hackers - Pwim.Net

US Law Firms Had Data Stolen and Encrypted by Hackers Demanding Crypto Ransoms

There has been a recent report of an online breach in five United States law firms as it has been compromised by hackers demanding two 100 Bitcoins (over $933,000 at the time of this report) from each firm. The ransom demanded by the hackers was expected to be paid in parts, one to allow access to the data and another to delete the hackers’ copy of the data instead of selling it.

From the information coming from cybersecurity firm Emsisoft, Maze, the hacker group had already begun to execute their threat as they had started publishing some of the data they had stolen from the firms in parts. Two of the five firms had already been hacked on Feb.1.

The articles containing the stolen data had already been published on two sites, which remain undisclosed to protect the firms involved. Maze group has said that they would continue to reveal the stolen data as proof in increasing order of sensitivity with time until a response has been made from the firms before the leaks would stop.

Callow had said that the group had gone ahead to make the published data in Russian hacker forums with a note saying that the information should be used in any nefarious ways that they want. As a result of this, he believes that more data will be released with time unless the hacked firms pay. He also explained, “It seems highly unlikely that a criminal enterprise would delete what it may be able to monetize at a later date.”

Callow went further in his explanation to state that not only had the ransomware group been responsible for just encrypting data in the past, they had also been stealing them while exploiting their victims in the process.

Image via Shutterstock

3 Ways Blockchain is Transforming Cybersecurity

People have become more tech-savvy as they are considerably embracing various technological innovations, such as the internet and blockchain. As a result, the online world has become a beehive of activities as people transact, communicate, and gather a wide range of information, among others.

Nevertheless, safety concerns have risen as hackers and fraudsters continue wreaking havoc in the online world. The situation is becoming worse because hackers have become more sophisticated with their activities. For instance, the worldwide cybercrime sector is speculated to garner $1.5 trillion annually, and this has become a worrying trend.

This has, therefore, compromised cybersecurity measures as the present measures of protecting data, programs, networks, and computers are being breached. Blockchain technology ensures that data is stored in immutable distributed ledgers.

United States Department of Defense Tests Out Blockchain Technology to Enhance Cybersecurity

1. Averting DDoS attacks

Distributed denial of service (DDoS)attacks usually happen after different methods are deployed to send frequent junk requests to a particular website. Therefore, traffic to this website is enhanced to the point that it becomes overwhelming. This hampers the loading of any page, and ultimately, the website crashes.

DDoS attacks often originate from the prevailing domain name system (DNS), a partially decentralized IP address holder that acts as an internet’s phone book. It, therefore, means hackers can easily penetrate the centralized segment of DNS that stores the primary data bulk. Some reputable companies, such as Twitter and Spotify, have been victims of DDoS attacks.

By leveraging on blockchain technology, DNS would be entirely decentralized as data would be distributed to numerous nodes making it almost impossible to hack. This would grant domain owners with domain editing rights in case changes are required.

Some companies are already utilizing blockchain to prevent DDoS attacks. For example, Blockstack,a decentralized computing network and app ecosystem, offers an entirely decentralized DNS option. Therefore, it decentralizes the whole worldwide web by eliminating all third parties needed in managing databases, ID systems, and web servers.

2. Authenticating downloads

Computer viruses, worms, and trojan horses have manifested themselves in different forms. As a result, their detection is proving to be cumbersome, especially for those people without precise expertise.

Malware and ransomware have become crafty to the extent that they pretend to be legal apps, and this significantly compromises cybersecurity. Notably, it is predictedthat 230,000 new malware samples are generated daily. Blockchain can come in handy in offering software downloads exclusive hashes that enable users to distinguish between unwanted downloads and those from the real developers.

3. Offering consensus mechanisms

Blockchain could propel cyber defense needed in averting fraud by providing consensus mechanisms, such as immutability, auditability, data encryption, transparency, and operational resilience.

Notably, these solutions could be used in detecting data theft because blockchain uses distributed ledger technology and cryptography in the encryption of information. Additionally, the verification process offered by blockchain is instrumental in red-flagging inconsistencies. These mechanisms would be ideal as 90% of hackers use encryption to cover up their tracks.

Cyberattacks have proven to be detrimental in the present society as they make the loss of data and funds inevitable. For instance, in 2019, healthcare breaches were the highest at 65% compared to any other industry. Blockchain can, therefore, propel cybersecurity in various ways, such as offering fraud and DDoS attack protection.

For more insights in cybersecurity

Kaspersky’s Expert Take on KYC and AML: Stock vs Crypto Exchanges

How Kaspersky Protects Investors During Token Sales in 7 Ways

PowerGhost: The Mining Malware to Watch in 2020

Kaspersky: 80% of People Have Never Purchased Cryptocurrency

PwC Felix Kan: The Ethical Hacker for Modern Cyberattacks

Image by Ilya Pavlov via Unsplash

Ledger and Tezor Dismiss Rumor That Hackers Have Stolen Data from Popular Crypto Wallet Providers

Cybersecurity company “Under The Breach” has revealed that customers who have bought products using Shopify and bought items from companies such as KeepKey, Trezor, Bnktothefuture, and Ledger may have had their data leaked.

The cybersecurity company tweeted screenshots from a hacker trying to sell stolen data from KeepKey, Ledger, Trezor, and Bnktothefuture users.

The ‘Rumored’ Hack

The cybersecurity company further mentioned that the data was stolen after the hacker exploited weaknesses in the e-commerce website Shopify. The cybersecurity company posted screenshots in which the hacker advertised huge databases with information associated with an alleged 80,000 customers. This includes the customer’s name, email address, residential address, phone number, and other pieces of data.

The hacker is claimed to be the same individual who hacked the forum Ethereum.org in 2016. The hacker is now claiming to have the databases for Ledger, Trezor, and KeepKey users, including other important information. The hacker also claims to have hacked the Bnktothefuture SQL database and stole identify information from the investment platform. The databases are up for sale, but it may turn out to be false and publicity stunt.

A communications manager at Shopify said: “We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s system.”

Two of the four firms have taken the allegations seriously.

Ledger made a follow-up on the matter, terming it as a rumor. The hard wallet provider claims that so far, the allegedly hacked database does not match its real database. Ledger said that it is likely that the hacker is totally lying. The company confirmed that it will be continuing its investigations on the issue.

Trezor tweeted its confirmation that there are rumors going around that its e-shop database has been attacked through a Shopify exploit. The company clarified that its e-shop doesn’t use Shopify, thus making a Shopify-related hack impossible. The firm said: “We are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.”

The hacker has several dubious claims and is reported to have databases for almost 20 crypto exchanges globally. Nobody can confirm whether or not the hacker truly does have these databases. So far it appears to be more hearsay.

US Law Firms Had Data Stolen and Encrypted by Hackers Demanding Crypto Ransoms

Various big companies seem to have been the victim of recent cyberattacks, which has led to the theft of a massive amount of private information from customers. Hackers have recently breached five US law firms and encrypted their data, thus forcing each firm to pay 100 Bitcoins (about $918,500 at the time of this report) to restore their access. The hacker group identified as “Maze” also has threatened to sell some stolen data in case the firms refused to pay a ransom. The hackers have developed the habit of publishing small parts of stolen data and release more and more sensitive aspects until victimized firms pay a ransom. Hackers demanding ransoms in Bitcoin have a negative impact on the public image of cryptos, making people believe that such coins are just meant for criminals. Last year was marked not only by multiple ransoms demanding cryptocurrencies but also by major cryptocurrency scams.

Image via Shutterstock

Decentralized Hackers 'Anonymous' Promise Retribution for George Floyd, Will Expose Minneapolis Police Record of Systemic Racism

Hacktivist group ‘Anonymous’ has promised retribution against the Minneapolis Police Department (MPD) for the death of George Floyd last week.

On Saturday night, May 30, it appears the group has begun to make good on their promise, as the MPD website was inaccessible for most of the night and appears to have been subjected to unauthorized access and tampering.

As reported by Bloomberg on June 1, the alleged Anonymous hack occurred on Saturday night as protests reached a fever pitch around the country. Thousands of Americans rose in protest against the unlawful and completely unnecessary killing of George Floyd and the rate of police violence aimed at black Americans.

Although police officials did not immediately wish to comment on the alleged attack, there were noticeable anti-hack additions to the website on Sunday morning. Pages on the website required captcha verification, a popular automated hack bot deterrent for access to the public pages.

Anonymous Promises to Reveal Depth of MPD’s Systemic Racial Profiling and Abuse

Anonymous posted the video below on their unconfirmed Facebook page on May 28. The video was aimed specifically at the Minneapolis police and promised to expose the department’s “horrific track record of violence and corruption”, of which they believe George Floyd is just the latest casualty.

As protestors clashed violently with US police and the National Guard over the weekend, the video gained nearly 2.5 million views on Facebook.

The video is presented by the Anonymous figure dressed in the usual dark hoodie and displaying the Guy Fawkes mask, a popular symbol of protest made famous by the movie V for Vendetta. The figure concludes the video, which details the unjustified death of George Floyd and as many as 193 others, stating that the MPD is not capable of carrying out true justice. The figure promised, “we will be exposing your many crimes to the world. We are legion, expect us.”

The power of the Anonymous group can be found in these final words, “We are legion” – a nod to their decentralized model of operation. The hacktivist operation claims to operate as a series of decentralized cells, making them difficult to track and meaning that there is no distinguishable leader with which to bargain or negotiate.

Given the depth of the information already exposed in the warning video, we can only imagine what has been uncovered in the recent alleged hack that appears to have occurred last Saturday.

Telecom Argentina Hit By Ransomware attack: Hackers Demand $7.5 Million Monero

A leading internet service provider, Telecom Argentina S.A, was hit with a ransomware attack on Saturday, July 18. The popular economist, trader, and cryptocurrency proponent, Alex Kruger, tweeted about the incident. The ransomware operators are now demanding for a 7.5 million ransom to be paid in order to unlock encrypted files.

Telecom was founded in 1990 and since then has become the largest telecommunication company in Argentina.

New Cyberattack Has Brought Another Shame

The internal network of the telecom company was infected and is regarded as one of the largest hacks in the country.

According to the local news outlet, the attackers have caused massive damage to the company’s network. They gained full control over the entire internal Domain Admin of the company’s network, where they installed and spread their ransoms payload to over18,000 workstations.

However, the attack has not affected users or telephone and internet services offered by Telecom Argentina. The internet, cell phones, and landlines remain unaffected.

The attackers have targeted and encrypted multiple company-owned Windows computers, which contain personal and sensible information. Several of Telecom Argentina’s official website went offline since Saturday.

The hackers are now demanding a ransom of 109,345.35 XMR (Monero cryptocurrency) of value $7.53 million. Telecom Argentina has until July 21st, 20:23 local time, to pay the amount. If the company fails to pay the funds required within the given timeframe, then the amount doubles to 218,690.7 XMR ($15 million).

The hackers have presented guidance on how Telecom employees can make payment using Monero cryptocurrency, screenshot reveals.

However, the company has not given its response to how it is managing the crisis or whether it is cooperating with the hackers or not.

Although, no hackers group has claimed to take the responsibility of the incident, several signs point towards one of the most popular organizations in the field – REvil (Sodinokibi) – to be behind the horrible attack. The group has become famous for executing similar ransomware attacks.

Data Locked Forever?

Ransomware is a digital form of extortion. It is just as simple as that. Hackers use old-age tactics to carry out a modern-day crime.

Ransomware is a destructive malware, which encrypts files on infected computers so that to make them inaccessible until a ransom is paid.

However, even if the victim makes the payment, there is no guarantee that the cyber attackers will unlock the files. This makes it especially difficult for a victim to make a decision for this matter.

Being anonymous, Monero cryptocurrency transactions lend themselves well for this type of malware that enables hackers to stay out of reach. In the case above, the attackers even explain to the company how to get Monero cryptocurrency and make payment.

The incident has elicited mixed reactions from the cryptocurrency community. Some members see it as the benefit of Monero as identities of the hackers’ transactions are protected. However, others see the incident as damaging to the overall reputation of cryptocurrencies.

One Million Bitcoin Held By Dark Web Marketplaces and Cybercriminals, Chainalysis Data

Data from Chainalysis reveals that nearly one million Bitcoin is circulating on the dark web between bad actors and illicit darknet markets being moved through reputable exchanges.

According to Chainalysis, roughly 900,000 Bitcoin (BTC) is being held by cybercriminals and darknet markets on the dark web with reputable cryptocurrency exchanges acting as crucial links within the underground space.

While Chainalysis reveals that less than 1% of Bitcoin transactions are illegal the graph above still shows an alarming picture. Reading the data, it shows 892,000 BTC being held on the darknet is broken down as; 585,000 BTC is being held on illegal darknet markets; 205,000 BTC in stolen funds are circulating on the dark web; 99,000 BTC is attributed to scams and all others hold an additional 3,000 BTC.

According to Chainalysis, only 0.32% of all current Bitcoin flows are tainted by illicit activity.

Cryptocurrency exchanges are still being leveraged heavily for illicit Bitcoin transactions which is consistent with the BTC movements of the recent illicit gains made by cybercriminals during the recent hacks on Twitter.

Chainalysis Launches Market Intel

As recently reported by Blockchain.News, Chainalysis has launched Market Intel, a new website catered to asset managers and regulators for access to live crypto data and insights. Chainalysis’ Market Intel will leverage the firm’s proprietary data, which has been collecting and linking to real-world entities since 2014.

Regulators and compliance professionals are currently leveraging Chainalysis on-chain data, which provides information regarding transactions registered on blockchain, which helps these individuals to detect and investigate illicit activities. Chainalysis is looking to bridge the gap for traditional institutional investors, as the firm believes that cryptocurrencies are poised to become a mainstream asset class.

Bitfinex Launches $400 Million Bounty Hunt for 2016 Hackers Who Stole $1.3 Billion in BTC

Bitfinex has launched a 400 million dollar bounty hunt in search of the hackers responsible for the theft of nearly 120,000 Bitcoins from the global exchange in 2016.

Bitfinex is offering a 400 million dollar reward to anyone that can lead them to the hackers responsible for the theft of the 120,000 Bitcoins, now valued at over $1.3 billion. The global exchange is also offering a reward to the hackers themselves for the return of the stolen Bitcoin.

According to the Bitfinex blog on Aug 4, the hack that defrauded the exchange of 120,000 Bitcoins in 2016 is a “dark chapter” in the history of the exchange and the bounty reward is evidence of their determination to obtain the stolen Bitcoin. The reward of up to $400 million would equate roughly one-third of the Bitcoin’s value at the time of writing.

Aggregate Bitcoin Bounty Hunt

On August 2, 2016, hackers breached Bitfinex’s security systems. Subsequently, 2,072 unauthorized transactions (representing 119,755 BTC in aggregate) were broadcast on the Bitcoin network, resulting in the loss.

The Bitfinex Bitcoin bounty reward can be paid out to informants and hackers returning the stolen cryptocurrency in aggregate.

According to the blog post:

“Those who put Bitfinex in contact with the hacker will receive 5% of the total property recovered (or equivalent funds or assets at current market values), and the hackers will receive 25% of the total property recovered (or equivalent funds or assets at current market values). Any payments made to those connecting Bitfinex with the hackers and the hackers themselves will be classified as costs of recovery of the stolen property.”

Through the aggregate rewards recovery program, the total reward could be worth up to US$400 million at the current BTC price if all bitcoins were to be fully recovered.

“We will reward anyone with information that can put us in direct contact with those responsible for the 2016 security breach at Bitfinex,” said Paolo Ardoino, CTO at Bitfinex. “The hackers will receive a share of the returned property.”

Twitter Hack Demonstrates Danger For Digital Assets

The official post also cited the recent Twitter hack as an example that hacks and cybercrime continue to be a threat for all cryptocurrency and digital asset businesses in the as well as wider technology sphere. No-one in our community can afford to be complacent about the ingenuity of criminal gangs to perpetuate new types of fraud.

“As the recent hack of Twitter demonstrates, the threat posed by maliferous hackers remains,” said Ardoino. “We urge all exchanges, investors, and stakeholders in the space to remain vigilant and to work together to counter the threat that hackers pose to the digital asset industry.”

Since the 2016 Bitfinex hack, the exchange has made security its number one priority and continued to work with law enforcement agents in investigating the security breach. In February 2019, US authorities recovered 27.66270285 bitcoins stolen in the 2016 hack, which were converted to US dollars and paid to RRT (Recovery Right Token) Holders.

We Have Sufficient Evidence to Identify Actors Behind Massive Hack on Crypto Exchange, says KuCoin CEO

KuCoin CEO Johnny Lyu has tweeted that they have found sufficient evidence to identify the actors responsible for the massive hack that left the crypto exchange losing more than $280 million worth of cryptocurrencies. The KuCoin CEO has said that they have now officially involved law enforcement agents and police in taking action in the investigation.

How Crypto Companies Responded towards KuCoin’s Plight

Lyu mentioned that KuCoin has been collaborating with other crypto exchanges and projects to recover some of the stolen funds. As a result, various crypto projects worked to render useless or froze most of their assets. Several teams updated their blockchain to prevent the thieves from liquidating the stolen assets where possible.

Bitfinex and Tether alone froze $33 million worth of the US dollar-pegged stablecoin (USDT). Other projects such as Akropolis, VIDT-Datalink, Ocean Protocol, and others also took several measures like blacklisting, forking, and freezing to prevent the hackers from transferring or using the funds.

Most of the affected cryptocurrencies in the hacking incident were DeFi and ERC-20 tokens. Since centralized exchanges can easily freeze crypto assets sent to their platforms, the hackers of KuCoin chose to launder the tokens using decentralized exchanges. The culprits sold more than $13 million of the cryptocurrencies on decentralized exchanges.

According to Lyu’s latest update, another $64 million worth of tokens has been recovered, hence bringing to the total amount of recovered funds to $204 million since October 1.

Although $204 million in crypto assets are said to be now out of control of the suspicious addresses, data provided by the Whale Alert showed that millions of dollars of the stolen funds were transferred through Uniswap, therefore making cryptocurrencies untouchable.

Following the hacking incident, KuCoin halted its crypto trading services. The CEO has today given an update saying that the crypto exchange is slowly re-opening deposit and withdrawal functions for certain digital assets affected. Lyu has further notified that customers can now withdraw and deposit more than 30 cryptocurrencies with more to follow, including Bitcoin, Ethereum, and USDT.

KuCoin Hit with Massive Hacking

KuCoin, the Singapore-based crypto exchange, suffered a major cyber hack on September 26, an incident that made the company losing about over $150 million. What appeared as a technical issue rapidly developed into something big. The criminals used a leaked private key to gain access to the exchange’s hot wallet, and consequently transferred hundreds of millions of dollars from the exchange’s wallet to an address unrelated to KuCoin.

Japanese Exchange Liquid Exchange Hacked, $80M Cryptocurrency Assets Transferred for Safety

Online cryptocurrency exchange Liquid Exchange was attacked by hackers today and transferred approximately $80 million worth of cryptocurrency.

The cyberattack confirmed by Liquid Exchange officially that Liquid Global warm wallets were compromised. The exchange revealed that the Liquid team is moving assets into the cold wallet.

Subject to this attack, Liquid has suspended withdrawals and deposits, and the exchange promised that they are currently investigating and will provide regular updates.

Japanese Liquid Exchange disclosed on its official Twitter the addresses of assets transferred by hackers, including BTC, ETH/EWT, TRX, and XRP.

Yet, Liquid Exchange officials did not disclose the specific amount stolen. Reportedly, more than 107 BTC, 9,000,000 TRX, 11,000,000 XRP, and nearly 60 million USD worth of ETH and ERC-20 tokens were stolen.

According to Coinmarketcap data, BTC was currently trading at $44,650.79. 107 BTC are estimated and valued at US$4,777,635 at the current price.

TRX tokens and XRP are now priced at $0.0833 and $1.13, respectively. 9,000,000 TRX is worth up to $749,700; The total value of 11,000,000 XRP is 12,430,000.

At present, the address that received the stolen funds has been blocked, including cryptocurrency exchange Kucoin.

Individual Crypto Hacks Done by Using Malware from Darknet: Chainalysis

Over the last few years, hackers have been actively stealing smaller amounts of cryptocurrency from individual users using malware available on the internet or darknet, Chainalysis reported.

For individual hacking users, hackers use malware strains available on the darknet mainly to take a “spray-and-pray” approach which allows them to spam millions of potential victims and steal smaller amounts. They do so by tricking individuals into downloading the malware.

“Many of these malware strains are available for purchase on the darknet, making it even easier for less sophisticated hackers to deploy them against victims,” the blockchain data platform said in its report.

In terms of cryptocurrency theft, the report added hackers’ attacks is mostly against organizations – namely hacks of cryptocurrency exchanges or ransomware attacks against critical infrastructure. However, hacks conducted by using malware to steal or extort cryptocurrency have been prevalent for many years.

Malware is any malicious software that can hijack a victim’s phone, usually without their knowledge and a related crime can be anything from stealing information to money or confidential data.

Info stealers, clippers, cryptojackers and trojans are among the most popular malware families used to steal cryptocurrency from individual victims and are easily available for purchase on cybercriminal forums, according to Chainalysis.

The large access to malware like Redline – an info stealer, allows even relatively low-skilled cybercriminals to use them to steal cryptocurrency.

Access to malware is also available on a monthly and lifetime basis. Per the report, Chainalysis said:

“Law enforcement and compliance teams must understand that the malware attacks they investigate aren’t necessarily carried out by the administrators of the malware family itself, but instead are often carried out by smaller groups renting access to the malware family, similar to ransomware affiliates,”

Following which malware operators are then found to have sent the majority of funds to addresses at centralized exchanges.

In an investigation conducted by Chainalysis, Cryptbot – an info stealer that takes victims’ cryptocurrency wallet and account credentials – was a prolific malware family within a sample of malware families in the info stealer and clipper categories. Cryptbot raked in almost half a million dollars in pilfered Bitcoin, the investigation reported.

While QuilClipper, a clipboard stealer or “clipper,” was another notable malware.

Hackers use clippers to insert new text into the “clipboard” that holds text a user has copied, usually with the intent to paste elsewhere.

According to Chainalysis, Clippers typically use this functionality to detect when a user has copied a cryptocurrency address to which they intend to send funds — the clipper malware effectively hijacks the transaction by then substituting an address controlled by the hacker for the one copied by the user, thereby tricking the user into sending cryptocurrency to the hacker.

While the HackBoss clipper stole over $80,000 worth of cryptocurrency throughout 2021, Chainalysis data showed.

Since 2012, HackBoss has taken over $560,000 from victims in assets like Bitcoin, Ethereum, Ripple, and more.

Cryptojackers is another notorious malware that obtains funds for hackers by utilizing the victim’s computing power to mine cryptocurrency. Monero, Zcash and Ethereum were among the top cryptocurrencies mined by hackers, Chainalysis reported.

Cryptojacking activities are considerably hard to trace since hackers move funds directly from the mempool to mining to unknown addresses, rather than from the victim’s wallet to a new wallet.

According to Chainalysis, Cisco’s cloud security division reported that cryptojacking malware affected 69% of its clients in 2020, which would translate to an incredible amount of stolen computer power and, therefore a significant amount of illicitly-mined cryptocurrency.

While in a 2018 report from Palo Alto Networks, an estimate of 5% of all Monero in circulation was mined by cryptojackers, which would equate to over $100 million in revenue.

Chainalysis said that a vast majority of malware operators or hackers receive initial victim payments at private wallet addresses, though a few use addresses hosted by larger services. Among that smaller group, most use addresses hosted by exchanges but mostly high-risk exchanges with low or no KYC (Know Your Customer) requirements.

Although data relating to hacks have been found, it is still challenging to investigate malware-based cryptocurrency theft partially due to the fact that a large number of less sophisticated cyber criminals rent access to these malware families.

“Studying how cybercriminals launder stolen cryptocurrency may be investigators’ best bet for finding those involved,” Chinalysis reported.