Colleagues,
the recent Coinrail
loss of some $40m is just the latest in a steady stream of cybercrime attacks
against cryptocurrency exchanges. Coincheck lost an approximately $400m earlier
this year, last November saw Tether claim it lose $31 million following an
attack. Mt.
Gox hacking in 2014 is the mother of all crypto attacks. In total the
exchange lost around 744,408 BTC. That was worth around $350m in 2014. While Coinrail is by no means a tier 1
exchange this cyber heist raises serious questions about the security of
cryptocurrencies in general, and second the exchanges on which they are traded.
There is no silver bullet mitigation strategy, however, the Cryptocurrency
Academy would a couple of best practices for minimizing the risk to your crypto
investments: Currencies, exchanges and wallets. First, the top-tier currencies
such as BTC, Ethereum, Ripple, Litecoin, etc. generally have more security
on-board. Second, the larger and more established exchanges are likely to be
built on more secure platforms with cyber security professionals on staff. And
third, although opinions surely vary, hardware wallet such as the
industry-leading Nano Ledger S are
believed to offer more security … especially when compared to cloud-based
wallets. Send us a comment and subscribe today! Lawrence, Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com)
Our mission is to provide world-class cybersecurity Training and Certification programs to individuals and businesses globally.
Monday, June 11, 2018
Friday, June 8, 2018
How to mitigate the increased threat of cryptocurrency theft?
Colleagues,
currency theft is nothing new. However, with the meteoric rise in
cryptocurrency trading in the past 2-3 years the opportunity for cyber thieves
and risk to investor has never been greater. Cloud security firm Carbon Black has issued a new threat
report entitled “Cryptocurrency
Gold Rush on the Dark Web“ in which it claims some $1.1b USD in
cryptocurrencies have been illicitly stolen so far this calendar year. Moreover,
Japanese
cryptocurrency exchange Coincheck had
$600m in XEM stolen by
hackers in January 2018. A number which is likely to grow
dramatically over time. The malware needed to commit cryptocurrency theft can be
obtained for a mere $224. Two key questions emerge: First, which components of
the cryptocurrency ecosystem are vulnerable to attack – mining, wallets, exchanges,
etc? And second, which mitigation strategies can the ecosystem in general and
investors in particular, take to reduce risk? For the moment, concrete answers
to these question appear illusive. Nonetheless, the Cryptocurrency Academy will
pursue these issues and keep you informed. Please share a comment and
subscribe today! Lawrence, Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com)
Wednesday, May 30, 2018
How will cyber criminals exploit the RCE vulnerability in EOS Blockchain using Smart Contracts?
Colleagues,
Chinese researchers at Qihoo 360
have discovered an RCE (remote
code execution) vulnerability in Blockchain EOS when
using smart contracts. This bug potentially
allows hackers to take complete control over node servers. Commonly referred to as Blockchain 3.0, EOS
is an open source platform smart contracts. The RCE flaw is considered by some
to be a 51% attack.
Bottom line question: How vulnerable are node servers on a Blockchain to the
RCE bug? Specific mitigation methods are rather illusive. However, CSD
recommends your review of “Bug
Characteristics in Blockchain Systems: A Large Scale Empirical Study”
published by the Singapore
Management University. Share your
mitigation recommendations and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Tuesday, May 29, 2018
How Secure is AWS Authentication when using Google’s identity service for user identification?
Colleagues,
Amazon Cognito can provide
authentication, authorization, and user management for AWS users of mobile
apps. This process involves a better
understanding of federated authentication mechanism, a simplified credential
management for teams who already have Google
accounts, Customize authentication mechanisms at very low maintenance costs
while serving as a good alternative to deploying and configuring our own IDP
service Codecentric
recommends a three step process: First, build a simple web service using AWS API Gateway and AWS Lambda. Second,
use AWS IAM is the AWS service for access control. And third, employ using the AWS
Secure Token Service together with Google Sign-In. Given the
significant growth of both Amazon AWS customers who also use Google’s identity
service the critical question is just how secure is this process? Without doubt
both vendors systems are highly secure, however we are less certain about the
security and viability of using the two disparate system in tandem.
Share a comment and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Thursday, May 24, 2018
VPNFilter Router Malware Attack – Is Russia Up to its Common Tactics?
Colleagues,
the US FBI and DHS along with the UK’s National Cyber
Security Center jointly warned that hackers working on behalf of the Russian
government are compromising
large numbers of routers, switches, and other network devices .
Code-named VPNFilter, this malware
has primarily targeted some 500,000 consumer and small business router
worldwide … yet with a geographic focus on the Ukraine. Sound suspicious? It
contains the RC4 encryption
cipher BlackEnergy.
BlackEnergy has been used
in a variety of attacks tied to the Russian government. The type of devices
targeted by this actor are difficult to defend. Most of the impacted routers
are on the perimeter of the network with no IPS and commonly without do not
have an AV package. Read the Cisco Talos
security report by clicking here. So who is behind VPNFilter? CSD supports the
Russian origin theory. What about you? Share a comment and subscribe today!
Lawrence, Cyber Security
Defender (https://cybersecuritydefender.blogspot.com)
Wednesday, May 23, 2018
How Serious is the ZipperDown iOS App Programming Vulnerability?
Colleagues,
China-based jailbreaker Pangu Labs has identified a vulnerability which they project impacts some 9.5%
of the 168k Apple iOS apps may have. The root cause appears to be an app programming error that can lead
to code execution and data overwritten in the affected apps." Some
of the more noteworthy iOS apps impacted include but not limited to QQ Music, MOMO, Weibo, Kwai and NetEase
Music. The ZipperDown web site provides a good FAQ yet is short on mitigation
details. Bottom line: How far reaching are the consequences of ZipperDown? And is there a comparable bug in Android apps?
Details to follow. For now, share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)
Tuesday, May 22, 2018
RSA Conference’s Cybersecurity Tech Accord – Substance or Delusion?
Colleagues,
during last month’s RSA Conference
34 tech companies including Microsoft, Facebook, HPE, ABB, Arm, Cisco, Nokia, Oracle, and
Trend Micro announced a Cybersecurity Tech Accord (aka Digital
Geneva Convention) pledging to mount a united effort against state-sponsored
cybercrime and warfare. Notable abstentions included Amazon, Alphabet and
Apple. According to Juniper
Research cybersecurity attacks on organizations and commercial
entities is expected to
reach an $8 trillion impact by 2022. The essence of the Accord is a
four-fold commitment to: 1) Share
threats and minimize the potential for malicious code to be introduced into
cyberspace, 2) Protect all customers globally regardless of the motivation of
the attack, 3) Will not help governments launch cyberattacks against innocent
citizens, and 4) Empower users to make effective use of their products with new
security practices and new features. Here at CSD applaud this move …
particularly in light of increased cyber threats from Russia, Iran, North Korea
and non-state bad actors. Bottom line: Will the four-fold commitment of the
Accord be fulfilled in concrete deeds not just words on a signed piece of paper
to appease the public and free-democratic governments? Share a
comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)
Monday, May 21, 2018
“Roaming Mantis” – Assessing the Impact of Android Malware on Users
Colleagues, rapid evolution, cryptojacking, global scope, mobility and
DNS hijacking. These are the traits of a Tier 1 malware threat to the 2
billion+ Android-based devices across the world and Roaming Mantis appears to have them all. This voracious malware was first identified in in Japan
during March 2018 when infected routers began redirecting users to compromised
websites. Roaming Mantis
currently supports 27 different languages and has expanded to users on four
continents. This new version contains a script for the popular cryptocurrency
miner Coinhive and the capability to target iOS devices in addition to
Android devices. What are
the most effective mitigation techniques? Security
Affairs focuses on mitigation beginning with securing routers, using up-to-date
firmware, enforcing strong passwords for admin access and disabling remote
access to the administration interfaces on the routers. This attack targets DNS
services running on routers. A DNS service running on a server inside your
network is not at risk to this attack. And only install software from trusted
app stores such as Google Play and the Apple App Store. We also recommend the SecureList’s
APT Mitigation in-depth checklist. Comment
and subscribe
today! Lawrence, Cyber
Security Defender (https://cybersecuritydefender.blogspot.com)
Saturday, May 19, 2018
Syrian Electric Army Delivers Cyber Attacks to Defend Bashar al-Assad
Colleagues, while the SEA does not have the statute of their counterparts in
Russia, Iran or North Korea, it represents a formidable cyber warfare threat to
opponents of Bashar al-Assad including the US, Israel and Western
European nations. In fact three of its members have made their way onto the US FBI’s
Cyber Most Wanted List. The group gained initial attention in 2011 and since then
has conducted attacks with ideological motives. Their tactics include DDoS attacks, DNS hijacking, launching
fraudulent fabricating Facebook and YouTube sites, spear-phishing and Web site
defacement. The rampant civil war in Syrian combined with the presence of US
and NATO forces has served to fuel the fire for SEA. They are behind the
defacement of the US
Army’s public web site, a hack of the LinkedIn
portal and the RSA
(Security) Conference site. Bottom line: Although SEA does not have the prowess
of its tier 1 peers in North Korean, Iran and Russia, it must be taken
seriously and we support all appropriate proactive counter-measures to undermine
this cyber enemy. Comment and
subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Friday, May 18, 2018
North Korean Proxy the Lazarus Group’s Malware Suspected to go beyond Central American casinos
Colleagues, financial gain
appears to be the root cause motive behind the recent Lazarus Group’s (or Hidden
Cobra) malware attacks on casinos in Central America, a bank in Bangladesh and
potentially of the soft targets. This is the same entity suspected of the 2016 cyber-attacks
again US-base Sony Pictures. KillDisk is a
standard detection name that ESET uses
for destructive malware with disk wiping capabilities and helped detect Win32/NukeSped
and Win64/NukeSped
attacks. The number of systems affected and financial loss to such malware has
not been well quantified. How can KillDisk be mitigated? A comprehensive silver
bullet solution is unknown the Cyber Security Defender recommends a careful
review of the Australian Government’s Department of Defence publication
entitled Strategies
to Mitigate Cyber Security Incidents. What is the Lazarus Group’s next
target? Share your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Subscribe to:
Posts (Atom)