Search This Blog

Showing posts with label Crytocurrency. Show all posts

The sharp drop of the cryptocurrency provokes cyber fraudsters

According to cybersecurity experts, the fall in the cryptocurrency exchange rates may cause another increase in DDoS attacks. The fact is that the same tools are used for conducting attacks as for mining. It becomes more profitable for the owners of the tool to conduct DDoS attacks.

Cybersecurity experts said that the fall of bitcoin from the April historical high of $64.9 thousand to $31.4 thousand, which occurred recently, along with the collapse of other cryptocurrencies, can cause an increase in DDoS attacks.

The fact is that botnets, which are also used for mining cryptocurrency, are used to carry out DDoS attacks, explains Alexander Gutnikov, an analyst at Kaspersky DDoS Prevention. "Attackers usually redirect power to mining when cryptocurrency prices are high, as it is more profitable to use bot farms for this than for DDoS attacks," he said.

Accordingly, the power is reoriented to custom attacks when cryptocurrency prices are low.

According to the report of Kaspersky Lab on attacks for the first quarter of 2021, the exchange rate of cryptocurrencies, in particular bitcoin, declined, for example, in January, and at the same time, there was a surge in DDoS activity. In early March, there was another peak of DDoS attacks, before which there was again a decline in the bitcoin exchange rate.

"DDoS attacks are always activated, when the cryptocurrency exchange rate changes", confirms Alexander Lyamin, CEO of Qrator Labs. According to him, the reason is also that attackers can earn money on the difference in exchange rates, for example, to slow down operations by staging an attack. "Although payments for DDoS attacks are often made in cryptocurrency, their cost is usually set in dollars", says Ramil Khantimirov, CEO and co-founder of StormWall.

"DDoS attacks can be carried out on a specific blockchain to create problems in it and lower the value of coins", adds the technical director of the cryptocurrency exchange CEX.IO Dmitry Volkov. He said that in theory unscrupulous competitors can do this, but in practice such attacks are rare.

Lazarus E-Commerce Attackers Adapt Web Skimming for Stealing Cryptocurrency

 

Cybercriminals with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB. 

Group-IB's latest report builds on findings revealed in July 2020 by Dutch security firm Sansec, which reported that malicious infrastructure and, in many cases, the malware was being used for Magecart-style attack campaigns that had previously been attributed to the Lazarus Group. 

Lazarus - aka Hidden Cobra, Dark Seoul, Guardians of Peace, APT38, Bluenoroff, and a host of other names - refers to a group of hackers with apparent ties to the Pyongyang-based government officially known as the Democratic People's Republic of Korea, led by Kim Jong-Un.

Magecart-style attacks refer to using so-called digital card skimming or scraping tools - aka JavaScript sniffers - that they inject into victim organizations' e-commerce sites. Victims of such attacks have included jewelry and accessories retailer Claire's and Ticketmaster UK, among thousands of others. 

Researchers at Group-IB stated that after reviewing the attack campaign discovered by Sansec, it also found signs suggesting that attackers had been experimenting not just with stealing payment card data but also cryptocurrency.

Group-IB reports that it found the same infrastructure being used, together with a modified version of the same JavaScript sniffer - aka JS-sniffer - that Sansec described in its report. Group-IB has dubbed the cryptocurrency-targeting campaign Lazarus BTC Changer. 

The attackers appear to have stolen relatively little cryptocurrency via the sites' customers: just $9,000 worth of Ethereum and $8,400 worth of bitcoins, Group-IB reports. Group-IB says those stolen funds appeared to have been routed to bitcoin cryptocurrency wallets allegedly owned by CoinPayments.net, "a payment gateway that allows users to conduct transactions involving bitcoin, Ethereum, Litecoin, and other cryptocurrencies." 

Lazarus may have used the site to launder the stolen funds by moving them to other cryptocurrency exchanges or wallets. The cybersecurity firm notes that CoinPayment's "know your customer" policy could help identify the individuals who initiated the transactions. The service's user agreement stipulates that individuals attest that they are not operating in or on behalf of anyone in a prohibited jurisdiction, which includes North Korea.