Select Page
Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

A top Russian-language underground forum has been running a “contest” for the past month, calling on its community to submit “unorthodox” ways to conduct cryptocurrency attacks.

The forum’s administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens (NFTs).

The contest, which is likely to continue till September 1, will see a total prize money of $115,000 awarded to the best research.

“So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and demonstrating a custom tool that parses logs for cryptocurrency artifacts from victim machines,” said Michael DeBolt, Intel 471’s Senior Vice President of Global Intelligence, in an email interview with The Hacker News.

Other entries looked at manipulating APIs from popular cryptocurrency-related services or decentralized-file technology to obtain private keys to cryptocurrency wallets as well as creating a phishing website that allowed criminals to harvest keys to cryptocurrency wallets and their seed phrases.

images from Hacker News

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.

Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea Internet and Security Agency (KISA), Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency (IAEA) Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities.

The development is only the latest in a series of surveillance efforts aimed at South Korea. Believed to be operating on behalf of the North Korean regime, Kimsuky (aka Velvet Chollima, Black Banshee, and Thallium) has a track record of singling out South Korean entities while expanding their victimology to the U.S., Russia, and various nations in Europe.

Last November, the adversary was linked to a new modular spyware suite called “KGH_SPY,” which allows it to carry out reconnaissance of target networks, log keystrokes, and steal confidential information, as well as a stealthy malware under the name “CSPY Downloader” that’s designed to thwart analysis and download additional payloads.

 

images from Hacker News

The Incident Response Plan – Preparing for a Rainy Day

The Incident Response Plan – Preparing for a Rainy Day

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.

Just as it wasn’t raining when Noah built the ark, companies must face the fact that they need to prepare – and educate the organization on – a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens.

With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.

Recently, cybersecurity company Cynet provided an Incident Response plan Word template to help companies plan for this unfortunate occurrence.

images from Hacker News

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed.

Wordfence’s threat intelligence team, which discovered the flaw, said it reported the issue to the plugin’s developer on May 31. While the flaw has been acknowledged, it’s yet to be addressed.

Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products.

“Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed,” Wordfence said in a write-up published on Tuesday.

 

images from Hacker News

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

Days after MicrosoftSecureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign.

The court-authorized domain seizure took place on May 28, the DoJ said, adding the action was aimed at disrupting the threat actors’ follow-on exploitation of victims as well as block their ability to compromise new systems.

The department, however, cautioned that the adversary might have deployed additional backdoor accesses in the interim period between when the initial compromises occurred, and the seizures took place last week.

“[The] action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division.

“Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

images from Hacker News

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.

The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka “Cut-and-Mouse”) and disabling their real-time protection by simulating mouse “click” events (aka “Ghost Control”).

“Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals,” said Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. “But they are competing with criminals which now have more and more resources, power, and dedication.”

Put differently, shortcomings in malware mitigation software could not just permit unauthorized code to turn off their protection features, design flaws in Protected Folders solution provided by antivirus vendors could be abused by, say, ransomware to change the contents of files using an app that’s provisioned write access to the folder and encrypt user data, or a wipeware to irrevocably destroy personal files of victims.

Protected Folders allow users to specify folders that require an additional layer of protection against destructive software, thereby potentially blocking any unsafe access to the protected folders.

images from Hacker News