Tag: kaspersky

PowerGhost: The Mining Malware to Watch in 2020

Exclusive Interview with Yeo Siang Tiong, Kaspersky: Part 3 (Links: Part 1 and 2)

In Part 3 of the interview, Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky shared with us the state of cryptocurrency mining malware and he believed we should watch out for Powerghost in 2020! Yeo also explained the cybersecurity solutions of Kaspersky on quantum computing. 

From your observation, which minable cryptocurrency is more vulnerable to attacks from mining malware?

It is not a case of which minable cryptocurrency is more vulnerable to mining malware threats but more of how businesses can safeguard their crypto exchanges and their investors. Especially so for crypto exchanges, they are becoming more attractive for hackers because it is more profitable and less risky to attack them as compared to your traditional financial institutions.

Within the first six months of 2019, the industry has seen seven hacks, the same number of hacking attacks in the whole of 2018.  It is relatively easy to hack a crypto-exchange these days. Hackers can now obtain a large number of user API keys and 2FA codes through a variety of techniques such as phishing, viruses and other attacks.

At the same time, there are also issues with vulnerabilities that can be found inside crypto wallets. For example, a crypto investor discovered a vulnerability where the textbox into which you enter your passphrase in, was implemented via a Chromium browser component. Once you type or paste anything in that textbox it immediately and discreetly sends it to googleapis.com for a spelling check.

As a result, someone had access to the HTTPS requests and used a passphrase to steal $70K worth of the investor’s crypto assets.

In all, a lack of good cyber hygiene practices among end-users/crypto-businesses, as well as the poor coding of programmes on the blockchain have led to a situation where we are continuing to see the crypto-economy suffer from cyberattacks. Hence, this outlines the need for us to be more proactive when it comes to cybersecurity for the crypto-economy. We need to be more vigilant and also implement the right security protocols which will enhance our cyber-resilience.

Which mining malware are the ones to watch in Q4 2019 and 2020?

Initially, there was a rise in the number of miner-related attacks at the beginning of 2018. However, given that the crypto-economy is undergoing bear market pressure, infection activity has noticeably declined. Nonetheless, the crypto miner threat remains highly current as cyber-criminals continue to find new and sophisticated ways to infect our computers with mining malware.

For example, PowerGhost, a new fileless crypto-miner caught our eye last July with its ability to stealthily establish itself in the system and spread inside large corporate networks, infecting workstations and servers alike. This was done by employing multiple fileless techniques which allow the miner to avoid storing its body directly onto a disk, which increases the complexity of its detection and remediation. The main victims of the attack included corporate users in Brazil, Colombia, India and Turkey.

From our findings, miners gain access to victims’ computers when they download unlicensed content or install pirated software. Hence, the impact of such attacks is more profound in countries with lower levels of overall digital literacy among users, as well as having a poor intellectual property framework. This also suggests that regardless of the form of mining malware that is being distributed in cyberspace, it is important for us to practice good cyber hygiene by avoiding unverified downloads as well as clicking on emails of dubious origin.

What are the solutions for Kaspersky Labs for quantum computing?

The direction of quantum encryption practice isn’t to find ‘one quantum-safe algorithm to rule them all,’ though. As the history of cryptography has shown us that old methods become useless as researchers become smarter. The algorithms being put forward by mathematicians, cybersecurity researchers and quantum computing scientists as quantum-safe standards may, one day, be proven to be not so quantum-safe after all.

However, the uncertainty about the future safety of these new algorithms doesn’t remove the need to make our security standards tighter now based on our knowledge that quantum computing will pose a huge threat to current systems. As emerging technologies reach the market, there is a need to make standards stronger to enable innovators to make the most of these incredible new inventions, as opposed to feeling threatened and missing out on their potential to improve the state of the world.

The cybersecurity industry must be comfortable questioning its confidence in existing methods. It must ensure the traditional, sometimes slow-moving institutions in charge of standards and regulations move more quickly. The industry cannot fall into the trap of assuming quantum computing is still too far away to be a threat to ‘business as usual.’

Cybersecurity Firm Kaspersky Warns of New Ransomware Devised by Notorious North Korean Ransomware Group

Multinational cybersecurity provider Kaspersky has announced that the notorious North Korean crypto criminal group, Lazarus, is planning on releasing a new ransomware. 

Kaspersky Investigates 

The new threat, dubbed VHD, is designated to target internal networks of companies in the economic sector. In regards to why the ransomware group often resorted to working in solo ops, Kaspersky researchers presented their hypothesis:

“We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Phishing For Crypto And Sensitive Data 

The infamous North Korean ransomware group Lazarus have been reported to have multiple tricks up their sleeves. In fact, according to cybersecurity Cyfirma,  Lazarus is preparing a huge phishing campaign, that is meant to target at least 6 nations and over 5 million businesses and individual investors.  

The report of the devious scheme was released in June. For the time being, there are no signs of the phishing campaign unfolding yet, as it appears that the North Korean ransomware group have not yet deployed the mass phishing campaign.

However, as the hacking group have kept their digital heists alive in 2020, Cyfirma thought it best to warn major companies for prevention purposes.  

Lazarus’ Notoriety Precedes Them 

In the past, the North Korean ransomware group, operating under “Lazarus,” have made quite an impression on cybersecurity firms, having accumulated over $571 million in stolen cryptocurrencies since 2017. Lazarus group is notorious for hitting up cryptocurrency exchanges and have kept up their act of ransoming victims for cryptocurrencies, amid the coronavirus pandemic. 

2019 Digital Heist 

Last year, as reported by Chainalysis, Lazarus pulled off a digital heist that amounted to $7 million in various cryptocurrencies.  

The ransomware group hit up DragonEx crypto exchange, a Singapore-based money exchange. In order to pull off their crypto scam, Lazarus created a fake trading bot website that was offered to employees of the DragonEx exchange.

The North Korean criminal organization used a sophisticated phishing attack, where a real website and social media pertaining to it were linked to a fake company called “WFC Proof.” The non-existent company was said to have created Worldbit-bot, a trading robot, that was then offered to DragonEx employees.

Finally, the malicious software was installed on a computer that contained the private key of the DragonEx hot wallet, which enabled the North Korean-based group to steal cryptocurrencies from the Singapore exchange.

Lazarus Group: Anonymous or Not?

Lazarus’ malicious cyberattacks date all the way back to 2017. Though cybersecurity has not managed to completely arrest and stop the hacking group, identities associated with the North Korean hacking ring have been uncovered.  

Earlier this year, two Chinese citizens by the name of Tian YinYin and Li Jiadong were identified by the US treasury for their connection with Lazarus group. They were sanctioned in March by US authorities for their alleged involvement in laundering stolen cryptocurrencies from a 2018 cyberattack against a cryptocurrency exchange. 

While blockchain is still promoted as being cryptographically secured and the underlying technology for cryptocurrencies, exchanges that hold them are still prone to cyber-attacks, just as traditional markets are not immune to heists and money laundering schemes.  

Korea: Training Military or Cybercriminals?

Preventing financial theft has been an ongoing issue for the longest of times.

With a series of money-related attacks leading to a subsequent UN investigation last year, there is an ongoing hypothetical circulating around the law enforcement industry that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in coordinating cyberattacks, as they have reportedly been training cybercriminals to target and launder stolen funds from financial institutions.

Cryptocurrency Phishing Attacks Surge in 2022

When it comes to cryptocurrency-related cyberattacks, bad actors have seemingly reduced the use of traditional financial threats like desktop and mobile banking malware, shifting their focus to phishing. Russian cybersecurity and anti-virus provider Kaspersky has revealed that cryptocurrency phishing attacks witnessed a 40% year-on-year increase in 2022. The company detected 5,040,520 crypto phishing attacks in the year, compared with 3,596,437 in 2021. This represents a significant increase in the number of phishing attacks targeting crypto investors.

A typical phishing attack involves reaching out to investors through fake websites and communication channels that mimic official companies. Users are then prompted to share personal information such as private keys, which ultimately provides attackers unwarranted access to crypto wallets and assets. This is a serious threat, as once attackers have access to a user’s private keys, they can gain control over their cryptocurrency holdings and potentially steal their assets.

While Kaspersky could not predict if the trend would increase in 2023, phishing attacks continue to gain momentum in 2023. Most recently, in March, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site. This highlights the need for users to exercise caution and be vigilant in their interactions with cryptocurrency platforms.

In a survey conducted by Kaspersky in 2022, one out of seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, attackers continue to evolve their strategies. According to Kaspersky, “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Even established cryptocurrency platforms and their investors are not immune to phishing attacks. Arbitrum investors were recently exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link. This highlights the importance of securing communication channels and taking measures to ensure that official channels are not compromised.

To protect themselves from phishing attacks, cryptocurrency investors should be wary of unsolicited communications and only interact with official channels. They should also avoid sharing their private keys or recovery phrases with anyone, even if they appear to be legitimate sources. Finally, it’s essential to use two-factor authentication and keep their software and anti-virus systems updated to ensure maximum protection against phishing attacks.

In conclusion, phishing attacks targeting cryptocurrency investors are increasing in frequency, and scammers are continually evolving their techniques to steal investors’ assets. It’s crucial for investors to remain vigilant and exercise caution in their interactions with cryptocurrency platforms to avoid falling victim to these scams. By taking the necessary precautions, investors can help safeguard their cryptocurrency holdings and prevent losses due to phishing attacks.

Cryptocurrency Phishing Attacks Rise by 40% Year-on-Year in 2022

Cryptocurrency-related cyberattacks have seen bad actors shift their focus from traditional financial threats to phishing. Kaspersky has revealed a 40% year-on-year increase in cryptocurrency phishing attacks in 2022, with 5,040,520 attacks detected compared to 3,596,437 in 2021. Phishing attacks involve reaching out to investors through fake websites and communication channels that mimic official companies, and prompting users to share personal information such as private keys, which ultimately provides attackers unwarranted access to crypto wallets and assets.

While Kaspersky could not predict if the trend of cryptocurrency phishing attacks would increase in 2023, phishing attacks continue to gain momentum in 2023. In a survey conducted by Kaspersky, one out of seven respondents admitted to being affected by cryptocurrency phishing.

Phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, but attackers continue to evolve their strategies. Kaspersky has noted that “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Recently, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site. This highlights the importance of being vigilant and taking necessary precautions to protect one’s crypto assets.

In a recent incident, Arbitrum investors were exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link. This shows that attackers are constantly finding new ways to trick investors into sharing their personal information, and highlights the need for increased security measures to protect against cryptocurrency phishing attacks.

In conclusion, cryptocurrency phishing attacks continue to rise, with attackers evolving their strategies to lure unwary crypto investors. It is crucial for investors to be vigilant and take necessary precautions, such as avoiding clicking on suspicious links, verifying the authenticity of websites and communication channels, and using hardware wallets to store their crypto assets. Additionally, companies must prioritize security measures and educate their users to help prevent and mitigate the effects of cryptocurrency phishing attacks.

New MacOS Malware Hijacks Crypto Wallets Via Pirated Apps

Kaspersky Labs has uncovered a sophisticated malware campaign targeting MacOS users who download pirated apps. The malware specifically targets newer operating systems, macOS versions 13.6 and above, and is crafted to infiltrate users’ computers through compromised software installers. Once inside, it replaces legitimate Bitcoin and Exodus crypto wallets with infected versions​​​​​​.

The mode of infection involves compromised disk images containing an “activator” and the desired application. The malware lies dormant until the user runs the activator, which requires entering the user’s password. This sneaky tactic ensures that users unwittingly activate the compromised application. The malware then executes a Python script, which runs continuously, attempting to download further stages of infection. This script has dual functions: executing arbitrary commands from a server and checking for the presence of cryptocurrency wallet applications, which it then replaces with malicious versions​​.

The ingenuity of this malware lies in its simplicity and effectiveness. By manipulating executable files of legitimate applications to make them non-functional until the activator is run, hackers ensure that users are tricked into installing the malware. Once activated, the malware can execute any script with administrator privileges, including replacing Exodus and Bitcoin crypto wallet applications with versions that steal secret recovery phrases​​​​.

To protect against this evolving threat, Kaspersky researchers emphasize the importance of downloading apps only from official stores like the Apple App Store. They also recommend installing a trusted security solution, updating the operating system and apps regularly, and using strong, unique passwords for different accounts. Additionally, it is crucial to secure your seed phrase when setting up hardware wallets​​.

This malware campaign is a stark reminder of the risks associated with downloading pirated applications. It highlights the continuous innovation by hackers in developing tactics to compromise cryptocurrency users. Users are advised to exercise caution and implement robust security measures to protect their digital assets.

Exit mobile version