Russians Indicted in Spear Phishing Attack on US DNC

Colleagues, last Friday Robert Mueller filed charges against Russian hackers tied to cyberattacks on the Democratic National Committee. Assistant Attorney General announced the indictment last Friday (read the full text here). The indictments, were announced by US Deputy Attorney General Rod Rosenstein during a Justice Department press conference on Friday morning. The twelve Russians defendants are a part of Russia's military Intel agency known as the GRU. These so-called "active measures," secret tools of statecraft and Russian is the chief offender. More precisely, the Russians used spear-phishing techniques against unwitting DNC staff as designed and delivered by well-known Russian cyber warfare entity FancyBear. Bottom line: Despite the domestic overtones, the US needs to mount an unprecedented offensive cyber initiative to neutralize and then dismantle Russia’s cyber infrastructure. With the US mid-term elections just months away, such actions are long overdue and the US must make an asymmetric, prolonged offensive against Russia. The sovereignty of the US Constitution and our electoral process lies in the balance. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cryptocurrencyacademy.blogspot.com/)  

Do Blockchain Firewalls Represent the Next Generation of Internet Security?

Colleagues, amid the fanfare of R3’s recent launch of the first Blockchain-based firewall the fundamental question is whether Corda Enterprise does in fact represent a new era of improved network and Internet security? Corda states it is able to limit communication between Blockchain nodes operating in different environments, and with different informational needs from their network. in any Blockchain architecture each node uses point-to-point messaging to communicate with other peer nodes. It would be naïve to deploy the Blockchain node in the DMZ with a public IP address. By targeting specific nodes, an attacker can influence how consensuses are reached and possibly even halt the Blockchain operation. To provide additional security to the Blockchain nodes. One technique is to filter network traffic, thus implementing a firewall for Blockchain applications. Cisco projects they can provide access control functionality which can effectively mitigate flooding attacks from multiple sources at simultaneously. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cryptocurrencyacademy.blogspot.com/) 

Are We Approaching an Era Where Cryptocurrency Transactions Can Increasing Be Tracked?

Colleagues, money laundering, illicit drug transactions and nation-states seeking to side-step trade sanctions have all sought refuge via the use of cryptocurrencies. However, the emerging crypto world order may in fact be an era in which such transactions can in fact be tracked. The cyber security struggle between good and evil is playing out before our eyes as central banks (e.g. US Federal Reserve) and regulatory entities (e.g. the US SEC) seek the upper hand against crypto cyber criminals. Firms such as CipherTrace, Chainanalysis and Bitfury are introducing tools designed to gain insight into crypto transactions. Bottom line question: Which side of the crypto privacy vs. transparency ecosystem will succeed? The Cryptocurrency Academy predicts that not unlike other cybercrime and warfare, this will be a long-term dilemma whereby each side develops new technologies and tactics that the other will thwart or mitigate. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Can a $2m Incentive Help Buglab Enhance Cryptocurrency Exchange Security?

Colleagues, the Coincheck, Bitgrail, Coinsecure and Coinrail cryptocurrency exchanges have all fallen victim to cybercrime thefts in 2018 alone. So what can be done to increase exchange security and bolster both crypto trader and investor confidence? Well, our friends at Buglab holding a hacking contest to uncover vulnerabilities in their platforms with a $2m BGL token prize. They are an Ethereum-based platform which helps exchanges around the globe resolve security weaknesses in digital solutions such as web apps, DAPPS, smart contracts and IoT. Major software and IT vendors such as Google, Apple and Microsoft commonly hold such security bake-offs to stress-test the integrity of their solutions. Crypto exchanges are often believed to be the weakest link in the emerging cryptocurrency ecosystem. The key question is which bugs can be identified combined with strong mitigation techniques? Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Mitigating the Voracious PythonBot Adware Browser Extensions

Colleagues, the infamous PythonBot or PBot adware was first identified in 2017, yet since then the malware has evolved and its creators have been trying different money-making schemes to profit themselves based upon research from security software vendor Kaspersky Labs. The PythonBot adware, aka MinerBlocker, then uses this data with the intent of getting users to install various different types of advertisement-supported programs or to cause browser redirects to websites with the same topics the users are interested in. This technique is called behavioral advertising.  Both MalwareBytes Labs and UninstallandRemoveIt have issued detailed mitigation procedures which we highly recommend both individual and corporate computer users closely follow. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cryptocurrencyacademy.blogspot.com/) 

Are Security Breaches Contributing to the Decline in Cryptocurrency Prices?

Colleagues, any security analyst knows that cyber criminals will target the weakest point in network or system. This principle is being validated over and over again by successful cyber-attacks on the cryptocurrency ecosystem. ICOs, mining farms, wallets, exchanges and crypto ATMs each have varying levels of vulnerability. The recent crypto heist of some $31.5m according to CCN from the South Korea-based Bithumb exchange is simply the latest example. The Korea Internet & Security Agency [KISA] along with the Ministry of Science and Technology (MIC) are investigating the world’s sixth largest cryptocurrency exchange. Bottom line: The Cryptocurrency Academy believes that the ongoing number of cyber-attacks against the global cryptocurrency ecosystem are “in part” a contributing factor to the decline in asset prices. Moreover, if BTC and Altcoins are to cross the chasm from early adopters to the mass markets these security flaws need to be greatly reduced in order to boost investor confidence. Share a comment visit us today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/) 

What are the most effective mitigation strategies for watering hole attacks?

Colleagues, cyber criminals believed to be of Chinese origin recently gained access to a range of government resources in Central Asia. This attack was based upon by inserting malicious scripts in the target country’s websites in order to conduct watering hole attacks. Such attacks seek security exploits in which the attacker attempts to corrupt a specific group of end users by infecting websites that a pool of users are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment. Officials attribute the attack to LuckyMouse, a Chinese-speaking actor (aka APT27 and EmissaryPanda). Some of the more effective mitigation efforts include the use of micro visualization, whitelisting risky web content, deploying Malwarebytes, install up-to-date operating systems and loading all available patches for known vulnerabilities. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)   

Cryptocurrencies: An Ever-Increasing Target for Cyber Crime – The Monero 5% Heist is the Latest Example

Colleagues, Monero is by no means a tier 1 cryptocurrency. According to Satoshi Pulse it ranks 14^th in cryptocurrency market cap worldwide. However, the recent theft of some 5% of the currency’s value at the hands of so-called “malicious miners” once again exposes the vulnerabilities cryptocurrencies need to resolve. Key cybercrime targets in the cryptocurrency world include ICO, mining, exchanges, wallets and the underlying Blockchain. Cyber criminals undoubtedly will probe very component of the crypto ecosystem to find the weakest links. Now that we have entered the era of quantum computing-based cybercrime security is of tantamount importance to the mass adoption of cryptocurrencies.  Post a comment and visit us today! Lawrence, Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com)

Coinrail Reports a $40m Heist – So just how secure are cryptocurrency exchanges against cyber theft?

Colleagues, the recent Coinrail loss of some $40m is just the latest in a steady stream of cybercrime attacks against cryptocurrency exchanges. Coincheck lost an approximately $400m earlier this year, last November saw Tether claim it lose $31 million following an attack. Mt. Gox hacking in 2014 is the mother of all crypto attacks. In total the exchange lost around 744,408 BTC. That was worth around $350m in 2014.  While Coinrail is by no means a tier 1 exchange this cyber heist raises serious questions about the security of cryptocurrencies in general, and second the exchanges on which they are traded. There is no silver bullet mitigation strategy, however, the Cryptocurrency Academy would a couple of best practices for minimizing the risk to your crypto investments: Currencies, exchanges and wallets. First, the top-tier currencies such as BTC, Ethereum, Ripple, Litecoin, etc. generally have more security on-board. Second, the larger and more established exchanges are likely to be built on more secure platforms with cyber security professionals on staff. And third, although opinions surely vary, hardware wallet such as the industry-leading Nano Ledger S are believed to offer more security … especially when compared to cloud-based wallets. Send us a comment and subscribe today! Lawrence, Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com)

How to mitigate the increased threat of cryptocurrency theft?

Colleagues, currency theft is nothing new. However, with the meteoric rise in cryptocurrency trading in the past 2-3 years the opportunity for cyber thieves and risk to investor has never been greater. Cloud security firm Carbon Black has issued a new threat report entitled “Cryptocurrency Gold Rush on the Dark Web“ in which it claims some $1.1b USD in cryptocurrencies have been illicitly stolen so far this calendar year. Moreover, Japanese cryptocurrency exchange Coincheck had $600m in XEM stolen by hackers in January 2018. A number which is likely to grow dramatically over time. The malware needed to commit cryptocurrency theft can be obtained for a mere $224. Two key questions emerge: First, which components of the cryptocurrency ecosystem are vulnerable to attack – mining, wallets, exchanges, etc? And second, which mitigation strategies can the ecosystem in general and investors in particular, take to reduce risk? For the moment, concrete answers to these question appear illusive. Nonetheless, the Cryptocurrency Academy will pursue these issues and keep you informed. Please share a comment and subscribe today! Lawrence, Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com)