Search This Blog

Showing posts with label cryptomining. Show all posts

Russian experts warned about the dangers of watching movies on pirate sites

 

It is noted that hackers use streaming platforms, TV series and movies to distribute advertising and malware. They can add them to files with the names of popular shows, or use well-known brands to conduct phishing attacks, said Dmitry Galov, a cybersecurity expert at Kaspersky Lab.

"Among the malware there are various Trojans that allow, for example, to delete or block data, or steal passwords from online banking, as well as spyware that can be used to access information on the device,” said Mr. Galov.

Pirate sites may also request a person's social media data, passport, or Bankcard details under the pretext of completing a trial period. As a result, hackers will gain access to personal data, can steal money, and in other cases, start blackmailing the user.

According to the expert, in this regard, users need to watch movies through legal services, as well as install an antivirus on all devices.

If users need to download programs to watch a video, such as Flash Player, then they should leave these sites immediately.

"Even pirated sites no longer require additional software to be installed on your computer, be it Java or Flash Player. In no case should any files, including application files, as well as files declared as videos or documents, be downloaded from such sites,” said Artem Gavrichenkov, Technical Director of Qrator Labs.

In addition, experts have recently warned about the dangers of visiting financial services, mailboxes and social networks, as well as making online purchases through public points with free Wi-Fi.

Hackers can intercept and analyze data in the current session using public Wi-Fi networks, and then use the information obtained. Experts do not advise users to register or log in to sites from free points, so as not to pass critical information about the user to scammers.

New China-Based Campaign Targets Windows MS-SQL and Phpmyadmin Servers Worldwide


A china based attack campaign has primarily targeted on servers having a place with the healthcare, telecommunications, media, and IT segments. The campaign named as Nansh0u is known to target Windows MS-SQL and PHPMyAdmin servers around the world.

Despite the fact that the campaign was detected towards the start of April, however the attacks were observed to go back to February 26. All through the campaign the threat actors used 20 unique payloads, and continued making at least one payload a week and utilized them right away.


More than 50,000 servers were reported to be breached in this campaign, when the targeted servers compromised they were infected with a rather pernicious payload, which thusly drops a crypto-miner that mines TurtleCoin and sophisticated kernel-mode rootkit.

The hackers behind this campaign utilize propelled systems pursued by APTS groups, like the 'fake certificates and privilege escalation exploits' so to state the Nansh0u campaign isn't only a crypto-miner attack.

The attack begins with a serious of login endeavors targeting MS-SQL servers in order to gain administrator privileges. Attacker’s infrastructure consolidates the following modules to dispatch an attack on MS-SQL servers.
  • Port scanner
  • MS-SQL brute-force tool
  • Remote Code Executor


And by analysing the 20 payload samples from the attacker’s servers and Guardicore Global Sensor Network, each payload is a wrapper and has several functionalities.

The reasons being why the researchers are quite confident in accessing that Chinese attackers have operated this campaign are:
  •  The attacker choosing to write their tools with EPL, a Chinese-based programming language.
  • Some of the file servers deployed for this campaign are HFSs in Chinese.
  • Many log files and binaries on the servers included Chinese strings, such as (“duplicates removed”) in logs containing breached machines, or (“start”) in the name of the script initiating port scans.

Crypto-jacking: A New Vector of the Cyber-Cons after Ransomware!




Apparently, according to the records of 2018, after getting bored with ransomware attacks, crypto-jacking has become the new tool of cyber-cons for harvesting crypto-currency.



Crypto-jacking by nature is more insidious and stealthy and hence in the past year has emerged as a better way of harvesting crypto-currency.

Initially, the best choice for doing the same was ransomware, but having surpassed it, Crypto-jacking is now cyber-cons’ favorite option.

2018, unlike any other year in the cyber-crime history saw a lot of cyber-attacks, wherein the crypto-jacking attacks constituted to be amongst the most.

The report of IBM strictly mentioned that the crypto-currency attacks hiked by quite a large number.

Whereas, ransomware attacks plummeted by 45% including both mobile and desktop platforms.

The major reason behind this shift of inclination towards crypto-jacking happens to be the less-disruptive and furtive disposition.

After a ransomware is introduced to the victim, the attack weapon goes waste after just one attack, leaving no chances for a recurrence.

Meanwhile, in the case of crypto-jacking, a recurrence is almost ensured, making it possible for more profits from a single weapon.

Somehow, crypto-jacking appears to be the more malicious of the two, which if ignored could lead to serious ramifications.

Reportedly, crypto-jacking could soon transform from currency mining to fabrication its own botnets to function spyware attacks.

Leaving the users with the only advice and option; to use the latest versions of anti-viruses and keep the systems updated.

Trezor Wallet: Not So Hack-Safe After All!









The hackers have found another way to penetrate the safety walls of the seemingly “quite safe” Trezor Wallet.


One of the inquisitive crypto-mining fans took to twitter, to shout out that the device which goes by the name of Trezor wallet has a vulnerability which lays bare  "un-password-protected" users.


This is not the first time such an attack has been possible on devices of the aforementioned kind and the researchers deem it as inevitable, given the poor fabrication of the devices.


At the Chaos Communication Congress, the theme was solidly elucidated and discussed upon, by specialists who talked about the hack-ability of crypt0-wallets.


The Congress spread across the different kinds of vulnerabilities, hardware, software and firmware could be affected by.


The gathered specialists expounded about recurring and systematic problems in wallets.


The team also worked upon creating a library of malicious attacks related with harvesting of funds from the hardware wallet.


The vulnerabilities these wallets possess, the ways to move around them and the available courses of action were discussed at the congress at length.


The team demonstrated how breaking the boot-loader protection and breaking web interfaces which are used to communicate with the wallets, is done.


Some physical attacks such as “Glitching”(an attempt at bypassing security of the micro-controllers of the wallet) were also a part of the CCC team’s drill.


The vulnerabilities uncovered by the team, have detailed implications which could only be solved via a firmware update or even a new hardware revision.


There is hope as to companies deliberating on the severity of the situation and that they will put forth some improvements.


With an extreme rise in the trend if hardware wallets, there has also been an extreme rise in the users, given these devices hoard a consequent number of crypto-currency.


There exist crypto-traders who work essentially and daily over and on these famous wallets.


Thousands and Millions of dollars’ worth crypto-currency is stored within the “walls” of these hardware wallets, rendering the reason behind all these attacks on them, apparent.


As to what the recently found attack did? It majorly concerned and focused upon breaking the interfaces that aid the communication with the wallet.

  
The Trezor wallet was attached to various devices which included a socket with an FPGA. Then supposedly a code was run to give the hackers access to the seed and pin.
But the hack would only go through if the wallet wasn’t password protected.


The engineer who is in charge of Trezor, Pavol Rusnak, took to twitter to let the public know that they weren’t previously privy to the situation.


But, now that they are, by the end of January a new firmware update will see its way through to the wallet.


He also cited that the issue is currently being investigated and that it soon is expected to be patched.