Category Archives: Cryptocurrencies

Small-Cap Surge Continues as Maker (MKR), Basic Attention Token (BAT) and Zcash (ZEC) Lead Rally

The small-cap cryptocurrencies continued to make the most waves on Thursday, offering yet another glimpse of low-risk, high-reward investment opportunities in the digital asset space. The big […]

The post Small-Cap Surge Continues as Maker (MKR), Basic Attention Token (BAT) and Zcash (ZEC) Lead Rally appeared first on Hacked: Hacking Finance.

Tezos (XTZ) Continues 40% Coinbase Surge After French Finance Minister Namedrops Altcoin

The Tezos coin price saw 40% gains over the past four days, sending XTZ to a new five month high in the process. The surge continued leading […]

The post Tezos (XTZ) Continues 40% Coinbase Surge After French Finance Minister Namedrops Altcoin appeared first on Hacked: Hacking Finance.

Price Prediction for Bitcoin, XRP and Ethereum: Supports are Restored before Spring Break

Summary Bitcoin (BTC) has the support of the market and makes it noticeable. Ethereum (ETH) shows strength to defend, not to win. XRP disappoints and concentrates market […]

The post Price Prediction for Bitcoin, XRP and Ethereum: Supports are Restored before Spring Break appeared first on Hacked: Hacking Finance.

XMR, XTZ and BAT: These Altcoins are Making the Biggest Moves on Wednesday

The cryptocurrency markets pivoted higher midweek, led by an unlikely combination of privacy coins and small-caps, signaling the continuation of the broad rally that began in February. […]

The post XMR, XTZ and BAT: These Altcoins are Making the Biggest Moves on Wednesday appeared first on Hacked: Hacking Finance.

Why Investors Should be Paying Attention to Cindicator

One of the common high-level strategies that investors follow is investing in trends rather than single companies. For example, you could be totally right about the high […]

The post Why Investors Should be Paying Attention to Cindicator appeared first on Hacked: Hacking Finance.

Against the Grain: Bitcoin Cash Rises after Binance Delists Bitcoin SV

Bitcoin cash (BCH) advanced on Tuesday, extending a sharp early-week rally that seems to have been triggered by a broad delisting campaign of bitcoin SV (BSV), the […]

The post Against the Grain: Bitcoin Cash Rises after Binance Delists Bitcoin SV appeared first on Hacked: Hacking Finance.

Litecoin Rallies as Network Hash Rate Approaches All-Time High; More Gains Expected?

Litecoin’s bullish indicators were flashing green on Monday, as the rapid increase in network hash rate signaled growing adoption of the alternative cryptocurrency and paved the way […]

The post Litecoin Rallies as Network Hash Rate Approaches All-Time High; More Gains Expected? appeared first on Hacked: Hacking Finance.

Tezos (XTZ) Re-Tests Yearly Highs as Baking Business Heats Up

Tezos (XTZ), the multi-purpose platform for decentralized applications and smart contracts, climbed double-digits on Sunday to test yearly highs for the second time in two weeks. XTZ […]

The post Tezos (XTZ) Re-Tests Yearly Highs as Baking Business Heats Up appeared first on Hacked: Hacking Finance.

Crypto Update: Key Support Levels in Focus as Bulls Fight for Control

The cryptocurrency segment settled down following yesterday’s steep and broad drop, with the top coins finding support several times near the long-term levels that stopped the plunge […]

The post Crypto Update: Key Support Levels in Focus as Bulls Fight for Control appeared first on Hacked: Hacking Finance.

Some Unexpectedly High-Volume Altcoins for Your Cryptocurrency Portfolio

Recently we dived into the assessment by Bitwise that 95% of the world’s cryptocurrency trade volume is fake. Although this doesn’t take into account the coins changing […]

The post Some Unexpectedly High-Volume Altcoins for Your Cryptocurrency Portfolio appeared first on Hacked: Hacking Finance.

Crypto Market Correction Provides Buy-on-the-Dip Opportunity

Cryptocurrency prices corrected sharply lower on Thursday, snapping a multi-week accumulation phase that pushed the overall market to five-month highs. With bitcoin (BTC) and the major altcoins […]

The post Crypto Market Correction Provides Buy-on-the-Dip Opportunity appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Settle Down After Monday Pullback as EOS Shines

The bullish short-term consolidation continues in the cryptocurrency segment, and following Monday’s pullback, volatility declined even further, with the majors settling down in narrow ranges. While the […]

The post Crypto Update: Coins Settle Down After Monday Pullback as EOS Shines appeared first on Hacked: Hacking Finance.

EOS Price Analysis: EOS Leads Altcoin Resurgence after Coinbase Listing Announcement

EOS led the cryptocurrency market higher on Wednesday and was poised to overtake bitcoin cash (BCH) in the market cap rankings after Coinbase announced it would extend […]

The post EOS Price Analysis: EOS Leads Altcoin Resurgence after Coinbase Listing Announcement appeared first on Hacked: Hacking Finance.

As Global Economy Approaches Crisis Level, Bitcoin Could Be the Answer

Like clockwork, the International Monetary Fund (IMF) has once again slashed its outlook on global economic growth, citing trade tensions, tighter monetary policy and Brexit as the […]

The post As Global Economy Approaches Crisis Level, Bitcoin Could Be the Answer appeared first on Hacked: Hacking Finance.

A Bet on the Future of DEX: Bancor, Kyber and Ox Protocols Examined

Despite the clamour for decentralization, some of the biggest players in the cryptocurrency space are still centralized entities. The most obvious examples are Binance (BNB) and Tether […]

The post A Bet on the Future of DEX: Bancor, Kyber and Ox Protocols Examined appeared first on Hacked: Hacking Finance.

Why Investors Should Be Paying Attention to Raiden Network

A lot of crypto analysis is centered around competition within the crypto industry, but sometimes there are businesses that have gone out of their way to be […]

The post Why Investors Should Be Paying Attention to Raiden Network appeared first on Hacked: Hacking Finance.

The Best Low Risk, High Profit Masternodes for Investors in 2019

Masternodes are an alternative to blockchain mining which, while risky, can offer much greater profitability than mining itself. Unlike with cryptocurrency mining, masternodes usually require little more […]

The post The Best Low Risk, High Profit Masternodes for Investors in 2019 appeared first on Hacked: Hacking Finance.

Crypto Update: Break-Out Continues but Coins Turn Volatile as Litecoin Approaches $100

The unprecedented rally in the cryptocurrency segment continued today, with the overwhelming majority of the top coins surging higher again, and with the relatively strong digital currencies […]

The post Crypto Update: Break-Out Continues but Coins Turn Volatile as Litecoin Approaches $100 appeared first on Hacked: Hacking Finance.

Cardano Price Analysis: ADA Still Undervalued after Flipping USDT

Cardano surged on Wednesday, as the combination of fundamental news, technical progress and a market-wide ‘fear of missing out’ propelled ADA to five-month highs. Despite the year-long […]

The post Cardano Price Analysis: ADA Still Undervalued after Flipping USDT appeared first on Hacked: Hacking Finance.

Top 3 Price Prediction for Bitcoin, Ripple, Ethereum: Why the Crypto Market Goes Up and Will Continue to Do So

Yesterday, the ETH/BTC crypto cross capitulated. The key conditions for moving into bullish mode are now met. What has been raised so far has only been an […]

The post Top 3 Price Prediction for Bitcoin, Ripple, Ethereum: Why the Crypto Market Goes Up and Will Continue to Do So appeared first on Hacked: Hacking Finance.

It’s Not Too Late to Play the Crypto Rally; Here’s How to Capitalize Without FOMO

After months of stability, the cryptocurrency market broke out suddenly on Tuesday, as bitcoin’s (BTC) bullish crossover signaled the end of ‘crypto winter.’ Despite adding nearly $30 […]

The post It’s Not Too Late to Play the Crypto Rally; Here’s How to Capitalize Without FOMO appeared first on Hacked: Hacking Finance.

Bithumb Crypto Exchange Hacked For The Third Time In Consecutive Years

The year 2019 marks the third consecutive year of a hack for the Korean cryptocurrency exchange Bithumb! Once again, the

Bithumb Crypto Exchange Hacked For The Third Time In Consecutive Years on Latest Hacking News.

Cryptocurrency Portfolio Optimization: Coin Bags for 5 Different Types of Holder

Assembling an optimal cryptocurrency portfolio is an open-ended task with many different paths to success. Portfolios are built on a variety of virtues, and the coins held […]

The post Cryptocurrency Portfolio Optimization: Coin Bags for 5 Different Types of Holder appeared first on Hacked: Hacking Finance.

TOP Token Surges over 28% Growth, Just Three Days After Huobi Prime Premiere

TOP Network issued an announcement via Twitter earlier today confirming that TOP seen a 24 hour increase of over 17% in the last 24 hours. TOP Token […]

The post TOP Token Surges over 28% Growth, Just Three Days After Huobi Prime Premiere appeared first on Hacked: Hacking Finance.

Bots and botnets in 2018

Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Yet this is merely the tip of the iceberg, and botnets are used widely not only to carry out DDoS attacks, but to steal various user information, including financial data. The attack scenario usually looks as follows:

  1. An attempt is made to infect a device with malware (if the botmaster’s aim is financial, a Trojan banker is deployed). If successful, the malware-infected device becomes part of the botnet under the control of a C&C center.
  2. The malware on the infected device receives a command from C&C containing the target mask (for example, the URL of an online banking service) and other data required for the attack.
  3. Having received the command, the malware monitors the actions of the user of the infected device and carries out the attack when that user visits a resource that matches the target mask.

Main types of botnet-assisted attacks are:

Unlike DDoS attacks, which affect the web resources of the victim organization, the attacks investigated in this report target the clients of the organization. The result of a successful attack can be:

  • Interception of user credentials
  • Interception of bank card data
  • Substitution of the transaction addressee (for example, the recipient of a banking transaction)
  • Another operation performed without the user’s knowledge, but in their name

Such scenarios are valid not only for the user’s bank accounts, but for other services too, as we shall see later.

Methodology

Kaspersky Lab tracks botnet actions using the Botnet Monitoring technology, which emulates infected computers (bots) to obtain real-time data on the actions of botnet operators.

This analysis includes unique attacks registered by Botnet Monitoring in 2017 and 2018 and revealed by analysis of intercepted bots’ configurational files and C&C command.

The attack target is the URL mask, extracted from the bot configuration file or the intercepted command (for example, the URL mask of an online banking site).

The ‘malware family’ in this report refers to publicly known names of malware, for example, ZeuS, TrickBot (Trickster), Cridex (Dridex, Feodo, Geodo, etc.), Ramnit (Nimnul).

Examples of target masks contained in registered commands

A unique attack in this analysis is taken as the unique combination of the target mask and the malware family (or its modification) that received the attack command. The rest of the data (injected scripts, rules for cryptowallets or URLs substitution, traffic redirection rules, patterns for credentials interception, etc.) were not taken into account when determining the uniqueness of an attack.

Excluded from the analysis are attacks related to company resources engaged in developing anti-malware solutions, since such attacks are security measures undertaken by malware to prevent treatment of an infected device (to prevent downloading of a security solution). Besides, we excluded attacks in which could not uniquely identify the target, i.e. it was impossible to obtain additional information about the target from the target mask (for example, the “* bank *” target of the BetaBot is not included in the analysis).

Only the number of unique attacks is taken into account, and not the total number of attacks of each particular family, because different families may receive commands with different frequencies.

The results are based on an analysis of commands from more than 60,000 different C&C centers linked to 150 malware families and their modifications.

Statistics

The total number of unique attacks on clients of organizations registered by Botnet Monitoring technology in 2018 fell by 23.46% against the previous year (from 20 009 attacks in 2017 to 15 314 in 2018).

At the same time, 39.35% of the attacks we observed in 2018 were new, that is, the combination of the target mask and the family that received the attack command was not encountered in 2017. This is linked to both the emergence of new bankers (Danabot, BackSwap) and the desire of malware creators to change their target scope.

The geography of attacks’ targets in 2017 covered 111 countries; in 2018, attempts were made to attack clients of organizations in 101 countries.

Cybercriminals’ targets

To start with, we will examine the clients of which organizations are cybercriminals’ preferred targets.

In 2017, the largest share of attack targets belonged to the Financial Services category (77.44%). This includes online banking services, multibanking services, online stores, and other resources related to financial transactions (not including cryptocurrencies). This result is to be expected due to the greatest potential gains for the cybercriminals, who in the event of a successful attack gain direct access to the victim’s finances.

In second place by number of unique attacks is the Global Portals and Social Networks category (6.15%), which includes search engines, email services, and social networks. Search engines are placed in this group, because typically the main page of such systems provides a mailbox login form through which intruders try to steal credentials using the types of attacks described above.

Third place in our ranking goes to resources that provide various products and services (5.08%), but are not online stores. For example, hosting providers. In this case, as in the first category, the target is victims’ payment details. These resources are assigned to a separate group, since they offer a specific product or service, which indicates how precise the cybercriminals’ targeting can be.

Distribution of the number of unique attacks by attack target, 2017

Distribution of the number of unique attacks by attack target, 2018

In 2018, there were minor changes in the Top 3 targets of attacks on clients of various organizations. Interestingly, the share of unique attacks on financial services dropped by 3.51 p.p. to 73.93%.

The target mask received by the bot nearly always contains a domain or part of one. After analyzing the domains of masks pertaining to financial organizations (banks, investment, credit, pension institutions, etc.), we compiled a map of organizations whose clients were attacked by bots in 2018. The map indicates the numbers of financial organization domains observed in commands sent to bots.

It should be noted that one organization can own several domains, for example, divided according to a country’s territories.

Domain map of financial organizations observed in target masks, 2018

2018 saw a rise in botmasters’ interest in cryptocurrencies: The number of unique attacks on users linked to cryptocurrency services (exchanges, cryptocurrency wallets, etc.) increased, with their share more than tripling (up 4.95 p.p.) to 7.25%.

Cybercriminals actively tried to monetize interest in cryptocurrencies and obtain data from victims to steal funds. The majority of attacks that we detected on users of cryptocurrency services featured Ramnit Banker (53%). In addition, the Chthonic and Panda bankers, both modifications of the notorious ZeuS banker, dramatically increased the number of unique masks linked to cryptocurrency wallets and exchanges. The CapCoiner Trojan, which specifically targets such resources, also displayed major activity in this area.

Distribution of Trojans families by share of attacks on users of cryptocurrency services, 2018

Geography of attack targets

Note: If the target mask contains a TLD (top-level domain) that can be used to determine the country, this country is entered in the statistics. If the country cannot be determined from the TLD (for example, .com), the country where the organization’s headquarters are located is entered in the statistics.

In 2018, the ranking of Top 10 countries by number of unique target masks changed order, but not composition. As in the previous year, clients of organizations in the US were the most frequent targets of attacks in 2018.

2017 2018
1 United States 31.29% United States 34.84%
2 Germany 11.15% Britain 9.97%
3 Britain 9.20% Italy 7.46%
4 Italy 7.52% Canada 6.16%
5 Canada 6.96% Germany 3.88%
6 Australia 4.67% Spain 3.14%
7 France 4.57% Switzerland 3.04%
8 Spain 2.87% France 3.02%
9 China 2.50% Australia 2.29%
10 Switzerland 2.17% China 2.11%

In 2018, the share of unique attacks on clients of organizations located in Germany fell significantly. This is because in 2017 most of these attacks were carried out by BetaBot (almost 75% of all registered unique attacks), while in 2018 its share barely exceeded 1.5%. Even with Danabot attacks registered in 2018 on clients of German banks, Germany still couldn’t retain second place in our ranking.

Geography of attack targets, 2017

Among the other changes observed was a decline in the share of attacked clients of Australian organizations from 4.67% to 2.29%. Almost all bots reduced the number of unique masks focused on Australia. For instance, among the Gozi banker attacks we observed in 2018, there were practically none against clients of financial organizations in Australia, whereas in 2017 they accounted for more than 90% of registered attacks by this malware.

Geography of attack targets, 2018

But it’s not all good news. Many varieties of malware expanded their geography: In 2018, the Trickster (TrickBot) banker added no fewer than 11 countries to its target list, while the SpyEye Trojan and the IcedID banker picked up 9 and 5 more countries, respectively.

Unsurprisingly, the most frequently attacked users of cryptocurrency services were located in the US, Luxembourg, and China, since many cryptocurrency services are registered in these countries. In addition, the number of attacks in 2018 on users of services registered in Britain, Singapore, Estonia, South Korea, and Switzerland climbed significantly.

Geography of cryptocurrency services whose users were attacked, 2017

Geography of cryptocurrency services whose users were attacked, 2018

Geography of C&C centers

This section gives statistics on the geography of botnet C&C centers that sent commands to launch an attack.

In 2017, the largest slice of C&C centers was located in Ukraine (24.25%), with almost 60% of them made up of C&C servers for the abovementioned Gozi banker.

Geography of C&C centers in 2017

In 2018, Russia (29.61%) was top of the leaderboard by number of C&C centers directing attacks against clients of various organizations. More than half (54%) of these C&C centers were used by the Panda banker.

Geography of C&C centers, 2018

Most active families

BetaBot

Trojan Banker BetaBot accounted for 13.25% of all unique attacks in 2018.

Geography of BetaBot targets, 2018

Key features (shares relative to the number of unique BetaBot attacks):

  • Geography of targets: 42 countries
  • Most attacked countries: US (73.60%), China (6.35%), Britain (6.11%)
  • Most attacked categories of organizations: Financial Services (37.43%), Global Portals and Social Networks (18.16%)

Trickster (TrickBot)

The TrickBot banker accounted for 12.85% of all unique attacks in 2018.

Geography of TrickBot targets, 2018

Key features (shares relative to the number of unique TrickBot attacks):

  • Geography of targets: 65 countries
  • Most attacked countries: Britain (11.02%), US (9.34%), Germany (7.99%)
  • Most attacked categories of organizations: Financial Services (96.97%), Cryptocurrency Services (1.72%)

Panda

The Panda banker accounted for 9.84% of all unique attacks in 2018.

Geography of Panda targets, 2018

Key features (shares relative to the number of unique Panda attacks):

  • Geography of targets: 33 countries
  • Most attacked countries: Canada (24.89%), US (22.93%), Italy (17.90%)
  • Most attacked categories of organizations: Financial Services (80.88%), Cryptocurrency Services (10.26%)

SpyEye

SpyEye accounted for 8.05% of all unique attacks in 2018.

Geography of SpyEye targets, 2018

Key features (shares relative to the number of unique SpyEye attacks):

  • Geography of targets: 32 countries
  • Most attacked countries: US (35.01%), Britain (14.38%), Germany (13.57%)
  • Most attacked categories of organizations: Financial Services (98.04%)

Ramnit

Ramnit accounted for 7.97% of all unique attacks in 2018 registered by Botnet Monitoring. Ramnit’s impressive geography covers 66 countries.

Geography of Ramnit targets, 2018

Key features (shares relative to the number of unique Ramnit attacks):

  • Geography of targets: 66 countries
  • Most attacked countries: Britain (25.70%), US (20.12%), China (7.78%)
  • Most attacked categories of organizations: Financial Services (47.76%), Cryptocurrency Services (46.83%)

Conclusion

Our analysis of commands issued to attack clients of organizations in 2018 identified the following main trends:

  • The reduction in the total number of registered unique attacks may indicate cybercriminals’ preference to create target masks that cover a large number of resources of one organization and stay relevant for a prolonged period.
  • Absolute majority of attacks still targets financial organizations and their clients.
  • The number of attacks on clients of cryptocurrency services increased significantly (compared to 2017). The number of such attacks is not expected to fall; on the contrary, it may rise given that more and more bots are deploying web injections against such resources.
  • New target masks are proliferating. Cybercriminals are adding new, previously unencountered targets as well as modifying old masks to cover more websites where user data or money can be stolen.

Securelist: Bots and botnets in 2018

Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Yet this is merely the tip of the iceberg, and botnets are used widely not only to carry out DDoS attacks, but to steal various user information, including financial data. The attack scenario usually looks as follows:

  1. An attempt is made to infect a device with malware (if the botmaster’s aim is financial, a Trojan banker is deployed). If successful, the malware-infected device becomes part of the botnet under the control of a C&C center.
  2. The malware on the infected device receives a command from C&C containing the target mask (for example, the URL of an online banking service) and other data required for the attack.
  3. Having received the command, the malware monitors the actions of the user of the infected device and carries out the attack when that user visits a resource that matches the target mask.

Main types of botnet-assisted attacks are:

Unlike DDoS attacks, which affect the web resources of the victim organization, the attacks investigated in this report target the clients of the organization. The result of a successful attack can be:

  • Interception of user credentials
  • Interception of bank card data
  • Substitution of the transaction addressee (for example, the recipient of a banking transaction)
  • Another operation performed without the user’s knowledge, but in their name

Such scenarios are valid not only for the user’s bank accounts, but for other services too, as we shall see later.

Methodology

Kaspersky Lab tracks botnet actions using the Botnet Monitoring technology, which emulates infected computers (bots) to obtain real-time data on the actions of botnet operators.

This analysis includes unique attacks registered by Botnet Monitoring in 2017 and 2018 and revealed by analysis of intercepted bots’ configurational files and C&C command.

The attack target is the URL mask, extracted from the bot configuration file or the intercepted command (for example, the URL mask of an online banking site).

The ‘malware family’ in this report refers to publicly known names of malware, for example, ZeuS, TrickBot (Trickster), Cridex (Dridex, Feodo, Geodo, etc.), Ramnit (Nimnul).

Examples of target masks contained in registered commands

A unique attack in this analysis is taken as the unique combination of the target mask and the malware family (or its modification) that received the attack command. The rest of the data (injected scripts, rules for cryptowallets or URLs substitution, traffic redirection rules, patterns for credentials interception, etc.) were not taken into account when determining the uniqueness of an attack.

Excluded from the analysis are attacks related to company resources engaged in developing anti-malware solutions, since such attacks are security measures undertaken by malware to prevent treatment of an infected device (to prevent downloading of a security solution). Besides, we excluded attacks in which could not uniquely identify the target, i.e. it was impossible to obtain additional information about the target from the target mask (for example, the “* bank *” target of the BetaBot is not included in the analysis).

Only the number of unique attacks is taken into account, and not the total number of attacks of each particular family, because different families may receive commands with different frequencies.

The results are based on an analysis of commands from more than 60,000 different C&C centers linked to 150 malware families and their modifications.

Statistics

The total number of unique attacks on clients of organizations registered by Botnet Monitoring technology in 2018 fell by 23.46% against the previous year (from 20 009 attacks in 2017 to 15 314 in 2018).

At the same time, 39.35% of the attacks we observed in 2018 were new, that is, the combination of the target mask and the family that received the attack command was not encountered in 2017. This is linked to both the emergence of new bankers (Danabot, BackSwap) and the desire of malware creators to change their target scope.

The geography of attacks’ targets in 2017 covered 111 countries; in 2018, attempts were made to attack clients of organizations in 101 countries.

Cybercriminals’ targets

To start with, we will examine the clients of which organizations are cybercriminals’ preferred targets.

In 2017, the largest share of attack targets belonged to the Financial Services category (77.44%). This includes online banking services, multibanking services, online stores, and other resources related to financial transactions (not including cryptocurrencies). This result is to be expected due to the greatest potential gains for the cybercriminals, who in the event of a successful attack gain direct access to the victim’s finances.

In second place by number of unique attacks is the Global Portals and Social Networks category (6.15%), which includes search engines, email services, and social networks. Search engines are placed in this group, because typically the main page of such systems provides a mailbox login form through which intruders try to steal credentials using the types of attacks described above.

Third place in our ranking goes to resources that provide various products and services (5.08%), but are not online stores. For example, hosting providers. In this case, as in the first category, the target is victims’ payment details. These resources are assigned to a separate group, since they offer a specific product or service, which indicates how precise the cybercriminals’ targeting can be.

Distribution of the number of unique attacks by attack target, 2017

Distribution of the number of unique attacks by attack target, 2018

In 2018, there were minor changes in the Top 3 targets of attacks on clients of various organizations. Interestingly, the share of unique attacks on financial services dropped by 3.51 p.p. to 73.93%.

The target mask received by the bot nearly always contains a domain or part of one. After analyzing the domains of masks pertaining to financial organizations (banks, investment, credit, pension institutions, etc.), we compiled a map of organizations whose clients were attacked by bots in 2018. The map indicates the numbers of financial organization domains observed in commands sent to bots.

It should be noted that one organization can own several domains, for example, divided according to a country’s territories.

Domain map of financial organizations observed in target masks, 2018

2018 saw a rise in botmasters’ interest in cryptocurrencies: The number of unique attacks on users linked to cryptocurrency services (exchanges, cryptocurrency wallets, etc.) increased, with their share more than tripling (up 4.95 p.p.) to 7.25%.

Cybercriminals actively tried to monetize interest in cryptocurrencies and obtain data from victims to steal funds. The majority of attacks that we detected on users of cryptocurrency services featured Ramnit Banker (53%). In addition, the Chthonic and Panda bankers, both modifications of the notorious ZeuS banker, dramatically increased the number of unique masks linked to cryptocurrency wallets and exchanges. The CapCoiner Trojan, which specifically targets such resources, also displayed major activity in this area.

Distribution of Trojans families by share of attacks on users of cryptocurrency services, 2018

Geography of attack targets

Note: If the target mask contains a TLD (top-level domain) that can be used to determine the country, this country is entered in the statistics. If the country cannot be determined from the TLD (for example, .com), the country where the organization’s headquarters are located is entered in the statistics.

In 2018, the ranking of Top 10 countries by number of unique target masks changed order, but not composition. As in the previous year, clients of organizations in the US were the most frequent targets of attacks in 2018.

2017 2018
1 United States 31.29% United States 34.84%
2 Germany 11.15% Britain 9.97%
3 Britain 9.20% Italy 7.46%
4 Italy 7.52% Canada 6.16%
5 Canada 6.96% Germany 3.88%
6 Australia 4.67% Spain 3.14%
7 France 4.57% Switzerland 3.04%
8 Spain 2.87% France 3.02%
9 China 2.50% Australia 2.29%
10 Switzerland 2.17% China 2.11%

In 2018, the share of unique attacks on clients of organizations located in Germany fell significantly. This is because in 2017 most of these attacks were carried out by BetaBot (almost 75% of all registered unique attacks), while in 2018 its share barely exceeded 1.5%. Even with Danabot attacks registered in 2018 on clients of German banks, Germany still couldn’t retain second place in our ranking.

Geography of attack targets, 2017

Among the other changes observed was a decline in the share of attacked clients of Australian organizations from 4.67% to 2.29%. Almost all bots reduced the number of unique masks focused on Australia. For instance, among the Gozi banker attacks we observed in 2018, there were practically none against clients of financial organizations in Australia, whereas in 2017 they accounted for more than 90% of registered attacks by this malware.

Geography of attack targets, 2018

But it’s not all good news. Many varieties of malware expanded their geography: In 2018, the Trickster (TrickBot) banker added no fewer than 11 countries to its target list, while the SpyEye Trojan and the IcedID banker picked up 9 and 5 more countries, respectively.

Unsurprisingly, the most frequently attacked users of cryptocurrency services were located in the US, Luxembourg, and China, since many cryptocurrency services are registered in these countries. In addition, the number of attacks in 2018 on users of services registered in Britain, Singapore, Estonia, South Korea, and Switzerland climbed significantly.

Geography of cryptocurrency services whose users were attacked, 2017

Geography of cryptocurrency services whose users were attacked, 2018

Geography of C&C centers

This section gives statistics on the geography of botnet C&C centers that sent commands to launch an attack.

In 2017, the largest slice of C&C centers was located in Ukraine (24.25%), with almost 60% of them made up of C&C servers for the abovementioned Gozi banker.

Geography of C&C centers in 2017

In 2018, Russia (29.61%) was top of the leaderboard by number of C&C centers directing attacks against clients of various organizations. More than half (54%) of these C&C centers were used by the Panda banker.

Geography of C&C centers, 2018

Most active families

BetaBot

Trojan Banker BetaBot accounted for 13.25% of all unique attacks in 2018.

Geography of BetaBot targets, 2018

Key features (shares relative to the number of unique BetaBot attacks):

  • Geography of targets: 42 countries
  • Most attacked countries: US (73.60%), China (6.35%), Britain (6.11%)
  • Most attacked categories of organizations: Financial Services (37.43%), Global Portals and Social Networks (18.16%)

Trickster (TrickBot)

The TrickBot banker accounted for 12.85% of all unique attacks in 2018.

Geography of TrickBot targets, 2018

Key features (shares relative to the number of unique TrickBot attacks):

  • Geography of targets: 65 countries
  • Most attacked countries: Britain (11.02%), US (9.34%), Germany (7.99%)
  • Most attacked categories of organizations: Financial Services (96.97%), Cryptocurrency Services (1.72%)

Panda

The Panda banker accounted for 9.84% of all unique attacks in 2018.

Geography of Panda targets, 2018

Key features (shares relative to the number of unique Panda attacks):

  • Geography of targets: 33 countries
  • Most attacked countries: Canada (24.89%), US (22.93%), Italy (17.90%)
  • Most attacked categories of organizations: Financial Services (80.88%), Cryptocurrency Services (10.26%)

SpyEye

SpyEye accounted for 8.05% of all unique attacks in 2018.

Geography of SpyEye targets, 2018

Key features (shares relative to the number of unique SpyEye attacks):

  • Geography of targets: 32 countries
  • Most attacked countries: US (35.01%), Britain (14.38%), Germany (13.57%)
  • Most attacked categories of organizations: Financial Services (98.04%)

Ramnit

Ramnit accounted for 7.97% of all unique attacks in 2018 registered by Botnet Monitoring. Ramnit’s impressive geography covers 66 countries.

Geography of Ramnit targets, 2018

Key features (shares relative to the number of unique Ramnit attacks):

  • Geography of targets: 66 countries
  • Most attacked countries: Britain (25.70%), US (20.12%), China (7.78%)
  • Most attacked categories of organizations: Financial Services (47.76%), Cryptocurrency Services (46.83%)

Conclusion

Our analysis of commands issued to attack clients of organizations in 2018 identified the following main trends:

  • The reduction in the total number of registered unique attacks may indicate cybercriminals’ preference to create target masks that cover a large number of resources of one organization and stay relevant for a prolonged period.
  • Absolute majority of attacks still targets financial organizations and their clients.
  • The number of attacks on clients of cryptocurrency services increased significantly (compared to 2017). The number of such attacks is not expected to fall; on the contrary, it may rise given that more and more bots are deploying web injections against such resources.
  • New target masks are proliferating. Cybercriminals are adding new, previously unencountered targets as well as modifying old masks to cover more websites where user data or money can be stolen.


Securelist

A Case for Platform Altcoins: Why Now is the Best Time to Invest

People who put their money in platform altcoins during 2017 and 2018 got burned more than those who invested in standard functional cryptocurrencies. Bitcoin fell 84% from […]

The post A Case for Platform Altcoins: Why Now is the Best Time to Invest appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple’s Failed Break-Down Leads to Rally Attempt

Harsh trading conditions continue to dominate the cryptocurrency segment, with still no clear directional momentum. After several days of bearish drift, the majors turned higher in a […]

The post Crypto Update: Ripple’s Failed Break-Down Leads to Rally Attempt appeared first on Hacked: Hacking Finance.

Hidden Cryptocurrency Gems: 4 Terrific Altcoins with Little to No Marketing Budget

Some cryptocurrencies remain relatively unknown for a good reason – they usually bring nothing new to the table, or are mere copies of existing successful projects like […]

The post Hidden Cryptocurrency Gems: 4 Terrific Altcoins with Little to No Marketing Budget appeared first on Hacked: Hacking Finance.

Cryptocurrency businesses still being targeted by Lazarus

It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection.

In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s focus on cryptocurrency exchanges utilizing a fake company with a backdoored product aimed at cryptocurrency businesses. One of the key findings was the group’s new ability to target macOS. Since then Lazarus has been busy expanding its operations for the platform.

Further tracking of their activities targeting the financial sector enabled us to discover a new operation, active since at least November 2018, which utilizes PowerShell to control Windows systems and macOS malware for Apple users.


Infection procedure

Lazarus is a well-organized group, something that can be seen from their malware population: not only have we seen them build redundancy to reserve some malware in case of in-operation hot spare replacement of ‘burnt’ (detected) samples but they also conform to specific internal standards and protocols when developing backdoors. This case is no different. They have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator. The C2 server script names are disguised as WordPress (popular blog engine) files as well as those of other popular open source projects. After establishing the malware control session with the server, the functionality provided by the malware includes:

  • Set sleep time (delay between C2 interactions)
  • Exit malware
  • Collect basic host information
  • Check malware status
  • Show current malware configuration
  • Update malware configuration
  • Execute system shell command
  • Download & Upload files

Lazarus uses different tactics to run its C2 servers: from purchasing servers to using hacked ones. We have seen some legitimate-looking servers that are most likely compromised and used in malicious campaigns. According to server response headers, they are most likely running an old vulnerable instance of Internet Information Services (IIS) 6.0 on Microsoft Windows Server 2003. Another C2 server was probably purchased by Lazarus from a hosting company and used to host macOS and Windows payloads. The geography of the servers varies, from China to the European Union. But why use two different types of servers? The group seems to have a rule (at least in this campaign) to only host malware on rented servers, while hosting C2 scripts for malware communication on compromised servers.


Infrastructure segregation by purpose

The malware was distributed via documents carefully prepared to attract the attention of cryptocurrency professionals. Seeing as how some of the documents were prepared in Korean, we believe that South Korean businesses are a high priority for Lazarus. One document entitled ‘Sample document for business plan evaluation of venture company’ (translated from Korean) looks like this:


Content of weaponized document from Lazarus (4cbd45fe6d65f513447beb4509a9ae3d)

Another macro-weaponized document (e9a6a945803722be1556fd120ee81199) contains a business overview of what seems to be a Chinese technology consulting group named LAFIZ. We couldn’t confirm if it’s a legitimate business or another fake company made up by Lazarus. Their website lafiz[.]link has been parked since 2017.


Contents of another weaponized document (e9a6a945803722be1556fd120ee81199)

Based on our telemetry, we found a cryptocurrency exchange company attacked with a malicious document containing the same macro. The document’s content provided information for coin listings with a translation in Korean:


Content of another weaponized document (6a0f3abd05bc75edbfb862739865a4cc)

The payloads show that Lazarus keeps exploring more ways to evade detection to stay under the radar longer. The group builds malware for 32-bit and 64-bit Windows separately to support both platforms and have more variety in terms of compiled code. The Windows payloads distributed from the server (nzssdm[.]com) hosting the Mac malware have a CheckSelf export function, and one of them (668d5b5761755c9d061da74cb21a8b75) has the internal name ‘battle64.dll’. From that point we managed to find additional Windows malware samples containing the CheckSelf export function and an internal name containing the word ‘battle’.

These Windows malware samples were delivered using malicious HWP (Korean Hangul Word Processor format) documents exploiting a known PostScript vulnerability. It should be noted that HWP documents are only popular among Korean users (Hangul Word Processor was developed in South Korea) and we have witnessed several attacks using the same method.


Connection with previous HWP attacks

It’s no secret that Apple products are now very popular among successful internet startups and fintech companies, and this is why the malicious actor built and used macOS malware. While investigating earlier Lazarus incidents, we anticipated this actor would eventually expand its attacks to macOS.

It appears that Lazarus is using the same developers to expand to other platforms, because some of the features have remained consistent as its malware evolves.


Overlap of current campaign and previous hwp-based attack cases

We’d therefore like to ask Windows and macOS users to be more cautious and not fall victim to Lazarus. If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems. It’s best to check new software with an antivirus or at least use popular free virus-scanning services such as VirusTotal. And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources. Avoid being infected by fake or backdoored software from Lazarus – if you need to try out new applications, it’s better do so offline or on an isolated network virtual machine which you can erase with a few clicks. We’ll continue posting on Lazarus’s latest tactics and tricks in our blog. In the meantime, stay safe!

For more details on this and other research, please contact intelreports@kaspersky.com.

File Hashes:

Malicious office document used in real attack
4cbd45fe6d65f513447beb4509a9ae3d 샘플_기술사업계획서(벤처기업평가용).doc
6a0f3abd05bc75edbfb862739865a4cc 문의_Evaluation Table.xls

Testing office document
29a37c6d9fae5664946c6607f351a8dc list.doc
e9a6a945803722be1556fd120ee81199 list.doc
a18bc8bc82bca8245838274907e64631 list.doc

macOS malware
4345798b2a09fc782901e176bd0c69b6

PowerShell script
cb713385655e9af0a2fc10da5c0256f5 test.ps1
e6d5363091e63e35490ad2d76b72e851 test.ps1 – It does not contain URLs.
Da4981df65cc8b5263594bb71a0720a1

Windows executable payload
171b9135540f89bf727b690b9e587a4e wwtm.dat
668d5b5761755c9d061da74cb21a8b75 wwtm.dat
ad3f966d48f18b5e7b23a579a926c7e8

Manuscrypt payload
35e38d023b253c0cd9bd3e16afc362a7
72fe869aa394ef0a62bb8324857770dd
86d3c1b354ce696e454c42d8dc6df1b7
5182e7a2037717f2f9bbf6ba298c48fb

Malicious hwp file
F392492ef5ea1b399b4c0af38810b0d6 일일동향보고_180913.hwp
0316f6067bc02c23c1975d83c659da21 국가핵심인력등록관리제등검토요청(10.16)(김경환변호사).hwp

Domains and IPs

Compromised first stage C2 server
http://bluecreekrobotics[.]com/wp-includes/common.php
http://dev.microcravate[.]com/wp-includes/common.php
http://dev.whatsyourcrunch[.]com/wp-includes/common.php
http://enterpriseheroes.com[.]ng/wp-includes/common.php
http://hrgp.asselsolutions[.]com/wp-includes/common.php
https://baseballcharlemagnelegardeur[.]com/wp-content/languages/common.php
https://bogorcenter[.]com/wp-content/themes/index2.php
https://eventum.cwsdev3.bi[.]com/wp-includes/common.php
https://streamf[.]ru/wp-content/index2.php
https://towingoperations[.]com/chat/chat.php
https://vinhsake[.]com//wp-content/uploads/index2.php
https://www.tangowithcolette[.]com/pages/common.php

Second stage C2 server
http://115.28.160[.]20:443 – Compromised server

Malware hosting server
http://nzssdm[.]com/assets/wwtm.dat – Windows payload distribution URL
http://nzssdm[.]com/assets/mt.dat – Mac payload distribution URL

How to Prepare for the Next Global Recession

Whether you want to hear this or not, there are significant signs of a potential global recession. Many central banks are quickly shifting their tone and backtracking. […]

The post How to Prepare for the Next Global Recession appeared first on Hacked: Hacking Finance.

Optimize Your Cryptocurrency Portfolio: 7 Altcoin Types You Must Own Before The Surge

Although a rising tide lifts all boats, it may be prudent to consider what type of altcoins you choose for your cryptocurrency portfolio before the next major […]

The post Optimize Your Cryptocurrency Portfolio: 7 Altcoin Types You Must Own Before The Surge appeared first on Hacked: Hacking Finance.

How to Capitalize on Proof of Stake: Five Upcoming POS Projects that Could Shake Up Crypto

The launch of Cosmos’ mainnet earlier this month shined the spotlight on a long-standing debate within the crypto community – namely, whether the emerging proof-of-stake (POS) consensus […]

The post How to Capitalize on Proof of Stake: Five Upcoming POS Projects that Could Shake Up Crypto appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Rebound as Bearish Momentum Fades

The major cryptocurrencies are showing signs of stability today, despite yesterday’s broad-based sell-off, and although the top coins are only sporting modest gains, a sharp downswing has […]

The post Crypto Update: Coins Rebound as Bearish Momentum Fades appeared first on Hacked: Hacking Finance.

Binance Coin: BNB Presents Another Opportunity for Interested Buyers

Binance Coin has recently cooled by some 13%, back to a critical near-term area of support, ahead of further leaps north. BNB/USDT presents an opportunity for buying […]

The post Binance Coin: BNB Presents Another Opportunity for Interested Buyers appeared first on Hacked: Hacking Finance.

Litecoin Price Analysis: There is Still Opportunity to Grab Some LTC Before it Shoots Back to $100 and Beyond

Litecoin (LTC) price has a minor technical pullback ahead of further potential leaps into the sky. There appear to be just three significant price barriers that are […]

The post Litecoin Price Analysis: There is Still Opportunity to Grab Some LTC Before it Shoots Back to $100 and Beyond appeared first on Hacked: Hacking Finance.

XRP Price Analysis: XRP/USD Trading Around the Bargain Buying Zone

Ripple’s XRP bulls are sleeping within consolidation mode, as price action immensely narrows, ahead of the next fully committed direction. XRP/USD is trading just above a big […]

The post XRP Price Analysis: XRP/USD Trading Around the Bargain Buying Zone appeared first on Hacked: Hacking Finance.

Student Becomes Master as Ontology Overtakes NEO; ONT Price Keeps Climbing

Ontology (ONT) just overtook its former parent chain, NEO (NEO) for the first time ever. Ontology was one of the first tokens to launch on the NEO […]

The post Student Becomes Master as Ontology Overtakes NEO; ONT Price Keeps Climbing appeared first on Hacked: Hacking Finance.

Ravencoin Voted ‘Most Exciting New Coin’ as RVN Coin Price Leaps 37%

Ravencoin was granted the award of ‘Most Exciting New Coin’ in the ADVFN International Finance Awards for 2019. The RVN coin price surged to the tune of […]

The post Ravencoin Voted ‘Most Exciting New Coin’ as RVN Coin Price Leaps 37% appeared first on Hacked: Hacking Finance.

Bitcoin Cash Price Analysis: U.S. Electronics Giant Avnet to Accept BCH; Price Action has Cooled but Subject to Further Buying Pressure

Nasdaq listed electronics giant Avnet is set to start accepting Bitcoin Cash and Bitcoin as a method of payment.  BCH/USD price is consolidating after a decent push […]

The post Bitcoin Cash Price Analysis: U.S. Electronics Giant Avnet to Accept BCH; Price Action has Cooled but Subject to Further Buying Pressure appeared first on Hacked: Hacking Finance.

Cardano’s Run North Continues as CoinMarketCap Gives ADA an ‘A’ Grade

After a brief pause, Cardano (ADA) continued higher Wednesday following a successful mainnet upgrade and positive speculation linking the cryptocurrency to a potential Coinbase listing. A solid […]

The post Cardano’s Run North Continues as CoinMarketCap Gives ADA an ‘A’ Grade appeared first on Hacked: Hacking Finance.

Rise of the Small-Caps: Tezos, Zcash, VeChain Surge as Majors Stagnate

As the top cryptocurrencies stagnated Wednesday, a group of prominent small caps put up big gains through the morning session, once again highlighting the ‘decoupling effect’ between […]

The post Rise of the Small-Caps: Tezos, Zcash, VeChain Surge as Majors Stagnate appeared first on Hacked: Hacking Finance.

Ethereum Price Analysis: Core Developers Eye ASIC-Resistant Algorithm ProgPoW Integration

The Ethereum core developer team discussed in their most recent meeting the integration of an ASIC-resistant algorithm, ProgPoW. ETH/USD price action is within consolidation mode; a formation […]

The post Ethereum Price Analysis: Core Developers Eye ASIC-Resistant Algorithm ProgPoW Integration appeared first on Hacked: Hacking Finance.

Monart – A Unique Project Combining Both Art and Cryptocurrency

Blockchain has become a big buzz word for businesses looking to transform certain industries.  Although J.P. Morgan’s Jamie Dimon gained notoriety for bashing Bitcoin as a fraud, […]

The post Monart – A Unique Project Combining Both Art and Cryptocurrency appeared first on Hacked: Hacking Finance.

Zcash Price Analysis: Faster and More Energy Efficient ZEC Miner Released by Bitmain

The mining giant, Bitmain, launched a newly upgraded miner for Zcash (ZEC). It is said to be three times more efficient. ZEC/USD bulls are enjoying a rally […]

The post Zcash Price Analysis: Faster and More Energy Efficient ZEC Miner Released by Bitmain appeared first on Hacked: Hacking Finance.

Monero Price Analysis: Despite Greater Support, XMR Price is Struggling to Break Free

XMR/USD has been stuck trading within the confinements of a horizontal wedge pattern formation since early December 2018. Trezor, the crypto-security hard wallet provider, announced its upcoming […]

The post Monero Price Analysis: Despite Greater Support, XMR Price is Struggling to Break Free appeared first on Hacked: Hacking Finance.

Stellar Price Analysis: XLM/USD Jumps 10% as IBM Launches Stellar-Powered World Wire Platform

XLM/USD late on Monday was holding double-digit gains, as the price broke down a significant barrier of resistance. Information technology giant IBM has launched the World Wire […]

The post Stellar Price Analysis: XLM/USD Jumps 10% as IBM Launches Stellar-Powered World Wire Platform appeared first on Hacked: Hacking Finance.

Dash Price Analysis: The Technology and Its Cryptocurrency that Keeps Bringing Real-Word Value Use Cases

Dash Text launched a new service initially piloting in Venezuela for donation payment in DASH without the requirement of the internet. DASH/USDT has a significant barrier ahead […]

The post Dash Price Analysis: The Technology and Its Cryptocurrency that Keeps Bringing Real-Word Value Use Cases appeared first on Hacked: Hacking Finance.

Top 3 Price Prediction for Bitcoin, Ripple, Ethereum: Bullish Drums Announce Short-Term Cuts

After upward attempts, it appears that the market is dropping and taking a break. XRP appears weaker than its analytical peers. ETH/USD does not impose its leadership […]

The post Top 3 Price Prediction for Bitcoin, Ripple, Ethereum: Bullish Drums Announce Short-Term Cuts appeared first on Hacked: Hacking Finance.

Ethereum, Litecoin, EOS, Bitcoin Cash: BCH Breaks from the Pack for No Apparent Reason

The top ten cryptocurrencies traded lower on Monday, with one notable exception: bitcoin cash (BCH). The sixth largest cryptocurrency by market capitalization is riding a wave of […]

The post Ethereum, Litecoin, EOS, Bitcoin Cash: BCH Breaks from the Pack for No Apparent Reason appeared first on Hacked: Hacking Finance.

Tron Price Analysis: TRX/USD Heading for a Big Bullish Retest after Escaping Descending Wedge Pattern

The Tron (TRX) price is cooling, with eyes on a retest of a breached wedge pattern structure. TRX/USD could see very fast return to the $0.030000 price […]

The post Tron Price Analysis: TRX/USD Heading for a Big Bullish Retest after Escaping Descending Wedge Pattern appeared first on Hacked: Hacking Finance.

IOTA Runs Into Familiar Resistance but Outlook Brightens on Geo-Tag Transaction Proposal

IOTA (MIOTA) ran into familiar resistance on Sunday, as the bulls failed to break through a known area of supply that has thwarted the last two major […]

The post IOTA Runs Into Familiar Resistance but Outlook Brightens on Geo-Tag Transaction Proposal appeared first on Hacked: Hacking Finance.

Ormeus Coin (ORME) Jumps 2,478% in a Week; The Product of Helpful Rumours?

Another new altcoin jumped into the market cap top hundred this week as Ormeus Coin (ORME/ORMEUS) hit 2,478% growth over seven days. Ormeus has been around since […]

The post Ormeus Coin (ORME) Jumps 2,478% in a Week; The Product of Helpful Rumours? appeared first on Hacked: Hacking Finance.

The Satoshis Have Aligned: Historical Crypto Chart Suggests Bitcoin Has Already Bottomed

Nobody really needs to be told that the general sentiment surrounding the cryptocurrency market right now is very much of the bullish persuasion. Now bear in mind […]

The post The Satoshis Have Aligned: Historical Crypto Chart Suggests Bitcoin Has Already Bottomed appeared first on Hacked: Hacking Finance.

XRP Price Analysis: XRP/USD is Free to Run Wild Following Triangular Structure Escape

XRP/USD is running at two sessions in the green, as the bulls escape from a triangular pattern structure. The supply zone is tracking from the $0.3300-$0.3500 price […]

The post XRP Price Analysis: XRP/USD is Free to Run Wild Following Triangular Structure Escape appeared first on Hacked: Hacking Finance.

Crypto.Com Chain’s 529% Moonshot Installs CRO as Top Twenty Token: Quick Rundown

Crypto.com Chain arrived out of nowhere with a 529% moonshot this week, instantly pushing its  CRO token up among the top twenty cryptocurrencies by market cap. So […]

The post Crypto.Com Chain’s 529% Moonshot Installs CRO as Top Twenty Token: Quick Rundown appeared first on Hacked: Hacking Finance.

Cardano Price Analysis: Bulls Enjoy Explosive Breakout as Hoskinson Teases ADA-Supported Ledger Wallet

The Cardano (ADA/USDT) price is elevated thanks to another wave of buying pressure out from a bullish pennant pattern. Cardano’s community has much to be excited about […]

The post Cardano Price Analysis: Bulls Enjoy Explosive Breakout as Hoskinson Teases ADA-Supported Ledger Wallet appeared first on Hacked: Hacking Finance.

NEM Price Analysis: The Foundation and XEM are on a Strong Road to Recovery

NEM (XEM/USDT) has jumped a chunky 18% over the last four sessions of consecutive gains. The NEM community is very much optimistic about the organization’s restricting plan. […]

The post NEM Price Analysis: The Foundation and XEM are on a Strong Road to Recovery appeared first on Hacked: Hacking Finance.

The Emergence of Geopolitical Fuelled Cyber Attacks

A new breed of cyberattack is emerging into the threat landscape, fuelled by geopolitical tension, there has been a rise in stealthy and sophisticated cyber attacks reported within recent industry reports. Carbon Blacks 2019 Global Threat Report, released on Wednesday (23/1/19), concluded global governments experienced an increase in cyberattacks during 2018 stemming from Russia, China and North Korea, while nearly 60% of all attacks involved lateral movement.

'Lateral Movement' is where an attacker progressively and stealthy moves through a victim's network as to find their targets, which are typically datasets or critical assets. This is an attack of sophistication, requiring skill, resources and persistence, beyond the interest of average criminal hackers, whom go after the lowest hanging fruit for an easier financial return.


Carbon Black concluded that as 2018 came to a close, China and Russia were responsible for nearly half of all cyberattacks they detected. 

The US and UK government agencies have publicly articulated their distrust of Chinese tech giant Huawei, which resulted in BT removing Huawei IT kit from their new 5G and existing 4G networks last month. UK Defence Secretary Gavin Williamson said he had "very deep concerns" about Huawei being involved with the new UK mobile network due to security concerns. At end of 2017 the UK National Cyber Security Centre warned government agencies against using Kaspersky's products and services, which followed a ban by the US government. Barclays responded by removing their free offering of Kaspersky anti-virus its customers. The UK and US also blamed North Korea for the devastating WannaCry attacks in 2017.

Another interesting stat from the Carbon Black Global Threat Report that caught the eye, was 2018 saw an approximate $1.8 billion worth of cryptocurrency-thefts, which underlines the cyber-criminal threat still remains larger than ever within the threat landscape.