Category Archives: cryptocurrency

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks.

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers.

“Approximately 12:00 on June 1, 2020, as a result of detecting an abnormality in the monitoring work and starting an investigation, from around 0:05 on May 31, 2020, in our account in “Ome.com”, It was confirmed that the domain registration information was changed by a third party. As a result of this event, it was revealed that some emails received from customers during the period from May 31 to June 1, 2020 could be illegally obtained by a third party.” reads a press release published by the company.

“The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

The company only halted remittance operations while other operations, including deposits and withdrawals, have not been suspended.

The attack took place between May 31 and June 1, when hackers gained access to Coincheck’s account at Oname.com and attempted to contact the customers of the platform. Coincheck detected the security breach after observing traffic abnormalities, it also confirmed that approximately 200 customers have been impacted in the security incident.

Oname.com also confirmed the incident in a separate advisory about issues in Name.com Navi customer’s domain and server management tool.

“There was a case where the management screen of the customer who used Ome.com was accessed illegally and the registered information was rewritten. After investigating this, a malicious third party was able to use your ID and the bug (*) that could alter the communication on your name.com Navi. It turned out that the information (email address) was rewritten.” reads the advisory published by Oname.com. “The bug of “Omename.com Navi” will be fixed on June 2nd.”

According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain.

Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org with awsdns-061.org. The two domain names differ for an extra 0 prefixed to 61.

Information that may have been leaked in the security breach is the email address written in the recipient and information written in the customer’s email.

Attackers sent spear-phishing messages to some users posing as the coincheck.com domain and redirecting the replies of the customers to the servers under their control.

The spear-phishing messages likely instructed users to verify their account information, then the attackers were planning to use this data to take over the customers’ accounts and siphon their funds.

At the time of publishing this post, the company is not aware of abuses of information obtained with spare-phishing attacks either of the theft of customers’ funds.

In January 2018 Coincheck was hacked and attackers stole $400 million.

A few days after the hack, the company announced it will refund about $400 million to customers after the hack. Coincheck will use its own funds to reimburse about 46.3 billion yen to its 260,000 customers who were impacted by the cyberheist.

Pierluigi Paganini

(SecurityAffairs – coincheck, cybersecurity)

The post Hackers hijacked Coincheck ‘s domain registrar account and targeted some users appeared first on Security Affairs.

BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history. In an incident report published on its website, BlockFi was keen to stress that the hacker’s activity had been logged […]… Read More

The post BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost appeared first on The State of Security.

Understanding How Bitcoin Mining Poses Security Risks

The value of Bitcoin has had its ups and downs over the past several years, but continues to attract interest in the midst of a chaotic market. The rapid growth of this alternate currency has dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process called “Bitcoin mining” appears to be a great way to get involved. However, Bitcoin mining introduces a number of security risks.

What is Bitcoin mining?

Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. “Miners”, as they are called, essentially upkeep and help secure Bitcoin’s decentralized accounting system.

Each time there’s a transaction it’s recorded in a digital ledger called the “blockchain.” Miners help to update the ledger by downloading a special piece of software that allows them to verify and collect new transactions to be added to the blockchain. Then, they must solve a mathematical puzzle to be able to add a block of transactions to the chain. In return, they earn Bitcoins, as well as transaction fees.

What are the security risks?

As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning a user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power.

This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices to mine for Bitcoin.  Such an event happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors were using this time to access the users’ laptops for mining.

In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. In fact, this has become such a widespread problem, that over 1 billion devices are believed to be slowed down by web-based mining. And slowing your device down is not even the worst thing that could happen. A device that is “cryptojacked” could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.

Now that you know a little about Bitcoin mining and the risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:

  • Avoid public Wi-Fi networks—These networks often aren’t secured, opening your device and information up to a number of threats.
  • Use a VPN— If you’re away from your secure home or work network, consider using a virtual private network (VPN). This is a piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data. A product like McAfee Safe Connect can help safeguard your online privacy no matter where you go.
  • Secure Your Devices—New threats like Bitcoin malware are emerging all of the time. Protect your devices and information with comprehensive security software, and keep informed on the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Understanding How Bitcoin Mining Poses Security Risks appeared first on McAfee Blogs.

Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations

Cybercriminals target healthcare

No One is Invisible to Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations 

 In this challenging time, cybercriminals have their eyes on consumers and institutions alike. Malicious groups have increased their targeting of hospitals and healthcare entities to take advantage of deepening resource strain. Many of these groups are using ransomware attacks to compromise hospital systems, locking up patient records or vaccine research until a hefty ransom is paid. The requested sum is usually a high value of Bitcoin or alternative cryptocurrencies, as these are typically more difficult to trace 

However, unlike with old tax paperwork or private family photos, the impact of losing or mass distributing patient records could literally mean life or death for those awaiting urgent care or diagnosisBad actors count on this urgency to guarantee that their ransom is met 

Be wary of old tactics with a new twist 

The tactics these cybercriminals use can be a combination of traditional phishing and vulnerability exploitationReportedly, the WHO has seen a twofold increase in phishing attacks by cybercriminals attempting to steal credentials. Some ransomware groups have stated they will avoid targeting hospitals given the current strain on healthcare systems. Still, claims from criminal organizations should be taken with a hefty grain of salt.  

Keep your security up to date 

In the meantime, McAfee Advanced Threat Research is closely monitoring new threats that aim to take advantage of the uncertainty surrounding the pandemic. The team has analyzed these threats based on geography, and will continue to report further findings. While these threats are not unexpected as cyber criminals always try to leverage large events to their advantage, it is disappointing to see at a time when the world needs to come together that there are those who have scant regard for the sense of community. 

Stay ahead of malicious threats 

Whether you’re a healthcare professionalfamily provideror both, here are some tips that can help you stay ahead of malicious tactics being used to attack individuals and healthcare institutions 

  • Secure your home network by checking your device passwords and Wi-Fi password. Make sure your system and software are all up to date, and take the time to perform pending updates.  
  • Avoid clicking on emails and texts from unknown senders. Be wary of any communication coming from “official” sources that encourage urgent actions on provided links or ask for your login credentials.  
  • Check in often with family and friends and be their technical advisor if needed to help steer them away from social engineering or spammy phishing. Consider using a free safe browser extension that can help steer you away from illegitimate sites.  
  • Be sure to set up robust security on devices that may now be seeing a lot more online time.  
  • Don’t forget your phone  stay protected from malicious apps and smishing/vishing attempts.

The post Ransomware Attacks: Cybercriminals Pinpointing Healthcare Organizations appeared first on McAfee Blogs.