North Korean Hackers Move Onto Attacking Individuals After Exchanges Boost Security

The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29.

Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks.

As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from its previous methods.” As Cointelegraph reported this October, North Korea allegedly backed two cryptocurrency scams this year: hacks funded by the country reportedly comprise of 65% of all cryptocurrency stolen to date.

Simon Choi, founder of cyber warfare research company IssueMakersLab, attributes the shift towards attacking individuals to cybersecurity enhancements by exchanges and financial institutions:

“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”

Choi also said that most targets have been wealthy South Koreans since “they believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”

According to Luke McNamara, an analyst at cybersecurity company FireEye, “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges.”

McNamara explained that “when they understand and know the targets” then “they are able to craft lures specific to those organisations or entities.” He added that this makes them “effective at what they are doing.”

As Cointelegraph reported, Kaspersky Labs claims that North Korean hacker collective Lazarus Group used the “first” macOS malware to hack a crypto exchange. Experts have also argued that North Korea increasingly uses cryptocurrencies to avoid U.S. sanctions.


Source
Author: Adrian Zmudzinski
Image Credit

Hackers Nab $58,000 from Cryptocurrency Exchange by Trading Fake EOS Tokens

Hackers were able to steal nearly $58,000 worth of cryptocurrency from the Newdex exchange by exploiting a vulnerability in the exchange, according to TheNextWeb. The hackers flooded the Newdex exchange with fake EOS tokens they created themselves to buy ADD, BLACK and IQ tokens from the centralized platform.

Newdex acknowledged that an EOS account issued 1 billion phony EOS tokens. The EOS account, oo1122334455, placed purchase orders for ADD, BLACK and IQ. A total of 11,800 phony EOS orders were made. The hackers then exchanged the tokens for real EOS.

Newdex acknowledged the hackers nabbed 4,028 real EOS tokens, worth around $20,000, and sent them to Bitfinex, leaving Newdex users with cumulative losses around $58,000.

Newdex stopped the service at 15:52 on Sept. 18 after discovering an exception and activated an emergency response repair system, according to an observer on Reddit. The repair was completed at 16:33, and normal operation was resumed.

Newdex apologized for the loss, but has no plans to compensate people, according to the report.

EOS Users Warned About Newdex

Several days prior to the incident, the EOS community noted on Reddit that Newdex is not a genuine decentralized exchange (DEX) despite its “misleading marketing.” The PSA said not to trust Newdex since it does use a smart contract and has not published the source code of its centralized matching server.

Instead, Newdex matches orders off-chain in a centralized server, according to the Reddit post. The post also presented a response form Newdex’s support stating it is “the first global decentralized exchange built on EOS,” and requires no deposit, no withdrawal, safe assets, and is open and transparent.

In addition, Scatter (an ecosystem for creating accountability and security in the blockchain space) is used as a login and trading interface so that Newdex would appear to be a genuine DEX, the Reddit post noted. The reality is that users were sending funds to regular EOS accounts that don’t have any kind of smart contract running on them.

Also read: Two EOS gambling platforms fall prey to $260,000 hack

Newdex Issues Continue

According to Trybe, a tokenized knowledge and content sharing platform, Newdex has been plagued with trade issues, token issues, and extensive transfer times.

After allegedly encountering issues trading EOS on Newdex and communicating these issues to the exchange, Newdex responded that there are issues with the EOS network.

Trybe posted a note from Newdex claiming that there has been instability with the EOS mainnet causing unstable trades on all major exchanges, causing some exchanges such as Bithumb and Huobi Pro to withdraw service for EOS, ADD, and IQ.

Trybe noted, however, that it has not encountered issues trading EOS on other exchanges.


Source
Author: Lester Coleman
Image Credit: Image from Shutterstock

Has your fridge been hijacked by cybercriminals?

Is the web browser on your phone slower than usual? It could be mining bitcoin for criminals.

As the popularity of virtual currencies has grown, hackers are focusing on a new type of heist: putting malicious software on peoples’ handsets, TVs and smart fridges that makes them mine for digital money.



So-called “crypto-jacking” attacks have become a growing problem in the cybersecurity industry, affecting both consumers and organizations. Depending on the severity of the attack, victims may notice only a slight drop in processing power, often not enough for them to think it’s a hacking attack. But that can add up to a lot of processing power over a period of months or if, say, a business’s entire network of computers is affected.

“We saw organizations whose monthly electricity bill was increased by hundreds of thousands of dollars,” said Maya Horowitz, Threat Intelligence Group Manager for Checkpoint, a cybersecurity company.

Hackers try to use victims’ processing power because that is what’s needed to create – or “mine” – virtual currencies. In virtual currency mining, computers are used to make the complex calculations that verify a running ledger of all the transactions in virtual currencies around the world.

Crypto-jacking is not done only by installing malicious software. It can also be done through a web browser. The victim visits a site, which latches onto the victim’s computer processing power to mine digital currencies as long as they are on the site. When the victim switches, the mining ends. Some websites, including Salon.com, have tried to do it legitimately and been transparent about it. For three months this year, Salon.com removed ads from its sites in exchange for users allowing them to mine virtual currencies.

Industry experts first noted crypto-jacking as a threat in 2017, when virtual currency prices were skyrocketing to record highs.

The price of bitcoin, the most widely known virtual currency, jumped six-fold from September to almost US$20,000 in December before falling back.

The number of crypto-jacking cases soared from 146,704 worldwide in September to 22.4 million in December, according to anti-virus developer Avast. It has only continued to increase, to 93 million in May, it says.

The first big case emerged in September and centred on Coinhive, a legitimate business that let website owners make money by allowing customers to mine virtual currency instead of relying on advertising revenue. Hackers quickly began to use the service to infect vulnerable sites with miners, most notably YouTube and nearly 50,000 WordPress websites, according to research conducted by Troy Mursch, a researcher on crypto-jacking.

Mursch says Monero is the most popular virtual currency among cyber-criminals. A report by cybersecurity company Palo Alto Networks estimates that over 5 per cent of Monero was mined through crypto-jacking. That is worth almost US$150 million dollars and doesn’t count mining that occurs through browsers.

In the majority of attacks, hackers infect as many devices as possible, a method experts calls “spray and pray.”

“Basically, everyone with a (computer processing unit) can be targeted by crypto-jacking,” said Ismail Belkacim, a developer of an application that prevents websites from mining virtual currencies.

Don’t forget to join our Telegram channel for Crypto, Business & Technolgy news delivered to you daily

As a result, some hackers target organizations with large computing power. In what they believe might be the biggest crypto-jacking attack so far, Checkpoint discovered in February that a hacker had been exploiting a vulnerability in a server that over several months generated over $3 million in Monero.

Crypto-jackers have also recently targeted organizations that use cloud-based services, in which a network of servers is used to process and store data, providing more computing power to companies who haven’t invested in extra hardware.

Abusing this service, crypto-jackers use as much power as the cloud will allow them to, maximizing their gains. For businesses, this results in slower performance and higher energy bills.

Martin Hron, a security researcher at Avast, says that besides the rise in interest in virtual currencies, there are two main reasons for the rise in attacks.

First, crypto-jacking scripts require little skill to implement. Ready-made computer code that automates crypto-mining is easy to find with a Google search, along with tips on the vulnerabilities of devices.

Second, crypto-jacking is harder to detect and is more anonymous than other hacks. Unlike ransomware, in which victims have to transfer money to regain access to their computers blocked by hackers, a victim of crypto-jacking might never know their computer is being used to mine currency. And as currency generated by crypto-jacking goes straight into a hacker’s encrypted wallet, the cyber-criminal leaves less of a trail.

Both Apple and Google have started to ban applications that mine virtual currencies on their devices. But Hron, the Avast researcher, warns that the risk is growing as more everyday devices are connected to the internet – from ovens to home lighting systems – and that these are often the least secure. Hron said that cheaply made Chinese devices were particularly easy to hack.

Some experts say new techniques like artificial intelligence can help get a faster response to suspicious software.

That’s what Texthelp, an education technology company, used when it was infected with a crypto-jacker, said Martin McKay, the company’s chief technology officer. “The risk was mitigated for all customers within a period of four hours.”

But security researcher Mursch says that these precautions won’t be enough.
“They might reduce the impact,” he says, “But I don’t think we’re going to stop it.”


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Associated Press
Image Credit 

Internet Cafes Hacked to Mine $800,000 Worth in Siacoin Crypto

A group of hackers has allegedly colluded with computer maintenance firms in China to hack into computers owned by internet cafes to mine cryptocurrency.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


According to a local news report on Saturday, the police force in China’s Rui’An city in Zhejiang province arrested 16 suspects who allegedly profited 5 million yuan (or $800,000) by hacking more than 100,000 computers in internet cafes across 30 Chinese cities since July of last year.

The report said the hackers first developed a malware that can specifically mine the Siacoin cryptocurrency in an affected device.

Then they marketed it to computer maintenance firms who allegedly helped to inject the malware to computers in internet cafes when they were doing regular check up jobs.

The profits made by mining and selling these Siacoins would then be split among the hackers and their alleged accomplices, the report said.

According to the report, the issue emerged in July 2017 when internet cafes in Rui’An – one after another – started to notice their computers had become extremely slow since the CPU usage rate was often at 70 percent even after a restart.

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

Notably, it was also at a time when the price of Siacoin jumped by 400 percent from $0.002 in May to over $0.01 in July, data from CoinMarketCap shows.

Meanwhile, the utility bills of affected internet cafes in Rui’An also went up significantly during that period, the report said. Subsequently the owners reported the case to the local police.

Since most internet cafes in Rui’An used the same computer maintenance firm (unnamed in the report) for regular check up, the police arrested the firm’s chief executive officer in August, who later revealed information of the hackers.

The report further said currently the investigation is still ongoing since the affection is now widespread across more than 30 cities in China with over 100 computer maintenance firms in the country being allegedly involved.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Wolfie Zhao
Image Credit 

Hackers Target Infrastructure and Weak Security to Steal Cryptocurrencies

Carbon Black, a predictive cloud security service, recently published a report demonstrating that $1.1 billion worth of cryptocurrency-thefts occurred in the last six months


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


Security Experts Weigh in

Unfortunately, most of these thefts came from an attack on a cryptocurrency exchange or business. TechWire mentioned that hackers often hide malware on websites or weak infrastructure especially on cryptocurrency exchanges with inadequate security.

According to the report, cryptocurrency exchanges were the most vulnerable target to hackers and represented 27 percent of cryptocurrency-related attacks, followed by businesses at 21 percent, users at 14 percent and government resources at seven percent.

Cryptocurrency exchanges ranked highest because malicious agents were able to leverage vulnerable problems in their security infrastructure and easily steal large amounts of data and drain victim’s wallet.

While the theft is in the billions, it does not come as much of a surprise considering Coincheck suffered a hack of over $500 million at the beginning of 2018. Just recently, South Korean cryptocurrency exchange Coinrail, while a significantly smaller exchange also lost approximately $40 million in cryptocurrencies.

Instead of targeting the network, many hackers are taking advantage of the lax security from exchanges. They deploy stealer malware and drain the exchange of vulnerable cryptocurrencies. Some hackers even leverage their access to data to undergo follow-up attack on the users.

The report mentioned that “unfortunately, new investors and traders looking to jump on the crypto bandwagon will exacerbate the opportunity for exploitation. We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to the evolving threat.”

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

Stealer Malware Popular among Cybercriminals

“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” said Rick McElroy, Carbon Black Security strategist.

“It’s not always these large nefarious groups, it’s in anybody’s hands.”

McElroy mentioned that malware purchases on the dark web often comes with customer service. “You just have to able to log in and be able to buy the thing – you can call customer support and they’ll give you tips,” he continued.

The malware costs on average $224, however, the security expert has seen some malware options as low as $1.04. The Carbon Black report stated that the available dark web marketplace, a marketplace that can only be accessed using specialized software, is currently a $6.7 million economy which is built from cryptocurrency-related malware development and sales.

While many thefts can come from huge crime groups targeting cryptocurrency exchanges and companies, McElroy stated that thefts can even emerge from an unemployed engineer who’s looking to make extra money on the side. “You have nations that are teaching coding, but there’s no jobs,” said McElroy. “It could just be two people in Romania needing to pay rent.”

In regards to the most vulnerable countries susceptible to cryptocurrency attacks, the US emerged first with 24 cryptocurrency attacks. China came in second with ten attacks, and the UK came in third with eight.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Cindy Huynh
Image Credit 

Hacking Will Make Bitcoin, Ethereum And XRP Stronger

Hacking will cool off the hype for Bitcoin, Ethereum, XRP and other cryptocurrencies in the short-run, but in the long-run, it will make them stronger.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions.


Hacking of cryptocurrency exchanges has always been a scary thing for cryptocurrency investors. It sounds like a run on the bank back in the old days when there was no central bank to guarantee deposits.

That’s why investors sold off almost every cryptocurrency following news that South Korea’s Coinrail cryptocurrency exchange had been hacked.

South Korea is among the biggest cryptocurrency markets in the world, and the buzz setter.

Cryptocurrency buzz usually begins in Asia—like in Korea, where investors view them as vehicles to escape government currency controls, and are willing to pay a market premium for them. That especially has become the case since the Chinese government shut off the country’s exchange.

That’s why the Coinrail exchange hacking had such a big impact on cryptocurrency markets.


Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily.


Still, hacking is nothing new to cryptocurrencies. Back in January Japanese exchange Coincheck Inc. was hacked, causing a great deal of pain to cryptocurrency investors. And hacking won’t go away anytime soon. “Hackers have always existed and the likelihood of them vanishing is very low,” Blockchain expert Mary Saracco said. “That said, the crypto space in particular needs to be extremely diligent in their security measures as cybersecurity plays a bigger role in the industry.”

While hacking is painful for cryptocurrency investors in in the short-run, it will make them stronger over the long haul, according to some experts. Christian Ferri, President and CEO of BlockStar, is one of them. “As in every technology, hacking will be painful for some in the short term; but it will be a major driver in strengthening the crypto ecosystem, making it more secure, which is key for mass adoption.”

Amy Wan, CEO and cofounder of Sagewise, agrees. “There will always be a community of crypto enthusiasts, despite all the hacks. But blockchain and crypto will not become more mainstream unless and until the space resolves these fundamental infrastructure issues and provides users with transactional confidence and certainty.”

Meanwhile, cryptocurrency investors should brace themselves for a great deal of turbulence.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author: MaxPositives
Image Credit

$20 Million Ether Hacked From Poorly Configured Ethereum Apps

According to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications. Experts at the firm say the cyber-attacks target unsecured Ethereum nodes on the Internet.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


DETAILS OF THE HACK

On March 15, Qihoo 360 Netlab alerted the cryptocurrency community to the activities of hackers scanning the Internet for unsecured Ethereum nodes. At the time, the alleged cybercriminals had stolen 3.96 ETH.

360 Netlab @360Netlab

Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address

https://www.etherchain.org/account/0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464#transactions … $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://twitter.com/360Netlab/status/974374944711815168

7:48 AM – Jun 11, 2018

However, recent findings have unearthed another hacker who has managed to steal an even more considerable amount of ether. By hijacking unsecured Ethereum wallet apps, the hacker has managed to siphon off 38,642 ETH worth about $20 million. The image below is the address of the suspected hacker:

The hack exploits the ability of Remote Procedure Call (RPC) interfaces running on port 8545 to access sensitive miner and wallet information. The RPC provides third-party access to this data via a programmatic API. If left unsecured, a hacker could gain access to miner/wallet funds. Thus, the RPC is usually disabled by default on most Ethereum-based apps.

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

SAFEGUARDING YOUR ETHER HOLDINGS

Whether by omission or commission, some app developers — in tinkering unnecessarily with their apps — have opened up the unsecured node vulnerability. With the astronomic rise in cryptocurrency prices last year, it seems more hackers are incentivized to conduct rigorous Internet scans in search of unsecured cryptocurrency holdings.

Qihoo 360 Netlab reports that there is an increase in scans for RPC interfaces on port 8545. With the success of the $20 million heist, it is safe to assume that more cyber crooks will join the attack.

In May 2018, reports emerged of Satori Botnet targeting exposed Ethereum miners. There are numerous hacking resources available on GitHub to automate port 8545 scanning exploits. According to Qihoo 360 Netlab team:

If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses. And quite a few IPs are scanning heavily on this port now.

Have you checked to see if your Ethereum-based apps and mining rigs are properly configured? Do you think other blockchains-based apps are vulnerable to this same attack?


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Osato Avan-Nomayo
Image Credit