Featured Post

News Scan for Jun 29, 2020 | CIDRAP - CIDRAP

Image
News Scan for Jun 29, 2020 | CIDRAP - CIDRAPNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPViruses: Breaking new grounds in research | Results Pack | CORDIS | European Commission - Cordis NewsHelping Others Make Healthy Choices - Texas A&M Today - Texas A&M University Today"How Contagion Works" author Paolo Giordano on the environmental, social and political factors impacting coronavirus and future threats - Sydney Morning HeraldPandemic Outbreaks in the Past Decade: A Research Overview - ResearchAndMarkets.com - Business WireNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPPosted: 29 Jun 2020 12:00 AM PDT Ebola infects 4 more in DRC's Equateur province outbreakOfficials have reported 4 more confirmed cases in the Democratic Republic of the Congo (DRC) Equateur province Ebola outbreak, raising the total to 28, the World Health Organization (WHO) African regional office said today on Twitter.So far, no details on the latest cases in the DRC's 11th Ebola outbreak are no…

North Korea may be using malware to secretly mine ethereum, monero, or zcash - Quartz

North Korea may be using malware to secretly mine ethereum, monero, or zcash - Quartz


North Korea may be using malware to secretly mine ethereum, monero, or zcash - Quartz

Posted: 24 Oct 2017 12:00 AM PDT

North Korea has a cryptocurrency infatuation. Its government has been accused of unleashing a global ransomware attack to raise bitcoin, mining the cryptocurrency within its borders, and hacking South Korean bitcoin exchanges. Now, research firm Recorded Future says there's a strong chance Kim Jong-un's regime is experimenting with malware that secretly mines currency using other people's computers.

Malware crypto-mining is a new global trend among hackers, says a new report (pdf) from Recorded Future, which monitors discussions among "the criminal underground" on the so-called dark web. Starting this year, hackers seem to be shifting away from high-intensity, widespread ransomware attacks, towards "long-term, low velocity" crypto-mining in the background.

Recorded Future has not detected specific instances of North Korean malware mining, but believes that the regime has the knowhow, motive, and interest in cryptocurrencies to execute similar attacks. "North Korean threat actors have prior experience in assembling and managing botnets, bitcoin mining, and cryptocurrency theft, as well as in custom altering publicly available malware; three elements that would be key to effectively creating and managing a network of covert cryptocurrency miners," Recorded Future's report reads.

Recorded Future

Incidences of chatter about cryptocurrency mining among criminals on the dark web.

Recorded Future says hackers are shifting to malware mining because ransomware attacks became too egregious, attracting law enforcement's attention instead of generating the steady stream of income attackers had grown to expect since the method became fashionable in 2015. "Outrageous attacks on healthcare facilities and municipal transit systems culminated in the unprecedented WannaCry and NotPetya campaigns," according to Recorded Future's report. "Overnight, ransomware was recognized as an act of cyberterrorism."

With ransomware a hot potato, hackers turned to installing hidden crypto-miners on others' machines. This has turned out to be a relatively stable, low-fuss way of getting cash, according to Recorded Future. One hacker on a Russian-language forum expressed surprise at how easy it was to create a network of secret cryptominers: "I've used 'bots' already under my control to upload 110 miners before going to sleep. By the time I woke up 108 were still alive, which took me by surprise. I expected half would be dead by then."

The cryptocurrencies most popularly mined in secret are monero, and zcash, says Andrei Barysevich, an author of the Recorded Future report. These cryptocurrencies require less computational resources to mine profitably compared to something like bitcoin. However, one malware mining example obtained by the firm hijacked a computer's graphics card to mine ethereum.

There's no blanket way to detect a malware miner on your computer right now because the method is new, and the software keeps changing, Barysevich says. But a noticeable slowdown in a computer's performance could suggest that it it's surreptitiously churning out a cryptocurrency—possibly destined for a North Korean digital wallet.

The first-ever botwall could change the economics of hacking forever - Quartz

Posted: 21 Jan 2014 12:00 AM PST

For companies with data to protect, their primary problem is how cheap hacking can be.

While "hacking" encompasses a wide variety of activities, one company is specifically tackling the botnet problem: The ability to use a network of linked computers to overwhelm a website or break into user accounts.

A denial of service attack is probably the most well known kind of attack using botnets. But for $200, you can put 10,000 computers around the world to work on whatever nefarious purpose you prefer.

Shape Security is trying to put a stop to that with a new product, unveiled today, called Shape Shifter. It is a "botwall," a hardware device that companies plug into their servers to protect their data and users by automatically scrambling web application code when users try to access it.

"Today, it's extremely cheap for an attacker to bring down a website," says Shuman Ghosemajumder, the company's product lead. The idea is to make hacking a human endeavor again: If bots won't work, hackers will face more time and expense to do the dirty work themselves, or hire others to do it for them (Picture the gold farmers of World of Warcraft.)

Learning from hackers

"In the world of security, most people are trying to prevent something from happening…a lot of the engineering was, 'how do I detect a bot or malware and prevent it from landing?'" says Ted Schlein, a former Symantec executive turned cybersecurity investor at venture fund Kleiner Perkins Caufield Byers. But today, "there's really only two kinds of companies, those who have been breached and know it and those who have been breached and don't know it. You have to have a mental shift—'you know what, I give, they're there, I'm going to render them ineffective.'"

When you log into a site like an online bank or Facebook, you are connecting to a secure web application—a piece of code that runs on the web and handles the secure transfer of information such as a password. With an application installed on a phone or computer, hackers would need to reverse-engineer (i.e. figure out how it works from what it does) the code to learn how it works. But a web app's code is visible to anyone who looks so web browsers can run them. Hackers seeking to crack systems can look at that code and write scripts to exploit it—maybe they purchased some of the credit card info stolen from Target, for instance, and want to exploit the code at an online shopping site to make as many online purchases as fast as they can. Or perhaps, unbeknownst to you, some malware is tracking your keystrokes as you log into your bank account.

The challenge is allowing people in while keeping bots out. Current methods, including identifying IP addresses or limiting the number of times someone can log in, are easily surmountable. So Shape decided to learn from hackers, and adopt a different defense. Many kinds of malware rely on code that changes its appearance to avoid detection by anti-virus software, a tactic called "polymorphism."

Shape's flagship product replicates the polymorphism effect but for web applications, rewriting the code each time a page is reloaded. That means that bots have no frame of reference when searching for vulnerabilities to exploit—instead of seeing a variable name like "username" or "password," they see new names like "v6DbNQEs4z" each time the site is reloaded. The website looks the same to you and me, but the bots can't pick the lock if they can't find the keyhole.

The "mystery" start-up

Since the company was founded in 2012, it has raised $26 million in venture funding, including a round lead by Schlein, who joined the board, and Google Chairman Eric Schmidt. This, while the company's product was working in "stealth mode"—no one knew what Shape was developing or if an actual product was forthcoming.

Whenever you hear about a company raising lots of money with no product, it hardly sounds good—think Clinkle, the Stanford payments start-up that raised both $25 million and the level of dysfunction in Silicon Valley. When I first heard about Shape, I wasn't sure it was a real product.

But it's hard to argue with the staff the company assembled, among them CEO Derek Smith, who sold cyber security firm Oakley Technologies to Raytheon in 2007; Sumit Agarwal, Google's first product manager; Michael Coates, the former head of security for Mozilla; and Ghosemajumder, who helped develop the technology that prevents Google ad click fraud.

Into the field

Shape Shifter has been in trials with companies like StubHub, the online ticket re-seller, and Citigroup, whose head of security praised it for "turn[ing] the cost equation back around in the defender's favor."

With the company's product finally revealed, it will meet the most important test: Hackers seeking to break it. Perhaps more sophisticated scripts could circumvent the polymorphism: I asked Coates whether a bot could somehow link to user prompts for information to the scrambled code behind the scenes, and he said that was the first thing Shape expects hackers to try—and that the company "will be ready with the next six or seven moves."

If the botwall works as promised, Shape's executives and investors predict large demand: Virtually any company doing business online—banks, retailers, social networks, the government, you name it—will want to protect against swarming online hackers, who cost American businesses as much as $100 billion each year.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US