percentage increase of Mac OS malware in 2017.

For more information on these threat trends and statistics, please visit:

Twitter @Raj_Samani & @McAfee_Labs.

The post ‘McAfee Labs Threats Report’ Examines Cryptocurrency Hijacking, Ransomware, Fileless Malware appeared first on McAfee Blogs.

McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime

In December 2017 Bitcoin values skyrocketed, peaking at the unprecedented amount of roughly US$19,000 per coin. Unsurprisingly, the market for cryptocurrencies exploded in response. Investors, companies, and even the public found a fresh interest in digital currencies. However, the exciting change in Bitcoin value did not just influence your average wealth seeker. It also influenced vast underground cybercriminal markets, malware developers, and cybercriminal behavior.

Blessing and Curse

The surge of Bitcoin popularity and price per coin piqued the interest of cybercriminals, driving cryptocurrency hijacking in the last quarter of 2017. However, the same popularity and price jump also created a headache for bad actors. Ransomware techniques and the buying and selling of goods became problematic. The volatility of the Bitcoin market makes ransom costs hard to predict at the time of infection and costs can surge upwards of $28 per transaction, complicating a criminal campaign. The volatility made mining, the act of using system resources to “mint” cryptocurrency, exceedingly difficult and raised transaction prices. This was especially true for Bitcoin, due its high hash rate of the network. (The higher the hash rate, the more people they compete against.)

Cybercriminals will always seek to combine the highest returns in the shortest time with the least risk. With the Bitcoin surge, malware developers and underground markets found themselves in need of more stability, prompting a switch to other currencies and a resurgence of old techniques.

It is far easier to mine small currencies because the hash rate is generally more manageable and hardware requirements can be more accessible depending on the network design. Monero, for example, is ASIC resistant, meaning that while mining specialized hardware does not have an overwhelming advantage to nonspecialized hardware. This allows the average computer to be more effective at the task. Due to this advantage, Monero is actively mined in mass by criminals using web-based miners on the machines of unsuspecting visitors. This intrusion is known as cryptojacking, which works by hijacking the browser session to use system resources. A quick look at recent examples of cryptojacking throws light on this issue. Starting mid-2017, there have been a slew of instances in which major websites have found themselves compromised and unwittingly hosting the code, turning their users into mining bots. The public Wi-Fi at a Starbucks outlet was found to hijack browsers to mine Monero. Even streaming services such as YouTube have been affected through infected ads. Ironically, Monero is said to be one of the most private cryptocurrencies. Attacks such as these have also happened on Bitcoin, NEM, and Ethereum.

Criminals are also leveraging techniques beyond mining, such as cryptocurrency address or wallet hijacking. For example, Evrial, a Trojan for sale on underground markets, watches the Windows clipboard and replaces any cryptocurrency wallet addresses with its own malicious address. Essentially, this hijacks a user’s intended payment address to redirect funds. Unwitting users could accidentally pay a bad actor, losing their coins with essentially no chance of recovery.

A Brief Timeline

Cybercriminals have always faced the difficulty of securing their profits from government eyes. For the cybercriminal, banks present risk. If a transfer is deemed illegal or fraudulent, the bank transfer can easily be traced and seized by the bank or law enforcement. Trading in traditional currencies requires dealing with highly regulated entities that have a strong motivation to follow the rules. Any suspicious activity on their systems could easily result in the seizure of funds. Cybercriminals have long tried to solve this problem using various digital currencies, the prelude to cryptocurrencies. When cryptocurrencies were introduced to the world, cybercriminals were quick to adapt. However, with this adoption came Trojans, botnets, and other hacker activities designed specifically for the new technology.

The evolution of digital currencies. Despite various attacks from bad actors, digital money continues to evolve.

1996: E-gold appeared, and quickly became popular with cybercriminals due to its lack of verification on accounts. This was certainly welcome among “carder groups” such as ShadowCrew, which trafficked in stolen credit cards and other financial accounts. However, with three million accounts, e-gold’s popularity among criminals also caused its demise: It was taken down just 10 years later by the FBI, even after attempts in 2005 to rein in criminal activity. Accounts were seized and the founder indicted, collapsing all e-gold operations.

2005: Needing another avenue after the collapse of e-gold, cybercriminals migrated to WebMoney, established in 1998. Unlike e-gold, WebMoney successfully discouraged the bulk of cybercriminals by modifying business practices to prevent illegal activities. This kept the organization alive but pushed many cybercriminals to find a new payment system.

2006: Liberty Reserve took on much of the burgeoning cybercriminal demand. The institution got off to a rocky start with cybercriminals due to the almost immediate arrest of its founders. The company’s assets were seized in 2013—causing an estimated $6 billion in lost criminal funds.

2009: Cybercriminals were increasingly desperate for a reliable and safe payment system. Enter Bitcoin, a decentralized, pseudo-anonymous payment system built on blockchain technology. With WebMoney usage growing increasingly difficult for cybercriminals and Liberty Reserve under scrutiny from world governments, cybercriminals required something new. Within the Bitcoin network, no central authority had the power to make decisions or otherwise seize funds. These protections against centralized seizures, as well as many of its anonymity features, were a major influence in the migration of cybercriminals to Bitcoin.

Game Changers

By 2013 cybercriminals had a vested interest in cryptocurrencies, primarily Bitcoin. Cryptocurrency-related malware was in full swing, as evidenced by increasingly sophisticated botnet miner kits such as BitBot. Large enterprises such as Silk Road, primarily a drug market, thrived on the backbone of cryptocurrency popularity. Then three major events dramatically changed the way cybercriminals operated.

Silk Road closed: The popular black market and first major modern cryptocurrency “dark net” market was shut down by the FBI. The market was tailored to drug sales, and the FBI takedown left its buyers and sellers without a place to sell their goods. The migration of buyers and sellers to less restrictive markets enabled cross-sales to a much larger audience than was previously available to cybercriminals. Buyers of drugs could now also buy stolen data—including Netflix accounts or credit cards—from new markets such as AlphaBay as demand increased.

Major retailers breached: Millions of credit card records were stolen and available, raising the demand for underground markets to buy and sell the data. Dark net markets already offering malware and other goods and services took up the load. Agora, Black Market Reloaded and, shortly thereafter, AlphaBay responded to that demand. Although many of these markets were scams, a few such as AlphaBay, which survived until its July 2017 takedown, were hugely successful. Through these markets, cybercriminals had access to a much larger audience and could benefit from centralized structures and advertising. The demand for other types of stolen data rose even more, particularly streaming media accounts and personally identifiable information, which carries a high financial return for cybercriminals.

In the past, many of the credit card records were sold on forums and other specialized carding sites, such as Rescator. The new supply of credit card data was so massive, however, that it enabled secondhand sales and migration into broader markets. Dark net markets were simply more scalable than forums, thus enabling their further growth. New players joining the game now had easy access to goods, stolen data, and customers. This shift reshaped and enabled retail targeting as it exists today.

Cryptocurrency-based ransomware introduced: Outside of dark net markets, malware developers sought to acquire cryptocurrencies. Prior to 2013 the primary method to maliciously acquire coin was through mining. Less effective methods included scams, such as TOR-clone sites, fake markets, or Trojans designed to steal private keys to wallets. By late 2013 malware developers and botnet owners sold their malware at a premium by including mining software alongside the usual items such as credit cards and password scrapers. However, at a cost of around $250 per coin, Bitcoin miners did not immediately see higher profits than they could manage with focused scraper malware. Criminals needed more reliable ways of acquiring coins.

Ransomware, a potentially lucrative form of malware, was already on the rise using other digital currencies. In late 2013, the major ransomware family CryptoLocker included a new option for ransomware victims—to pay via Bitcoin. The tactic effectively created a frenzy of copycat malware. Now malware developers could outpace the profits of scraper malware as well as secure currency for the underground market. Ransomware quickly enjoyed several immensely successful campaigns, many of which, including Locky and Samsa, are still popular. Open-source tools such as Hidden Tear allowed low-skilled players to enter the market and acquire cryptocurrencies through ransomware with only limited coding knowledge. The thriving model ransomware as a service emerged with TOX, sold via a TOR hidden service in 2015.

The use of cryptocurrencies by malicious actors has grown substantially since their inception in 2009. Cryptocurrencies meet a need and have been exploited in ever-evolving ways since their introduction. The influence of cryptocurrencies on underground markets, malware development, and attackers behavior cannot be understated. As markets change and adopt cryptocurrencies, we will surely see further responses from cybercriminals.

 

Resources

https://securingtomorrow.mcafee.com/business/exploring-correlation-bitcoins-boom-evrials-capabilities/
https://securingtomorrow.mcafee.com/mcafee-labs/darknet-markets-will-outlive-alphabay-hansa-takedowns/
https://blogs.mcafee.com/mcafee-labs/weve-hacked-okay-ill-deal-next-week/
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2014.pdf
https://securingtomorrow.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us/
https://www.forbes.com/sites/forbestechcouncil/2017/08/03/how-cryptocurrencies-are-fueling-ransomware-attacks-and-other-cybercrimes/2/#25d727c56144
https://threatpost.com/new-ransomware-scam-accepts-bitcoin-payment/102632/
https://www.mcafee.com/threat-center/threat-landscape-dashboard/
“Dynamic Changes in Underground Markets,” by Charles McFarland. Cyber Security Practitioner, Vol. 2, Issue 11. November 2016.
https://en.wikipedia.org/wiki/Silk_Road_(marketplace)
http://www.mcafee.com/us/resources/white-papers/wp-digital-laundry.pdf
https://en.wikipedia.org/wiki/Liberty_Reserve
https://securingtomorrow.mcafee.com/mcafee-labs/delving-deeply-into-a-bitcoin-botnet
https://arstechnica.com/tech-policy/2017/12/bitcoin-fees-rising-high/
https://www.bleepingcomputer.com/news/security/venuslocker-ransomware-gang-switches-to-monero-mining/
https://securingtomorrow.mcafee.com/mcafee-labs/malware-mines-steals-cryptocurrencies-from-victims/
https://www.theverge.com/2017/9/26/16367620/showtime-cpu-cryptocurrency-monero-coinhive
https://gizmodo.com/hackers-hijacking-cpus-to-mine-cryptocurrency-have-now-1822466650
https://techcrunch.com/2018/02/12/browsealoud-coinhive-monero-mining-hack/
https://www.fbi.gov/news/stories/alphabay-takedown
https://securingtomorrow.mcafee.com/mcafee-labs/free-ransomware-available-dark-web/
http://www.bbc.com/news/technology-42338754

The post McAfee Researchers Analyze Dark Side of Cryptocurrency Craze: Its Effect on Cybercrime appeared first on McAfee Blogs.

All Up In Your Browser: Stopping Cryptojacking Attacks

With the massive upsurge in the value of bitcoin and other cryptocurrencies, cybercriminals are turning their prime focus to cryptocurrency. One of the fastest growing forms of malware are those mining cryptocurrencies on victim machines. Specifically, using the browsers of visitors as CPU cryptocurrency miners. Even news sites are utilizing this to monetize their websites and blogs. As bitcoin often takes specialized hardware to effectively mine, criminals are turning to Monero as the mining currency of choice for victim machines.

Lazarus Resurfaces, Targets Global Banks and Bitcoin Users

This blog was written with support and contributions provided by Asheer Maholtra, Jessica Saavedra Morales, and Thomas Roccia.

McAfee Advanced Threat Research (ATR) analysts have discovered an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact.

This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed as employee recruitment, but now targets Bitcoin users and global financial organizations. When victims open malicious documents attached to the emails, the malware scans for Bitcoin activity and then establishes an implant for long-term data-gathering.

HaoBao targets and never-before-seen implants signal to McAfee ATR an ambitious campaign by Lazarus to establish cryptocurrency cybercrime at a sophisticated level.

Background

Beginning in 2017, the Lazarus group heavily targeted individuals with spear phishing emails impersonating job recruiters which contained malicious documents. The campaign lasted from April to October and used job descriptions relevant to target organizations, in both English and Korean language. The objective was to gain access to the target’s environment and obtain key military program insight or steal money. The 2017 campaign targets ranged from defense contractors to financial institutions, including crypto currency exchanges, however; much of this fake job recruitment activity ceased months later, with the last activity observed October 22, 2017.

Analysis

On January 15th , McAfee ATR discovered a malicious document masquerading as a job recruitment for a Business Development Executive located in Hong Kong for a large multi-national bank. The document was distributed via a Dropbox account at the following URL:

hxxps://www.dropbox.com/s/qje0yrz03au66d0/JobDescription.doc?dl=1

This is the mark of a new campaign, though it utilizes techniques, tactics and procedures observed in 2017. This document had the last author ‘Windows User’ and was created January 16, 2018 with Korean language resources. Several additional malicious documents with the same author appeared between January 16 though January 24, 2018.

Document summary from Virus Total

 

Malicious job recruitment documents


Victims are persuaded to enable content through a notification claiming the document was created in an earlier version of Microsoft Word. The malicious documents then launch an implant on the victim’s system via a Visual Basic macro.

Malicious Microsoft Word document

 

Implants dropped in campaign

The document (7e70793c1ca82006775a0cac2bd75cc9ada37d7c) created January 24, 2018 drops and executes an implant compiled January 22, 2018 with the name lsm.exe (535f212b320df049ae8b8ebe0a4f93e3bd25ed79). The implant lsm.exe contacted 210.122.7.129 which also resolves to worker.co.kr.Implants dropped in campaign

The other malicious document ( a79488b114f57bd3d8a7fa29e7647e2281ce21f6) created January 19, 2018 drops the implant (afb2595ce1ecf0fdb9631752e32f0e32be3d51bb); which is 99% similar-to the lsm.exe implant.

This document was distributed from the following Dropbox URLs:

  • hxxps://dl.dropboxusercontent.com/content_link/AKqqkZsJRuxz5VkEgcguqNE7Th3iscMsSYvivwzAYuTZQWDBLsbUb7yBdbW2lHos/file?dl=1
  • hxxps://www.dropbox.com/s/q7w33sbdil0i1w5/job description.doc?dl=1
HTTP response for job description document

This implant (csrss.exe) compiled January 15, 2018 contacts an IP address 70.42.52.80 which resolves to deltaemis.com. We identified that this domain was used to host a malicious document from a previous 2017 campaign targeting the Sikorsky program.

  • hxxp://deltaemis.com/CRCForm/3E_Company/Sikorsky/E4174/JobDescription.doc

A third malicious document (dc06b737ce6ada23b4d179d81dc7d910a7dbfdde) created January 19, 2018 drops e8faa68daf62fbe2e10b3bac775cce5a3bb2999e which is compiled January 15, 2018. This implant communicates to a South Korean IP address 221.164.168.185 which resolves to palgong-cc.co.kr.

McAfee ATR analysis finds the dropped implants have never been seen before in the wild and have not been used in previous Lazarus campaigns from 2017. Furthermore, this campaign deploys a one-time data gathering implant that relies upon downloading a second stage to gain persistence. The implants contain a hardcoded word “haobao” that is used as a switch when executing from the Visual Basic macro.

Malicious Document Analysis

The malicious document contains two payloads as encrypted string arrays embedded in Visual Basic macro code. The payloads are present as encrypted string arrays that are decrypted in memory, written to disk and launched in sequence (second stage malicious binary launched first and then the decoy document).

The VBA Macro code is self-executing and configured to execute when the OLE document (MS Word doc) is opened (via “Sub AutoOpen()”). The AutoOpen() function in the VBA Macro performs the following tasks in the sequence listed:

  • Decodes the target file path of the second stage binary payload. This file path is calculated based on the current user’s Temp folder location:

<temp_dir_path>\.\lsm.exe

VB code to decrypt second stage filepath
  • Decodes the second stage binary in memory and writes it to the %temp%\.\lsm.exe file location
second stage binary (MZ) as an encrypted String Array in the VBA Macro
second stage binary (MZ) decoded in memory by the VBA Macro
  • After writing the second stage payload to disk the VBA code performs two important actions.
    • Runs the second stage payload using cmd.exe. This is done so that the cmd.exe process exists as soon as the payload is launched. This way a process enumeration tool cannot find the parent process => Smaller footprint.

cmdline for executing the second stage binary:

cmd.exe /c start /b <temp_dir_path>\.\lsm.exe /haobao

  • Adds persistence on the system by creating a shortcut in the user’s Startup folder with the correct cmdline arguments:

Link file command line: <temp_dir_path>\.\lsm.exe /haobao

Link File Name: GoogleUpdate.lnk

Trigger code for executing the second stage binary and establishing persistence

 

LNK file configuration for establishing persistence
  • Once the second stage payload has been launched, the VBA Macro proceeds to display a decoy document to the end user. This decoy document is also stored in the VBA Macro as an encrypted string array (similar to the second stage payload). The decoy document is again written to the user’s temp directory to the following filename/path:

<temp_dir_path>\.\Job Description.doc

Decoy Document decoded in memory by the VBA Macro
  • Once the decoy document has been written to disk, the VBA Macro sets its file attributes to System + Hidden
  • The decoy document is then opened by the malicious VBA Macro and the original malicious document’s caption is copied over to the decoy document to trick the end user into mistaking the decoy document for the original (malicious) document.
  • This activity, combined with the fact that the VBA Macro then closes the current (malicious) document, indicates that the VBA Macro aims to trick an unsuspecting user into thinking that the decoy document currently open is the original (malicious) document opened by the user.
  • Since the decoy document is a benign file and does not contain any macros the victim does not suspect any malicious behavior.

Implant Analysis

As part of the implant initialization activities the implant does the following;

  • Checks the string passed to it through command line
    • “/haobao” in case of 535f212b320df049ae8b8ebe0a4f93e3bd25ed79
    • “/pumpingcore” in case of e8faa68daf62fbe2e10b3bac775cce5a3bb2999e

If the malware does not find this string in its cmdline arguments, it simply quits without going any further.

  • Unwraps a DLL into memory and calls its one-and-only import using Reflective DLL injection. DLL information.

During our research, we discovered additional variants of the DLL file.


DLL information

 

  • As part of Reflective DLL loading the malware performs the following tasks on the DLL it has unwrapped in memory:
    • Copy the unwrapped DLL into new locations in its own memory space.
    • Build imports required by the DLL (based on the IAT of the DLL)
Imports builder code in malware for the DLL imports
  • Call the newly loaded DLL image’s Entry Point (DllMain) with DLL_PROCESS_ATTACH to complete successful loading of the DLL in the malware process.
DLL Entry Point Call from malware to finish loading of the DLL in memory
  • Call the actual malicious export in the DLL named “CoreDn”
Hardcoded DLL export name “CoreDn” in malware

All the malicious activities described below are performed by the DLL unless specified otherwise.

Data Reconnaissance

The implant has the capability of gathering data from the victim’s system. The following information will be gathered and sent to the command and control server.

  • Computer name and currently logged on user’s name, stored in the format

<ComputerName> \ <Username>

Malware obtaining the computer name and user name
  • List of all processes currently running on the system arranged in format

<Process Name>\r\n

<Process Name>\r\n

<Process Name>\r\n

<Process Name>\r\n

Malware collecting process information from endpoint
  • The presence of a specific registry key on the system

HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

  • The malware appends an indicator (flag) specifying whether the above registry key was found in the user’s registry:

This key is checked again as part of the command and control communication and is sent as a duplicate value to the command and control in the HTTP POST request as well (explained in the below).

Malware checking for the presence of the registry key

Exfiltration

Preparation

In preparation of the exfiltration of information collected from the endpoint, the malware performs the following activities:

  • Encode the collected information using a simple byte based XOR operation using the byte key: 0x34.
  • Base64 encode (standard) the XORed data.
  • Again, check for the presence of the Registry Key: HKCU\Software\Bitcoin\Bitcoin-Qt

 

Command and Control Server Communication

Once the malware has performed all these activities it sends an HTTP POST request to the CnC server:

  • www[dot]worker.co.kr for md5 BDAEDB14723C6C8A4688CC8FC1CFE668
  • www[dot]palgong-cc.co.kr for md5 D4C93B85FFE88DDD552860B148831026

 

In the format:

HTTP POST to www[dot]worker.co.kr

/board2004/Upload/files/main.asp?idx=%d&no=%s&mode=%s

OR

 

HTTP POST to www[dot]palgong-cc.co.kr

/html/course/course05.asp?idx=%d&no=%s&mode=%s

where

idx= 20 (14h) if the Registry key does not exist; 24 (18h) if the key exists.

no= XORed + base64 encoded “<Computername> \ <username>”

mode= XORed + base64 encoded Process listing + Registry key flag

Command and control server domain

Persistence

The persistence mechanism of the malware is performed only for the downloaded implant. Persistence is established for the implant via the visual basic macro code initially executed upon document loading by the victim. This persistence is also performed ONLY if the malware successfully executes the downloaded implant. The malware first tries to update the HKEY_LOCAL_MACHINE registry key.

If the update is unsuccessful then it also tries to update the HKEY_CURRENT_USER registry key. Value written to registry to achieve persistence on the endpoint:

Registry Subkey = Software\Microsoft\Windows\CurrentVersion\Run

Value Name = AdobeFlash

Value Content = “C:\DOCUME~1\<username>\LOCALS~1\Temp\OneDrive.exe” kLZXlyJelgqUpKzP

Registry based persistence of the second stage payload

Connections to 2017 campaigns

The techniques, tactics and procedures are very similar to the campaigns that targeted US Defense contractors, US Energy sector, financial organizations and crypto currency exchanges in 2017.

The same Windows User author appeared back in 2017 in two malicious documents 비트코인_지갑주소_및_거래번호.doc and 비트코인 거래내역.xls which were involved in crypto currency targeting. Furthermore, one of the implants communicates to an IP address that was involved in hosting malicious job description documents in 2017 involving the Sikorsky military program.

McAfee Advanced Threat research determines with confidence that Lazarus is the threat group behind this attack for the following reasons:

  • Contacts an IP address / domain that was used to host a malicious document from a Lazarus previous campaign in 2017
  • Same author appeared in these recent malicious documents that also appeared back in Lazarus 2017 campaigns
  • Uses the same malicious document structure and similar job recruitment ads as what we observed in past Lazarus campaigns
  • The techniques, tactics and procedures align with Lazarus group’s interest in crypto currency theft

Conclusion

In this latest discovery by McAfee ATR, despite a short pause in similar operations, the Lazarus group targets crypto currency and financial organizations. Furthermore, we have observed an increased usage of limited data gathering modules to quickly identify targets for further attacks. This campaign is tailored to identifying those who are running Bitcoin related software through specific system scans.

 

 Indicators of Compromise

MITRE ATT&CK techniques

  • Data encoding
  • Data encrypted
  • Command-Line Interface
  • Account discovery
  • Process Discovery
  • Query registry
  • Hidden files and directories
  • Custom cryptographic protocol
  • Registry Run Keys / Start Folder
  • Startup Items
  • Commonly used port
  • Exfiltration Over Command and Control Channel

IPs

  • 210.122.7.129
  • 70.42.52.80
  • 221.164.168.185

URLs

  • hxxps://dl.dropboxusercontent.com/content_link/AKqkZsJRuxz5VkEgcguqNE7Th3iscMsSYvivwzAYuTZQWDBLsbUb7yBdbW2lHos/file?dl=1
  • hxxps://www.dropbox.com/s/q7w33sbdil0i1w5/job description.doc?dl=1

Hashes

  • dc06b737ce6ada23b4d179d81dc7d910a7dbfdde
  • a79488b114f57bd3d8a7fa29e7647e2281ce21f6
  • 7e70793c1ca82006775a0cac2bd75cc9ada37d7c
  • 535f212b320df049ae8b8ebe0a4f93e3bd25ed79
  • 1dd8eba55b16b90f7e8055edca6f4957efb3e1cd
  • afb2595ce1ecf0fdb9631752e32f0e32be3d51bb
  • e8faa68daf62fbe2e10b3bac775cce5a3bb2999e

McAfee Detection

  • BackDoor-FDRO!
  • Trojan-FPCQ!
  • RDN/Generic Downloader.x
  • RDN/Generic Dropper
  • RDN/Generic.dx

The post Lazarus Resurfaces, Targets Global Banks and Bitcoin Users appeared first on McAfee Blogs.

Cyber Security Roundup for January 2018

2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

In the United States, 
the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.

NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

REPORTS

Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities

Many of the stealthiest cyberthreats out there spawn on underground forums, as malware authors leverage the space to sell unique variants to fellow criminals. And now there’s a new addition to the underground scene. Meet Evrial: a powerful, information-stealing Trojan which is currently for sale for 1,500 Rubles or $27 USD. Its author previously created another variant named CryptoShuffler, which allows cybercriminals to replace the Windows clipboard and steal files from cold cryptocurrency wallets, as well as passwords from programs/browsers. Its successor, Evrial, can steal browser cookies, swoop stored credentials, and monitor the Windows clipboard too — only now it can potentially hijack active cryptocurrency payments and send stolen money directly to a cybercriminal’s address.

Specifically, the Trojan is capable of monitoring the Windows clipboard for certain types of text, and if it detects specific strings, it can modify or even replace them with ones sent by the attacker. This could mean replacing legitimate addresses and URLs with ones under the attacker’s control; a regular Bitcoin address could suddenly become one belonging to a cybercriminal. If the target pastes that address into their app, thinking it’s the legitimate one, and sends Bitcoin, the cyptocurrency will soon be in the hands of the cybercriminal. Mind you, Evrial goes beyond Bitcoin, as it is also configured to detect strings that correspond to Litecoin, Monero, WebMoney, Qiwi addresses and Steam items trade URLs.

Evrial is just one of many Bitcoin-centric news stories lately, as cryptocurrency in general has been on practically everyone’s minds – which begs the question, is there a connection? Is the increased focus on digital currency inciting the creation of malware variants designed specifically to capitalize on Bitcoin’s boom?

In short – yes and no. Historically, cryptocurrencies have been a popular mechanism on underground markets for several years. Other digital currencies were used in the past but presented problems for bad actors due to their centralized nature. However, Blockchain technology, which powers cryptocurrencies like Bitcoin and is designed to be decentralized, allowed bad actors to protect their assets from law enforcement. Noticing this value, criminals on underground markets began to use this to their benefit well before the value of Bitcoin reached $1000+ a coin.

But soon enough Bitcoin value continued to grow and malware authors took notice, as they began to target Bitcoin wallets rather than simply trade in it. Ransomware exploded, holding victim’s files and machines hostage for almost exclusively Bitcoin payment. Malware that was traditionally sold as a scraper (to steal credit card information and passwords) was upgraded to include a cryptocurrency mining feature and was sold at a premium price.

Bad actor adoption of cryptocurrency has been both significant and quick, and notably much faster than the general population. Malware that uses, steals, and is sold with cryptocurrency is now the norm. And now as the general population’s interest in cryptocurrency has exploded, we’ve seen an increase in interest from malware authors as well. This interest has led to new malware behavior, such as Evrial’s ability to scan clipboards for cryptocurrency addresses. It’s had a major impact in how business is done in the underground.

However, it’s important to note that Bitcoin’s popularity presents its own problems. The volatile value has made the buying and selling of illicit goods problematic. Additionally, the pricing of a ransom is now askew. This has forced some markets to move to multi-coin platforms (namely incorporating Monero) as an alternative and some malware families to turn to other alt-coins to mine or steal.

All in all, cryptocurrency is no different than other motivators before it – when cybercriminals find the right opportunity to enhance their profitability, they capitalize on it. And when road blocks emerge, they find ways to maneuver around them. Now, the next step for cyber defenders is to keep their eyes peeled for what’s next, and eventually — outpace cybercriminals entirely.

To learn more about the fight against Evrial and other Trojans like it, be sure to follow us at @McAfee and @McAfee_Labs.

The post Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities appeared first on McAfee Blogs.

Cyber Security Roundup for December 2017

UK supermarket giant Morrisons, lost a landmark data breach court case in December after a disgruntled Morrisons employee had stolen and posted the personal records of 100,000 co-workers online, the supermarket chain was held liable for the data breach by the UK High Court. The High Court ruling now allows those affected to claim compensation for the "upset and distress" caused. Morrisons said it believed it should not have been held responsible and would be appealing against the decision. If the appeal is lost it could open up the possibility of further class action lawsuits cases by individuals. Pending the GDPR becoming law in May 2018, such a court ruling sets a legal precedent for individuals to claim damages after personal data losses by companies through the courts as well. After May 2018, the GDPR grants individuals the right sue companies for damages following personal data breaches. So we can expect 'ambulance chasers' lawyers to pick up on this aspect of the GDPR, with class action lawsuits following data breaches, it well could become the new "P.P.I. industry"

Any businesses or individuals using Kaspersky should be aware the UK National Cyber Security Centre has warned government agencies against using the Russian supplier’s products and services, which follows a ban by US government departments in November. Barclays responded to the warning by stopping their free offering of Kaspersky anti-virus products to its customers. 2017 saw Cyber Security become a political football, so it is no real surprise that the UK and US once again blamed North Korea for the devasting WannaCry attacks earlier in the year, personally, I blame poor patch management and hackers, not the North Korea cyber army!

Nadine Dorries MP got herself in hot water after trying to defend now former political colleague Damian Green, following claims of Mr.Green accessed porn on his Parliment computer. This was activity was reported by a retired Police officer, which was said to be a breach of the data protection act. Nadine tweeted "my staff log onto my computer on my desk with my login everyday" to suggest anyone could have used Damian Green's PC to access the illicit websites. This led to widespread condemnation and a warning by ICO to MPs on password sharing. 

The fact illicit websites were not blocked by Parliament systems is one concerning lack security issue, but the flagrant disregard for basic cybersecurity by government MPs is gobsmacking, especially when you consider they are supposed to be understanding the risk and setting laws to protect UK citizens from cyber attacks and data breaches. Its another "slap palm on head" after the last UK Prime Minister announced he wanted to ban encryption.

2017 has seen huge rises in cryptocurrencies values, which has placed cryptocurrency brokers and user crypto coin wallets in the sights of cybercriminals. This month mining platform NiceHash was breached by hackers, who stole £51 million worth of Bitcoin and Bitcoin exchange Youbit, which lets people buy and sell Bitcoins and other virtual currencies, shut down and filed for bankruptcy after losing 17% of its assets in the cyber-attacks. I think we can expect further cryptocurrencies attacks in 2018 given the cryptocurrency bubble is yet to burst.

Faked LinkedIn profiles are nothing new, however, the German Intelligence Agency (BfV) said it had spotted China were using faked LinkedIn profiles to connect with and gather information on German officials and politicians, which is an interesting development.

Finally, Hackers were reported as taking advantage of poorly secured systems at UK private schools, and it was claimed hackers could turn off heating systems at UK schools and military bases.

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

Weekly Cyber Risk Roundup: Bitcoin Attacks Dominate Headlines, New Phishing Warnings

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers.

2017-12-8_ITT.png

The most impactful incident occurred at the bitcoin mining platform and exchange NiceHash, which said on Wednesday that its payment system was compromised and the bitcoin in its wallet was stolen. NiceHash said it is “working to verify the precise number of BTC taken”; however, news outlets reported that a wallet linked to the attack obtained around 4,736 bitcoin, which is valued at more than $72 million based on Saturday’s price. The company has not released many details about the attack other than that it began after an employee’s computer was compromised.

In addition, researchers warned this week that the increased valuation of bitcoin has led to it becoming one of the top 10 most targeted industries for DDoS attacks. On Monday, Bitfinex said that its services were disrupted by a DDoS attack. On Thursday, Coinbase warned that the explosion of interest in digital currencies was creating “extreme volatility and stress” on its systems and warned its users to invest responsibly as any future downtime could impact their ability to trade.

News outlets also reported that some Bittrex customers who go through the company’s manual verification process but are rejected have received customer support emails that contain the passports details and photographs of other users, although Bittrex has not confirmed the reports.

Finally, the SEC announced that it obtained an emergency asset freeze to halt the Initial Coin Offering PlexCorps after it raised up to $15 million from thousands of investors by falsely promising a 13-fold profit in less than a month’s time.

2017-12-8_ITTGroups

Other trending cybercrime events from the week include:

  • TIO Networks announces breach: PayPal announced a breach at TIO Networks, a payment processor it acquired in July, that affects approximately 1.6 million customers. City Utilities (CU) and Duke Energy have since notified customers that their personal information was compromised due to the breach, as TIO was the provider of the operating system for CU’s payment kiosks and mobile payment app, in addition to being used to process Duke Energy’s in-person payments.
  • Payment card breaches: The Image Group is notifying customers of a temporary vulnerability on its eCommerce platform, Payflow Pro, that made some payment card numbers susceptible to interception while in transit to PayPal. JAM Paper & Envelope is notifying customers of a payment card card breach affecting its website due to unauthorized access by a third party. A payment card breach involving the Royal National Institute for the Blind’s web store affects as many as 817 customers, and around 55 individuals have already reported fraudulent activity as a result of the incident.
  • Extortion attacks: The Alameda County Library is notifying its users that their personal information may have been compromised after it received an extortion email that claimed hackers had gained access to the library’s entire database of users and may sell that information if they weren’t paid a five bitcoin ransom. The Mecklenburg County government in North Carolina said that its computer systems were infected with ransomware that is demanding $23,000 for the encryption key. Mad River Township Fire and EMS Department in Ohio said that years of data related to residents who used EMS or fire services was lost due to a ransomware infection. The fertility clinic CCRM Minneapolis said that nearly 3,300 patients may have had their information compromised due to a ransomware attack.
  • Other notable incidents: The Center for Health Care Services in San Antonio is notifying 28,434 patients that their personal information was stolen by a former employee. The County of Humboldt is notifying current and former employees that the Humboldt County Sheriff’s Office recovered payroll documents from the county. Pulmonary Specialists of Louisville is notifying patients their information may have been compromised due to possible unauthorized access. Virtual keyboard developer Ai.Type, bike sharing company oBike, Real Time Health Quotes, and Stanford University all had data breaches due to accidental data exposure. Baptist Health Louisville, Sinai Health System, and The Henry Ford Health System notified patients of employee email account breaches.
  • Law enforcement actions: Authorities reportedly shut down Leakbase, a service that sold access to more than two billion credentials collected from old data breaches. The Justice Department announced a software developer at the National Security Agency’s Tailored Access Operations has pleaded guilty to removing classified NSA data and later having that data stolen from his personal computer by Russian state-sponsored actors. A Michigan man pleaded guilty to gaining access to the Washtenaw County computer network and altering the electronic records of at least one inmate in an attempt to get the inmate released early. A Missouri man has been sentenced to six years in prison for hacking his former employer, American Crane & Tractor Parts, in order to steal trade secrets.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2017-12-8_ITTNew

Cyber Risk Trends From the Past Week

2017-12-8_RiskScoresPhishing concerns were highlighted once again this past week due to a newly announced vulnerability that allows malicious actors to spoof emails, as well as warnings that phishers are making efforts to appear more legitimate.

A researcher has discovered a collection of bugs in email clients, dubbed “Mailsploit,” that circumvents spoofing protection mechanisms and, in some cases, allows code injection attacks. The vulnerabilities were found in dozens of applications, including Apple Mail, Mozilla Thunderbird, Microsoft Outlook 2016, Yahoo! Mail, ProtonMail, and others.

The bug has been fixed in 10 products and triaged for 8 additional products, the researcher said. In addition, Mozilla and Opera said they won’t fix the bug as they consider it to be a server-side problem; however, Thunderbird developer Jörg Knobloch told Wired that a patch would be made available. DMARC spoofing protection is not attacked directly using Mailsploit,  the researcher said, but rather bypassed by taking advantage of how the clients display the email sender name.

In addition, researchers said that nearly a quarter of all phishing websites are now hosted on HTTPS domains, up from three percent a year ago. The increase is due to both an increased number of HTTPS websites that can be compromised and used to host malicious content, as well as phishers registering HTTPS domains themselves due to their belief that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims. An informal poll conducted by PhishLabs found that more than 80% of the respondents incorrectly believed the green padlock associated with HTTPS websites indicated that a website was either legitimate or safe — when in reality it only means that the connection is encrypted.

Individuals and organizations should be aware that malicious actors continue to leverage exploits like Mailsploit along with more secure-looking websites in order to dupe potential victims via phishing attacks with the goal of installing malware, gaining access to networks, or stealing sensitive data.

Cybercrime Surges in Q3

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

PandaLabs Q3 Report indicates that incidences of cybercrime continue to increase, with 18 million new malware samples captured this quarter – more than 200,000 samples daily.

The Quarter at a Glance

Cybercrime continues to grow at an exponential rate, fuelled by the opportunity for large financial rewards.

Hackers have taken to developing new variants of successful Ransomware such as Locky, and the development of a model known as Ransomware-as-a-Service (RaaS), whereby developers create Ransomware for distributors, these distributors then target and infect victims – allowing both parties to achieve greater profits.

Another key development was the occurrence of DDoS attacks. Most natably that of Cyber Security journalist Brian Krebs. Krebs exposure of vDoS lead to the arrest of its key members and subsequently made Krebs’ site the target of a massive DDoS attack that saw Google step in to restore the site. As one of the largest attack of its kind, hackers leveraged IoT devices to send 620GB of data per second – at its peak – to the site.
graphs_cabecera-mediacenter
This quarter cyber-attacks targeted multiple gaming sites, gaining access to millions of users’ personal information. These attacks were largely launched using botnets composed of smartphones, and effected users of Overwatch, World of Warcraft and Diablo 3. Further attacks saw more than 3.5 million users exposed when Dota 2 and mobile game Clash of the Kings were targeted. These highlight just a few incidences in the Gaming world in the last 3 months.

The Banking sector remained a target for hackers as attacks on ATM’s, POS terminals and Bitcoin wallets continue to become more frequent and more advanced.

A Taiwanese ATM attack this quarter indicated just how advanced cybercriminals have become when they were able to hack the banks internal network and withdraw over R28 million without even touching the ATM itself.

Another big victim was Yahoo – one of the biggest attacks of its kind revealed this quarter indicated that 500 million user accounts had been comprised in a 2014 attack.

Finally, Q3 saw the largest Bitcoin robbery to date, when R 84 billion worth of Bitcoin was stolen by hackers.

View the full PandaLabs Q3 Report for more detail on specific attacks and find out how you can protect yourself and your business from the advanc

The post Cybercrime Surges in Q3 appeared first on CyberSafety.co.za.

Yevgeniy Nikulin hacked LinkedIn and Formspring via Employee VPN

From the indictment against Yevgeniy Nikulin

On October 20, 2016, Radio Free Europe/Radio Liberty announced that they had identified the Russian hacker who was arrested in Prague.  They were the first ones to announce the identify of Yevgeniy Nikulin providing a link to his arrest video:


 Nikulin's arrest video


VPN Hacking?

Two points in the Indictment's "Background" section.  One says "LinkedIn employees were assigned individual credentials by which they could remotely access the LinkedIn Corporate network..  As individual with the initials N.B. worked for LinkedIn at its Mountain View, California headquarters.

... and a couple paragraphs later ,,,

Formspring employees were assigned individual credentials by which they could remotely access the Formspring corporate network.  An individual with the initials J.S. worked for Formspring in its San Francisco, California, headquarters.


The hack of LinkedIn, according to the Indictment, occurred on March 3-4, 2012, during which, Yevgeniy "did knowingly possess and use, without lawful authority, a means of identification of another person, that is, the user name and password assigned to LinkedIn employee N.B., during and in relation to violations of Title 18, USC, Section 1030.

Dropbox was hacked between May 14, 2012 and July 25, 2012, although no mention is made of the technique.  (Motherboard indicates that more than 68 million passwords were stolen in this breach.)

The hack of Formspring was between June 13, 2012 and June 29, 2012, during which the defendant "did knowingly possess and use, without lawful authority, a means of identification of another person, that is, the user name and password assigned to Formspring employee J.S., during and in relation to violations of Title 18, USC, Section 1030.


BitCoin Theft by ChinaBig01

After the indictment was released, as several others users have done, (such as @TalBeerySec of Microsoft Research), we found the allegations that Yevgeniy was involved in other types of crimes, including breaking in to the MySQL Database of a BitCoin "Hedge Fund".

The operator of that site sent this claim to the users:

"Hello,

I wanted to share a very bad news with you. Yesterday, in the middle of the night, someone hacked in to Bitmarket database and managed to modify his account. Then, he withdrew ~610 BTC from the site. He left about 100 BTC in the wallets.

Right now I'm investigating what happened. It seems that he managed to somehow find my administration console for the database, which wasn't under any gueassable name. This console was password protected (a very long, random password) but he still managed to overcome this somehow. I'm still investigating how this could happen. Right now I've removed this console entirely to prevent any further damage, but I'm devastated :(. I wrote a message to the email he registered with (chinabig01@gmail.com) literally begging him to return the stolen BTC. If he has any conscience, maybe he'll give it back. But at the moment we are 600 BTC short, and if this sees the light of day (ie. people want to withdraw more than 92 BTC that's currently in the wallets), we're totally screwed.

I know it's much to ask, but do you have any Bitcoins available right now to fill this gap temporarily? There is a small chance that the thief will give this back, but until then… I really don't know what to do now. I didn't have the luxury to screw up again, and when things started to go on the right track, this happens. All this makes me wanting to kill myself. My hands are shaking right now. I won't do this, because I have people to repay. I hope this turns out good… Sorry, I don't have any other idea right now, I just wanted to be 100% honest with you and inform you on this as soon as I saw what happened. 
"

The author claims that 620 BTC were stolen.  He later offers this link to the alleged purse, controlled by "ChinaBig01@gmail.com" according to him.  You can see the 620 BTC as 1, then 9, then 55.456, then 554.54 being deposit and then removed from this bitcoin address:

http://blockchain.info/en/address/1Lbcfpaw3uHs3iarBqZ12FYeD5vFwNvY49