Stealthy Crypto-Mining malware evades detection

Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine.

In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it has an overall low risk rating, the damage potential scored in the medium range.

While the results might be lucrative, the process is actually quite resource-intensive, which is one reason malicious actors continue to find ways to exploit other machines using mining malware. These malware have been largely successful in avoiding detection, particularly when combined with obfuscation routines, according to Trend Micro.

Read entire article Stealthy Crypto-Mining malware evades detection | Kacy Zurkus | InfoSecurity

Advertisements

Is it worth worrying about bitcoin’s growing electricity use?

Truth be told, nobody knows exactly how much energy bitcoin mining consumes globally. Cryptocurrency miners are secretive about their trade, but everyone agrees the electricity use of crypto mining must be very large.

A new study published in Joule—the first on the subject to undergo the rigors of peer review—argues that, globally, bitcoin mining consumes at least as much electricity in a year as all of Ireland (about 24 TWh).

Worse still, it contends that the energy use is doubling every six months and could reach the annual consumption of the Czech Republic (about 67 TWh) before the end of 2018, which would be about 0.3% of the world’s electricity consumption.

Those are eye-popping figures. But is it really worth worrying about?

Read entire article Is it worth worrying about bitcoin’s growing electricity use? | Quartz

Google Bans Crypto-Mining Extensions

Google is taking a stand on illegal crypto-mining by banning Chrome browser extensions that support crypto-jacking.

Published on InfoSecurity | By Phi Muncaster

Extension platform product manager, James Wagner, claimed that there has been a rise in malicious extensions over the past few months — severely impacting users’ performance.

Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose, and the user is adequately informed about the mining behavior. Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store,” he explained.

Starting today, Chrome Web Store will no longer accept extensions that mine cryptocurrency. Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store.

There has been a significant spike in crypto-jacking in recent months, as cyber-criminals eschew ransomware in favor of nominally easier ways to make money.

Read entire article Google Bans Crypto-Mining Extensions | InfoSecurity

Google bans cryptocurrency advertising, and Bitcoin continues to drop

Bitcoin fell roughly 6% following news that Google, the world’s largest ad provider, is cracking down on cryptocurrency.

Posted on CNBC | By Kate Rooney

Tech giant Google announced an update Wednesday to its financial services policy that will restrict advertising for “cryptocurrencies and related content” starting in June.

Bitcoin fell 12% in late January after Facebook announced it would ban ads on “binary options, initial coin offerings and cryptocurrency.” The social media giant said it would prohibit ads for financial products and services “that are frequently associated with misleading or deceptive promotional practices.

A report of a CFTC subpoena on major cryptocurrency exchange Bitfinex and an SEC emergency asset freeze on an initial coin offering added to negative sentiment that day.

Some analysts say the bans could be a good thing for the industry over the long term, and blame price moves on continuing regulatory uncertainty.

Read entire article Bitcoin falls back below $9,000 after Google says it will ban cryptocurrency ads | CNBC

How the Rating of Bitcoin Compares to that of Fiat Currencies

This analysis dates from December 2017. In the light of the recent downfalls of the Bitcoin one would need to read this blog with this in mind.

Fiat money has no intrinsic value – it is not backed up by the equal value of a commodity, but is made legal tender due to government decree. Bitcoin is a virtual cryptocurrency and worldwide payment system.

Bitcoin is a virtual cryptocurrency and worldwide payment system. It is the first decentralized digital currency – the system works without a central repository or single administrator – and has been introduced in 2009. Bitcon has been recently rated for the first time, receiving a very high, five-star Resistance to Shocks (RtS) Rating. But how does that compare to the RtS ratings of the major fiat currencies such as the British Pound, the Yen and the Euro? Let us see what happened over the past four years. All currencies are priced with respect to the US Dollar.

Bitcoin

Yen

Pound

Euro

As may be observed, the Bitcoin has a significantly less rugged, more stable and high rating than the other currencies. At the time of writing (December 10-th, 2017), the RtS ratings are as follows:

Bitcoin – 99.3% (five stars)

Pound – 78.8% (three stars)

Yen – 87.7% (four stars)

Euro – 87.4% (four stars)

The RtS rating of the pound is the result of the recent Brexit negotiations. In terms of RtS rating distribution, the following plots indicate how of the three fiat currencies the Yen has the highest most likely value of approximately 94% (four stars), while the Pound and Euro rating is around 89% and 87% (three star) respectively. The most likely RtS rating of the Bitcoin is 99% (five stars). The plots illustrating the distributions are shown below

Bitcoin

Yen

Pound

Euro

It is important to keep in mind that RtS ratings do not reflect the value of a particular currency – they merely convey the degree of chaoticity, or disorder, in the dynamics of its price variation.

Rating the Bitcoin – When new technologies meet

Bitcoin is a cryptocurrency and worldwide payment system. It is the first decentralized digital currency – the system works without a central repository or single administrator – and has been introduced in 2009. Unlike fiat money, Bitcoin is unique because it is de-centralized and, more importantly, not under the control of bankers or financial regulators. An argument often used by Bitcoin supporters calling the currency insulated to any kind of manipulation.
New Bitcoins are generated by a competitive and decentralized process called “mining”. This process involves that individuals are rewarded by the network for their services. Bitcoin miners process transactions and secure the network using specialized hardware and are collecting new bitcoins in exchange. Basically it is a high-tech exercise which means you need sufficient computational firepower.
Bitcoins, just like traditional currencies, are traded. Recently the value of Bitcoin has been increasing very rapidly and there is much excitement in the markets. There is also talk of a potential Bitcoin bubble. Recently, Bitcoin futures have been approved. Unlike futures exchanges for the regular markets, there are more than one settlement places for the Bitcoin futures. This brings some additional complexity to a crypto currency which is already complex itself.
Unlike fiat money, Bitcoin is unique because it is de-centralized and, more importantly, not under the control of bankers or financial regulators.
Given this (growing) complexity, and the emergence of new crypto-currencies, such as Ethereum, Ripple, Litecoin, or Monero, it is interesting to measure the complexity of the Bitcoin, as well as its rating. Obviously, we’re speaking of a Resistance to Shocks rating. Over the past few years, the price of Bitcoins has been increasing, notwithstanding de-stabilizing events such as the Ukraine crisis, the Brexit, the US elections, the Korean crisis, as well as scandals, tsunamis, or the fall of oil prices.
The price of the Bitcoin over the past 8 years is indicated in the plot below. It clearly shows a phenomenal acceleration over the past year.

The complexity of the dynamics of Bitcoin’s price (of Bitcoin, in other words) is shown in the next plot. Here we note something interesting: when complexity increases, the price goes down (this starts in 2013). When, complexity decreases, the price goes up again. This is clearly visible after 2015. At present, as Bitcoin is skyrocketing, its complexity is dipping.

The Resistance to Shocks Rating of Bitcoin is depicted in the last chart, below. The rating has a very high value most of the time, close to nearly 100%, which corresponds to a five-star rating. The minimum value of 80% – four-star rating – has been attained in 2016, however, it has risen rapidly to 90% and more. For the moment, things look pretty solid.

Given that, unlike corporations, currencies (and crypto currencies) react quickly, the RtS rating of Bitcoin is issued on a daily basis. The goal is to capture the dynamics of the rapidly changing economy. This is why the above plot is continuous.
The above analysis is unique. Bitcoin is a high-tech crypto currency. RtS ratings are provided by an equally high-tech rating robot. While conventional currencies can be manipulated, not to mention simply printed, Credit Rating Agencies are known for opaque rating practices not to mention conflict of interest. What this short article illustrates is how leading edge technologies can join forces in a context devoid of regulators, administrators, bankers and, most importantly, where manipulations take place on a daily basis.

Jacek Marczyk

Author of nine books on uncertainty and Complexity Management, Jacek has developed in 2003 the Quantitative Complexity Theory (QCT), a new complexity-based theory of risk and rating. In 2005 he founded Ontonix, a company delivering complexity-based early-warning solutions with particular emphasis on systemic aspects and turbulent economic regimes. Read more publications by Jacek

Hacker BestBuy hijacks 900,000 Deutsche Telekom routers

The hacker BestBuy pleaded guilty in court on Friday to hijacking more than 900,000 routers from the network of Deutsche Telekom.

The notorious hacker BestBuy, also known as Popopret, pleaded guilty in court on Friday to hijacking more than 900,000 routers from the network of Deutsche Telekom. The 29-year-old man, whom name wasn’t revealed by authorities, used a custom version of the Mirai IoT malware.

BestBuy was also known as the author of the GovRAT malware, he offered the source code of the RAT, including a code-signing digital certificate, for nearly 4.5 Bitcoin on the TheRealDeal black market.

German authorities referenced the man as Spiderman which is the name he used to register the domain names that the hacker used as C&C for his botnet.

BestBuy targeted the routers in late November 2016 with the intent to recruit them in its botnet that was offered as a DDoS for hire service, but accidentally the malicious code variant he used triggered a DDoS condition in the infected devices.

deutsche-telekom-router-issue
According to the German website FutureZone.de, Deutsche Telekom estimated that the losses caused by the cyber attack were more than two million euros.

“The hacker admitted in court that he never intended for the routers to cease functioning. He only wanted to silently control them so he can use them as pawns in a DDoS botnet. ” wrote Bleepingcomputer.com.

Early December 2016, the man used another flawed version of Mirai that caused the same widespread problem in UK where more than 100,000 routers went offline. The routers belonged to Kcom, TalkTalk, a UK Postal Office, TalkTalk ISPs.

BestBuy’s sentencing hearing is scheduled July 28, the man faces up to ten years in the jail.

Source: Security Affairs

Read entire post grey  Related Training grey

Global ransomware attack causes turmoil… again!

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence. The virus, the source of which is not yet known, freezes the user’s computer until an untraceable ransom is paid in the digital Bitcoin currency.

Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues.

YOU WILL ALSO ENJOY: Can a single malware take down an entire city’s power grid?

Interpol involvement

In a statement, the US National Security Council said government agencies were investigating the attack and that the US was “determined to hold those responsible accountable”.

The Russian anti-virus firm Kaspersky Lab said its analysis showed that there had been about 2,000 attacks – most in Ukraine, Russia and Poland. The international police organisation Interpol has said it was “closely monitoring” the situation and liaising with its member countries.

Experts suggest the malware is taking advantage of the same weaknesses used by the WannaCry attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward. “The ransomware was called Petya and the updated version Petrwrap.”

Problems have also affected:

  • the Ukrainian central bank, the aircraft manufacturer Antonov, and two postal services
  • Russia’s biggest oil producer, Rosneft
  • Danish shipping company Maersk, including its container shipping, oil, gas and drilling operations. A port in Mumbai is among those that has halted operations
  • a Pennsylvania hospital operator, Heritage Valley Health System, which reported its computer network was down, causing operations to be delayed – but it is not yet clear if it was subject to the same type of attack
  • Spanish food giant Mondelez – whose brands include Oreo and Toblerone – according to the country’s media. A Cadbury factory in Tasmania, Australia is affected
  • Netherlands-based shipping company TNT, which said some of its systems needed “remediation”
  • French construction materials company St Gobain
  • US pharmaceuticals-maker Merck
  • The local offices of the law firm DLA Piper – a sign in the firm’s Washington DC office said: “Please remove all laptops from docking stations and keep turned off – no exceptions.”

Ukraine seems to have been particularly badly hit this time round.

Screenshot

Reports suggest that the Kiev metro system has stopped accepting payment cards while several chains of petrol stations have suspended operations.

Ukraine’s deputy prime minister has tweeted a picture appearing to show government systems have been affected.

His caption reads: “Ta-daaa! Network is down at the Cabinet of Minister’s secretariat.”

Source: BBC

Read entire post grey  Related Training grey

Business nightmare scenarios detailed a week since #WannaCry

Speaking on the theme ‘The threats that should be keeping you awake at night’ at the FourSys SecureTour in London, independent computer security researcher Graham Cluley described the three main areas of concern for businesses in 2017.

Claiming that it is not about giving the audience nightmares, and not about nation-state hackers who “target private firms”, Cluley said that the three main problems were: ransomware, insider threat and business email compromise.

Focusing on last weekend’s WannaCry ransomware outbreak, Cluley said that this was ransomware “on a scale never seen before”, and “it hit so hard it took some hours before people came up with a logo!”

He added: “WannaCry did traditional things with Bitcoin, so what made it so different? It was not traditional ransomware; it was distributed by a worm-like feature and exploited a component in Microsoft Windows vulnerability and exploited the SMB protocol to spread very rapidly indeed.”

He went on to claim that ransomware has “truly been a threat over last few years” highlighting other instances of the NHS being hit, as well the San Francisco rapid transport being shut down, and it is also hitting mobile devices.

RELATED: Global cyber-attack: Security blogger halts ransomware ‘by accident’

In the other cases, Cluley said that in the case of business email compromise, where an attacker poses as a CFO and typically targets a junior member of staff but instead of sending malware, they just send an email to try to trick a person into sending money.

“People do this and as soon as they click on the send button, it is too late”, he said. Highlighting cases affecting major companies, Cluley said that this is effectively good social engineering.

Source: Info Security

Read entire post grey  Related Training grey

Pirates stole the new ‘Pirates of the Caribbean’ movie and are holding it for ransom

Have real-life pirates taken aim at Disney’s pirates?

Walt Disney CEO Bob Iger revealed Monday that hackers claiming to have access to a Disney movie threatened to release it unless the studio paid a ransom. Iger didn’t disclose the name of the film, but said Disney is refusing to pay. The studio is working with federal investigators.

The hackers demanded Disney pay a huge sum of money, provided in Bitcoin. The hackers threatened to release parts of the film online in increments—first five minutes at a time, then 20-minutes chunks—until the full film is published or their monetary demands are met.

The exec says the thieves demanded a ransom, which the company is refusing to pay.

Deadline reported the stolen film is Pirates of the Caribbean: Dead Men Tell No Tales, the fifth installment in the franchise fronted by Johnny Depp. The film is slated to open May 26. The other prominent film set for release from Disney in the near future include Cars 3, which is due to hit theaters June 16.

Rumors circulated online last week that a work print of Star Wars: The Last Jedi had been pirated and was being held for ransom, but days later online chatter tipped that rumor as a hoax. The studio had no comment.

While movie piracy has long been a scourge, ransoms appear to be a new twist.

The ransom demand of Disney comes only weeks after a hacker uploaded 10 episodes of the upcoming season of Orange Is the New Black to The Pirate Bay after Netflix refused to pay an undisclosed amount. The episodes were posted on Pirate Bay six weeks ahead of the series’ official June 9 launch.

Source: The Hollywood Reporter

Read entire post grey  Related Training grey