Search This Blog

Showing posts with label Crypto Currency. Show all posts

LockBit 3.0: Launch of Ransomware Bug Bounty Program

 

The "LockBit 3.0" ransomware update from the LockBit ransomware organization features the first spyware bug bounty program, new extortion methods, and Zcash cryptocurrency payment choices. After two months of beta testing, the notorious gang's ransomware-as-a-service (RaaS) operation, which has been operational since 2019, recently underwent an alteration. It appears that hackers have already employed LockBit 3.0.

Bug bounty plan for LockBit 3.0 

With the launch of LockBit 3.0, the organization launched the first bug bounty program provided by a ransomware gang, which asks security researchers to disclose bugs in exchange for incentives that can go as high as $1 million. In addition to providing bounties for vulnerabilities, LockBit also pays rewards for "great ideas" to enhance the ransomware activity and for doxing the operator of the affiliate program, identified as LockBitSupp, which had previously posted a bounty plan in April on the XSS hacking site.

"We open our bug bounty program to any security researchers, ethical and unethical hackers worldwide. The compensation ranges from $1,000 to $1,000,000," reads the page for the LockBit 3.0 bug reward. The notion of initiating the criminal operation would be against the law in many nations, however, makes this bug reward scheme a little different from those frequently utilized by respectable businesses.

LeMagIT claims that version 3.0 of LockBit includes several other improvements, such as new methods for data recovery and monetization, as well as the option for victims to choose to have their data destroyed, and the ability for victims to make payments using the Zcash cryptocurrency in addition to Bitcoin and Monero. 

LockBit is producing outcomes. In May, LockBit 2.0 succeeded Conti as the leading provider of ransomware as a service. The gang's previous ransomware, LockBit 2.0, was to be blamed for 40% of the attacks that NCC Group observed in the preceding month. Moreover, according to Matt Hull, worldwide lead for strategic threat intelligence at NCC, The most prolific threat actor of 2022 is Lockbit 2.0,  In times like these, it's imperative that businesses become familiar with their strategies, methods, and processes.

It is unclear how this new extortion technique will operate or even whether it is activated because the LockBit 3.0 data leak site currently does not have any victims. With its public-facing manager actively interacting with other malicious actors and the cybersecurity community, LockBit is one of the most prolific ransomware campaigns.

Three Malware Fileless Phishing Campaigns: AveMariaRAT / BitRAT /PandoraHVNC

 

A phishing effort that was distributing three fileless malware onto a victim's device was detailed by cybersecurity experts at Fortinet's FortiGuard Labs. AveMariaRAT, BitRAT, and PandoraHVNC trojan viruses are spread by users who mistakenly run malicious attachments delivered in phishing emails. The viruses are dangerously capable of acquiring critical data from the device.
 
Cybercriminals can exploit the campaign to steal usernames, passwords, and other sensitive information, such as bank account numbers. BitRAT is particularly dangerous to victims because it can take complete control of infected Windows systems, including viewing webcam activity, listening to audio through the microphone, secretly mining for cryptocurrency that is sent to the attackers' wallet, and downloading additional malicious files.

The first phishing mail appears to be a payment report from a reputable source, with a brief request to view a linked Microsoft Excel document. This file contains dangerous macros, and when you open it, Microsoft Excel warns you about using macros. If the user disregards the warning and accepts the file, malware is downloaded. The malware is retrieved and installed onto the victim's computer using Visual Basic Application (VBA) scripts and PowerShell. For the three various types of malware that can be installed, the PowerShell code is divided into three pieces. This code is divided into three sections and employs the same logic for each virus: 
  • A dynamic mechanism for conducting GZip decompression is included in the first "$hexString." 
  • The second "$hexString" contains dynamic PowerShell code for decompressing the malware payload and an inner.Net module file for deploying it. 
  • The GZip-compressed malware payload is contained in the "$nona" byte array. The following PowerShell scripts are retrieved from the second $hexString and are used to decompress the malware payload in $nona and to deploy the malware payload into two local variables using the inner.Net module. 
The study doesn't explain as to why the phishing email contains three malware payloads, but it's conceivable that with three different types of malware to deploy, the cybercriminals will have a better chance of gaining access to whatever critical information they're after. 

Phishing is still one of the most prevalent ways for cyber thieves to deliver malware because it works – but there are steps you can take to avoid being a victim. Mysterious emails claiming to offer crucial information buried in attachments should be avoided, especially if the file requires users to allow macros first. Using suitable anti-spam and anti-virus software and training workers on how to recognize and report phishing emails, businesses may help workers avoid falling victim to phishing emails.

Analysis of Cryptocurrency Fundraising

 

A cryptocurrency is a form of digital currency meant to make internet transactions extremely safe. Investors and authorities are paying attention to the unexpected increase in the value of cryptocurrencies. The digital era has surely aided in the advancement of our understanding and use of money. We are also on the verge of a new financial revolution, which is linked to the fourth industrial revolution. There are currently 9,271 distinct cryptocurrencies available, with Bitcoin, Ethereum, Tether, BNB, and USD being the most renowned ones.  

Cryptocurrencies, despite being older than the iPad, have just entered the public sphere, with their impact being predominantly felt in the last three or four years. The aspect of digital currencies has spread to numerous banks, including JP Morgan and Wells Fargo, which are developing their own cryptos. Blockchain, AI, IoT, and a slew of other technologies are making inroads into our daily lives as more traditional concepts and technologies are scrambling to stay up or risk becoming obsolete. 

Bitcoin, one of the most popular cryptocurrencies, was launched in 2009 and employs peer-to-peer technology to enable rapid transactions without the involvement of institutional bodies such as banks or governments. A password or a private key is required to access the received cryptocurrency in the wallet. Furthermore, the transaction is safeguarded by blockchain technology when it is sent from one wallet to another.

Physical currency serves as a universal measure of worth as well as a quick means of transmitting it. The switch to such a system would very certainly be tough, as cash may become incompatible in the blink of an eye if the crypto world advance at the current pace. Established banking institutions would almost certainly have to hustle to adapt. Governments across the world are now accepting blockchain and cryptocurrency. According to the Gartner report, 83 nations are currently experimenting with or deploying as such Central Bank Digital Currencies, or CBDCs, which account for 90 percent of global GDP. While many businesses initially offered to accept Bitcoin during its first boom, this list has progressively reduced, reinforcing doubt about the cryptocurrency's potential as a medium of trade. 

In India, cryptocurrency boomed relatively late when it already cost millions of rupees, as a result, Indians have few Satoshis (small units of a bitcoin) but this isn't the case in every situation. People are dealing in smaller units such as milli or micro bitcoins as the worth of cryptocurrency. 

Furthermore, the price of a cryptocurrency varies between exchanges, which is a clear breach of the legislation of one price.

While bitcoin performs admirably as a wealth vault, its volatility makes it riskier and exposes it to increased danger of loss. Several variables influence the price of a single bitcoin, like supply and demand, competition, and regulation. Investor perceptions of cryptocurrency are also influenced by recent news events.

The lack of other traits for crypto in India is typically associated with modern physical currencies; they cannot be deposited in a bank and must be held in digital wallets, which are costly and risky due to the possibility of hacking, staff corruption, public IP addresses, and ransomware. In many aspects, government supervision over central currency is essential for regulation, and cryptocurrencies would function with far less government oversight. Bitcoin's supply is set; there is an absolute limit of 21 million units.

In order to maintain steady price levels, the money supply must be able to rise in lockstep with macroeconomic activity, otherwise, the problem can only be solved by raising the velocity of money or by a substantial drop in prices. This might put the economy in jeopardy. 

For investors, bitcoin's artificial scarcity is a benefit: increased demand combined with inelastic supply leads to a greater price. The lack of a central regulator renders investor protection untenable and raises the likelihood of greater instability. People engage in these markets expecting the cryptocurrencies would grow in the future; this presumption fuels speculative behaviours, and a quick shift in the presumption may cause the market to crash, injuring many naive investors. 

The magnitude of economic harm is influenced by the connectivity between crypto-assets and the traditional banking industry. According to economists, direct exposure from cryptocurrencies to the financial system might be transmitted, and indirect repercussions could expand to other asset classes. Crypto assets, according to the RBI financial stability report (2021), offer long-term risks for capital control management, financial and macroeconomic stability, and monetary policy transmission.

China has taken the toughest stance on cryptocurrencies, going from allowing crypto mining to outright prohibiting it as of June 2021. Regulations are divided between the federal and state governments in the United States and India. Most EU draught Markets in Crypto-Assets Regulation (MiCA) legislation was announced by the European Commission in September 2020. The UK  is currently supervised by the Financial Conduct Authority (FCA). It's worth noting that the South American nation was the first to declare Bitcoin to be legal cash.

If we look at the evolution of crypto as a currency, it has virtually achieved its goal of decentralisation, and is now one of the main firms such as Tesla, Microsoft, and Meta are investing in it. On the other hand, the emerging cryptocurrency has the issue of being hackable. In the long run, if cryptocurrency continues to develop at its current rate, it may eventually replace fiat currency, resolving the issues of hacking and extreme volatility.

Financier Diakonov Called Russia the Future Cryptocurrency Center of the World

 

Mr. Diakonov predicted the future of cryptocurrency and called it a possible alternative to traditional money. "Time will tell how it will be built into the system of international payments and trade," he said.
The financier also stated that Russia can become a cryptocurrency world center since it has the necessary knowledge, capabilities and technologies to create this product. However, it is difficult to guess when this scenario will come to life,since the concepts of cryptocurrencies proposed by the Ministry of Finance and the Central Bank do not reflect the current situation. 

"If the task is to transfer part of the international settlements into the "new currency," in case this instrument will acquire the scale, then sanctions measures from the West may affect it as well. And we may see the next prohibitive measures of an international nature," he explained. 

According to Mr. Diakonov, China, as Russia's largest business partner, is not yet ready to switch to cryptocurrency trading. However, he suggested that the country would start using the digital yuan. "Here we see great prospects for creating new synthetic products that will become a growth point for the economy," he concluded. 

Earlier, the founder and CEO of the world's largest cryptocurrency exchange Binance, Changpeng Zhao, said that next year there will be more transparency in the regulation of crypto-assets, and this is a positive signal for the market. In addition, there will be new options for their use. But the crypto market moves cyclically, and an upturn is followed by a downturn. Whether it happens next year or later is hard to predict. Asset volatility will continue regardless of who comes to the market. "Our personal goal for next year is to get as many licenses around the world as we can; we expect to get 10 to 20 more licenses next year." 

In addition, there will be new ways to use them. But the crypto market moves cyclically, and a period of recovery is followed by a recession – it will happen next year or later, it is difficult to predict. Asset volatility will continue regardless of who comes to the market. "Our personal goal for next year is to get as many licenses around the world as possible. We expect to get another 10-20 licenses next year." 

Earlier, the Ministry of Finance submitted to the government a bill on the legalization of cryptocurrencies. According to the document, Russians will have the right to legally invest up to 600 thousand rubles ($7,600) in cryptocurrency annually. However, this will require special testing.

The Ministry of Finance Proposed to Test Russians Before Buying Cryptocurrencies

 

On February 18, the Ministry of Finance submitted a bill on the regulation of cryptocurrencies to the government. At the same time, public discussions began. On Monday, February 21, the agency published details of the document on its official website. 

According to the proposal of the Ministry of Finance, the use of digital currencies as a means of payment in Russia will continue to be prohibited. However, the Ministry of Finance suggests leaving cryptocurrencies only as a tool for investment. The bill defined the requirements for exchanges and exchangers that will deal with cryptocurrencies. 

Foreign cryptocurrency exchanges will have to register in Russia in order to obtain a license. The Ministry of Finance proposes to allow transactions with the purchase or sale of cryptocurrencies only if the client is identified. The deposit and withdrawal of cryptocurrencies will be possible only through banks using a bank account. 

Exchanges must inform citizens about the high risks associated with purchasing digital currencies. Citizens will undergo online testing before purchasing cryptocurrencies, which will determine the level of knowledge of the specifics of investing in digital currencies and awareness of possible risks. 

According to the official website of the Ministry of Finance, "with successful testing, citizens can invest up to 600 thousand rubles in digital currencies annually. If the testing is not passed, then the maximum amount of investment will be limited to 50 thousand rubles (about 0.015 bitcoins at the time of writing the news). Qualified investors and legal entities will make transactions without restrictions." 

The agency also proposes to consolidate the definition of digital mining as an activity aimed at obtaining cryptocurrency. The Ministry of Finance noted that they had received proposals from the Bank of Russia on the introduction of a ban on the organization of the issuance and circulation of digital currencies. 

Last week it became known that the Central Bank proposes to ban not only the organization of the issuance of cryptocurrencies and their circulation but also the dissemination of information about them. Also, the Central Bank prohibits banks and other financial market participants from owning private digital currencies. 

In addition, on February 18, the Central Bank proposed to introduce fines of up to one million rubles ($12,700) for the issue of private cryptocurrency. If the bill is adopted, individuals may face fines in the amount of 300 ($3,800) to 500 ($6,300) thousand rubles, and organizations from 700 thousand ($8,800) to one million rubles ($12,700). 

Earlier, CySecurity News reported that the Kremlin and the Russian government have estimated the Russian cryptocurrency market at $214 billion.

The Ministry of Finance of Russia Named the Main Threat of Cryptocurrency Ban in Russia

Deputy Finance Minister Alexei Moiseev said that the ban on cryptocurrencies and mining could slow down the development of new technologies and services, lead to the outflow of highly qualified specialists abroad, and the loss of tax revenues. 
Mr. Moiseev recalled that the relevance of cryptocurrency regulation is due to the growing popularity of citizens' investments in such assets. 

"We need to create clear and transparent rules for the participation of citizens and businesses in the financial instruments of the crypto market. The concept provides for the traceability of cash flows and crypto transactions, as well as the identification of users," the official stressed. 

He added that the only legal participant in the crypto market will be banks and exchanges that will oblige to comply with all the requirements of anti-money laundering legislation. "As for investors, they will be divided into qualified and unskilled, that is, those who do not have the necessary knowledge in working with digital financial instruments," he recalled. 

According to him, clear regulation excludes the possibility of a parallel financial system appearing in Russia, introduces clear rules of the game for market participants, and creates tools to protect investors' rights. In the case of a ban, all of them could automatically become violators of the law, and these are millions of people. 

Last week, the Bank of Russia stressed that it was in favor of reducing the interest of Russians in the cryptocurrency market. Elvira Nabiullina, head of the regulator, noted that the concept of regulating digital assets, which was proposed by the Ministry of Finance and approved by the government, does not allow to mitigate the risks, which the Central Bank warned about. 

In January, the Bank of Russia published a report "Cryptocurrencies: Trends, risks, measures", in which, in order to reduce threats, it proposed to ban the issuance, mining and circulation of cryptocurrencies in Russia. The central bank proposed to introduce a ban on the organization of the issuance or circulation of cryptocurrencies on the territory of Russia, to establish responsibility for its violation. 

The concept of the Ministry of Finance provides for the regulation of cryptocurrencies in Russia without their prohibition. The Ministry believes that the complete absence of regulation or prohibition of cryptocurrencies will destabilize the industry, increasing the share of the shadow economy and the growth of fraud, and law enforcement will not be able to effectively respond to crimes using such instruments. 

At the end of January, Russian President Vladimir Putin called on the government and the Central Bank to come to a consensus on the regulation of cryptocurrencies and report on the results. So, by February 18, the Ministry of Finance, together with the Bank of Russia, should prepare a bill on the regulation of cryptocurrencies.

Russian Man and his Wife Arrested in U.S. for Stealing Record $4.5 billion in Bitcoins

Russian citizen Ilya Lichtenstein and his wife Heather Morgan were arrested in the United States on Tuesday. The U.S. Justice Department in a statement called them the largest Internet fraudsters in history. 

The spouses are suspected of hacking the Hong Kong cryptocurrency exchange Bitfinex in 2016 and withdrawing 120,000 bitcoins from its accounts, which is $4.5 billion at current prices. Intelligence agencies managed to confiscate $3.6 billion worth of bitcoins stored in the Russian's e-wallets. 

On Tuesday night, after the arraignment in the Court of the Southern District of New York, Magistrate Judge Debra Freeman decided to release the suspects on bail of $8 million for two. However, the spouses were unable to leave federal prison as the judge's decision was put on hold by Washington. 

According to the prosecution, the couple should remain in custody because "they are sophisticated cybercriminals and money launderers, and there is a serious risk of their escape." Prosecutors admit that the couple may have passports in other names. 

In particular, agents found a file named Passport_ideas on Liechtenstein's computer. And a plastic container with disposable phones was found under the bed in the apartment of the defendants. Under American law, Ilya Lichtenstein and Heather Morgan face up to 25 years in prison. 

A few years ago, 34-year-old Ilya Lichtenstein unsuccessfully tried to create a technology startup and become an investor. He came to the United States from Russia at the age of six, when his family was granted asylum for religious reasons. 

His wife, Heather Morgan, called herself an economist, a journalist, and a "Crocodile of Wall Street", was a freelance writer for Forbes magazine and even performed as a rapper under the name Razzltkhan. According to the New York Times, giant billboards with her image decorated Times Square. 

According to the investigation conducted by the FBI and the US Internal Revenue Service, Lichtenstein and Morgan hacked the Bitfinex protection system and made about 2 thousand illegal transactions, transferring funds from the accounts of the exchange's clients to their electronic wallet. 

In subsequent years, the suspects managed to launder about 25 thousand bitcoins through third-party exchanges and online services on the darknet. A new hearing on Lichtenstein and his wife's bail application will be held in Washington on February 11.

North Korea Stealing Millions in Cyber Attacks

 

A recent report of UN experts on cybersecurity threats has revealed that North Korea has not stopped stealing hundreds of millions of dollars from financial institutions and cryptocurrency organizations and exchanges. Illegally obtained money plays a very important role in North Korean nuclear and missile programs, U.N. experts said in a report quoting cyber specialists. 

The state-sponsored cybercriminals often use prevalent methods of attacks including phishing lures, malware, code exploits, and advanced social engineering to siphon funds out of these organizations’ internet-connected ‘hot’ wallets into DPRK-controlled addresses. 

The panel of experts has also said that according to an unnamed government, North Korean “cyber-actors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchanges in North America, Europe, and Asia, probably reflecting a shift to diversify its cybercrime operations.” 

The experts further added that the “Cyber-actors stole a total of $400 million worth of cryptocurrency through seven intrusions into cryptocurrency exchanges and investment firms". 

The panel of experts monitoring sanctions on North Korea said that the cryptocurrency funds that have been stolen by the state-sponsored threat actors go through a very protective money laundering process in order to be cashed out.

A year ago, the panel quoted an unidentified country saying North Korea’s “total theft of virtual assets from 2019 to November 2020 is valued at approximately $316.4 million.” 

In the same year, North Korea had advanced its nuclear weapons and ballistic missiles even after United Nations sanctions. Further, for its funding, the state uses malicious actors' help and continues to seek material and technology overseas for its arsenal including in Iran, said, experts. 

“Cyberattacks, particularly on cryptocurrency assets, remain an important revenue source for the state government, and the experts are monitoring the implementation of sanctions against the North,” experts said in the new report.

The Moscow Kremlin and the Russian Government Have Estimated the Russian Cryptocurrency Market at $214 Billion

 

Bloomberg claims, citing its own sources that the Kremlin and the Russian government have estimated the Russian cryptocurrency market at $214 billion. This assessment is used during the development of a plan to regulate the industry. 

The volume of cryptocurrency held by Russians was calculated in January 2022 by analyzing the IP addresses of major cryptocurrency exchange users and other information. The agency writes that the estimate may be an underestimate because many traders hide their activities. 

In November 2021, the Central Bank of Russia estimated the annual volume of transactions of Russians with digital assets at $5 billion. The data were obtained based on the results of a survey of large banking organizations in July 2021. The Central Bank also noted that Russian users are among the most active participants in the digital currency market. Russia is among the leaders in the number of visits to digital currency exchanges. 

Later, during the parliamentary hearings, Anatoly Aksakov, head of the State Duma Committee on Financial Market, estimated investments of Russian residents in cryptocurrencies at $194 million. Aksakov stressed that unqualified investors are also interested in digital assets, so the authorities need to determine the position on digital assets and legislate it. 

It is interesting to note that on January 20, the Central Bank published a report for public discussion, in which it proposed to ban the issuance, circulation, and exchange of cryptocurrencies in Russia, as well as the organization of these operations. The regulator also considers it necessary to ban the mining of digital assets and start monitoring the investments of Russians in cryptocurrency on foreign trading platforms. 

However, after the Central Bank report, Deputy Prime Minister Dmitry Chernyshenko approved a roadmap on cryptocurrencies, which proposes the regulation of cryptocurrencies, rather than their prohibition, identification of customers, responsibility for illegal trafficking of digital assets, as well as the development of a methodology for assessing the value of cryptocurrencies. 

Representatives of the Ministry of Finance, the Ministry of Economic Development, the Prosecutor General's Office, Rosfinmonitoring, the FSB, the Ministry of Internal Affairs, the Federal Tax Service, the Ministry of Finance, and the Bank of Russia participated in the development of the roadmap. 

On January 26, Russian President Vladimir Putin called on the government and the Central Bank to come to a consensus on the regulation of digital assets. The Head of state said that he was familiar with the discussion concerning the regulation of cryptocurrencies. 

Earlier, CySecurity News reported that the Russian billionaire Oleg Deripaska criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.

Russia may prohibit payment of cryptocurrency with bank cards

In Russia, it may be prohibited to pay for the purchase of electronic currencies with bank cards. The Central Bank s currently being discussing such an idea.

Experts talk about blocking payments with a specific MCC code. Banks assign such codes automatically when processing card payments. This four-digit code identifies the merchant's business.

For example, grocery stores receive the code 5411. And crypto exchangers and crypto exchanges usually receive the code 6051. The regulator can oblige banks to block such transfers.

Experts say that even if such a ban is introduced, it will not be difficult to buy cryptocurrency. Firstly, there are intermediaries. And secondly, people can open an account in a bank of Belarus or Kazakhstan, in these countries investments in cryptocurrency are allowed.

According to biotech entrepreneur, miner Pyotr Kondaurov, it is impossible to ban the crypt, it is decentralized, it is distributed, people will use it anyway, the crypt is not controlled by the Central Bank. That is, people can send each other as much money as they want and not pay taxes for it and not report for it at all. That is, a monetary system appears that does not belong to the state.

Earlier, the head of the Central Bank, Elvira Nabiullina, said that the regulator is against using the Russian financial system for operations with cryptocurrencies. According to her, the Central Bank cannot welcome investments in such currencies because of their volatility, as well as the risks they entail for retail investors.

The Ministry of Finance, according to Forbes, does not advocate a complete ban on cryptocurrencies, but for limiting the purchase of such digital assets by unqualified investors. Earlier, the Central Bank estimated the annual volume of transactions of Russians with digital assets at $5 billion.


QNAP : New Crypto-Miner Targeting the NAS Devices

 

A new variant of crypto-mining malware is affecting QNAP's network-attached storage (NAS) devices, as per a new security advisory posted by the Taiwanese hardware firm QNAP. 

The firm did not reveal how the devices were infected, but it did state that once the malware had established a grip on affected systems, it would build a process called [oom reaper] that would consume about 50% of the CPU's entire use. 

QNAP stated, “This process mimics a kernel process but its PID is usually greater than 1000.” 

While the infections are being examined, QNAP advised customers to protect themselves by updating their devices' operating systems (known as QTS or QuTS) and all QNAP add-on software. Furthermore, the business advised users to change all of their NAS account passwords because it was unclear whether the attackers leveraged a vulnerability or just brute-forced an internet-connected device that used a weak password. 

QNAP advised customers to reboot their devices and download and install the company's "Malware Remover" tool from the device's built-in App Center to eliminate the infection. The company's advisory provides step-by-step instructions on how to complete all three procedures above. 

Malware attacks on QNAP systems in the past 

However, in retrospect, the Taiwanese corporation is being utilized by malware gangs to attack its devices. Ransomware strains such as Muhstik, Qlocker, eCh0raix, and AgeLocker have all targeted QNAP devices in recent years, with hackers obtaining access to client NAS systems, encrypting data, and then demanding minor ransom payments. 

Crypto-mining malware has been uncommon, however, it has been seen in the past. QNAP NAS devices were targeted by the Dovecat crypto-mining malware in late 2020 and early 2021, which exploited weak passwords to gain access to QNAP systems. In 2019 and 2020, the QSnatch malware targeted the company's NAS devices, infecting roughly 62,000 systems by mid-June 2020, as per CISA and the UK NCSC. 

QSnatch did not have crypto-mining functionality, but it did have an SSH password stealer and exfiltration capabilities, which were the primary reasons that national cybersecurity agencies in the United States, the United Kingdom, Finland, and Germany became involved and issued national alerts about the botnet's operations.

Tor2mine Crypto Miner Evolves to be a More Dangerous Threat

 

As cryptocurrencies have grown in popularity among netizens, cryptocurrency mining campaigns have taken center stage in the threat landscape. Crypto mining campaigns have proven to be financially rewarding for cybercriminals, thus they continue to develop new TTPs and malware strains. Sophos discovered that one such miner variant has resurfaced, only stronger. 

Tor2Mine is a Monero miner that has been operating since at least 2019 and is capable of utilizing huge networks of worker devices. Most of these miners carry out these campaigns against Monero. The altcoin appeals to hackers due to its private and untraceable nature. It employs Microsoft's PowerShell scripting language to disable pre-existing malware security on a server and execute a miner payload, which is a stealthy malware designed to farm system resources. 

Tor2Mine also collects Windows credentials, which it uses to distribute and re-infect other PCs on the compromised network. Other systems are not protected if it is not totally removed. Sophos also reported that, while there was a surge in Tor2Mine infections in early 2021, the fall has been accompanied by the development of new variants. These are most likely the result of minor changes made by separate sets of operators or by the same actors between campaigns.

The presence of miners in a network implies the possibility of more potentially harmful intrusions. Furthermore, Tor2Mine appears to be more aggressive than its competitors. Once it has established persistence, it can only be eliminated using endpoint protection and other anti-malware software. Tor2Mine would continue infecting systems even if the C2 server went down due to its lateral movement feature. 

With the spread of cryptocurrency enthusiasm, illicit mining has become a well-established method of obtaining digital assets illegally. According to a new Google cyber security report, 86% of compromised Google Cloud accounts are used for illegal cryptocurrency mining, as well as monitoring and assaulting other prospective targets. 

Interestingly, according to a June research by Kaspersky, crypto-jacking has declined from its peak in 2017-18 during the initial crypto-boom. The total number of users who encountered miners on their devices, on the other hand, grew to 200,045 in March from 187,746 in the first quarter of this year. 

According to Sophos, firms that quickly fix vulnerabilities on internet-facing systems are less likely to be targeted by crypto miners. As threats evolve, it is critical for enterprises to stay ahead of the game by deploying strong cybersecurity protections.

FBI Seizes 39 BTC Worth $2.2M Tied to Ransomware Gangs

 

The Federal Bureau of Investigation (FBI) has seized 39 BTC worth approximately $2.3 million from a Russian man affiliated to Revil and Gandcrab ransomware gang, according to a court document unsealed Tuesday. 

"The United States of America files this verified complaint in rem against 39.89138522 Bitcoin Seized from Exodus Wallet ("the Defendant Property") that is now located and, in the custody, and management of the Federal Bureau of Investigation ("FBI") Dallas Division, One Justice Way, Dallas Texas," reads the United States' Complaint about Forfeiture. 

Exodus is a desktop or mobile wallet that owners can use to store cryptocurrency, including Bitcoin, Ethereum, Solana, and many others.

The FBI seized $2.3 million on 3rd August, however, the officials did not disclose how they secured access to the wallet. According to the court document, the wallet contained Revil ransom payments belonging to an affiliate discovered as Aleksandr Sikerin (aka Alexander Sikerin and Oleksandr Sikerin), whose email address is engfog1337@gmail.com. 

The name “engfog” in the email address is tied to a well-known Gandcrab and Revil/Sodinokibi affiliate known as “Lalartu,” Bleeping Computer reported. 

“Gandcrab and Revil organizations operated as Ransomware-as-a-Service (RaaS), where core operators’ partner with third-party hackers, known as affiliates, the news outlet noted, adding that ransom payments are split between the affiliate and core operators. The operators usually earn between 20% and 30% of the ransom,” reads the court document. 

The Justice Department this month announced the seizure of $6.1 million from Yevgeniy Polyanin, a Russian “charged with deploying Sodinokibi/Revil ransomware to attack businesses and government entities in the United States.” Meanwhile, the U.S. government has been increasing its efforts to fight ransomware attacks. The Treasury Department has already sanctioned two cryptocurrency exchanges tied to ransom payments. 

Earlier this year in October, REvil was reportedly forced offline by a multi-nation operation — giving the ransomware group a taste of its own medicine after it orchestrated a number of high-profile attacks. The attacks include targeting the Colonial Pipeline which resulted in gas shortage across the U.S., hundreds of supermarkets were forced to close in Sweden after the software firm Kaseya was crippled in a separate incident. 

Google: Cryptocurrency Miners are Targeting Compromised Cloud Accounts

 

Google has warned that cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining.

Details were disclosed by Google's cybersecurity team in a study published on Wednesday. The "Threat Horizons" study seeks to give intelligence that will assist firms in keeping their cloud systems safe. 

Google wrote in an executive summary of the report, “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances.” 

Cryptocurrency mining is a for-profit industry that frequently necessitates enormous quantities of computational power, which Google Cloud users may purchase. Google Cloud is a cloud-based storage technology that allows consumers to store data and files off-site. 

As per Google, 86 per cent of the 50 newly hacked Google Cloud accounts were used to mine cryptocurrencies. Bitcoin mining software was downloaded in the majority of cases within 22 seconds of the account being hacked. Around 10% of the affected accounts were also used to perform scans of other publicly available resources on the internet in order to locate susceptible systems, while the remaining 8% were utilised to attack new targets. 

According to Google, malicious actors were able to get access to Google Cloud accounts by exploiting inadequate consumer security procedures. Almost half of the compromised accounts were the result of criminals acquiring access to an internet-facing Cloud account that had either no password or had been hacked. 

As a result, these Google Cloud accounts were vulnerable to being scanned and brute-forced. A quarter of the compromised accounts were the result of flaws in third-party software installed by the owner. Bitcoin, the world's most popular cryptocurrency, has been criticized for consuming excessive amounts of energy. Bitcoin mining consumes more energy than several countries. When authorities investigated a suspected cannabis farm in May, they discovered it was actually an illegal bitcoin mine. 

“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, director of the office of the chief information security officer at Google Cloud, and Seth Rosenblatt, security editor at Google Cloud, in a blog post. 

They also stated that Google researchers discovered a phishing attack by the Russian group APT28/Fancy Bear at the end of September and that Google stopped the attack. Google researchers also discovered a North Korean government-backed threat organisation that impersonated Samsung recruiters in order to deliver harmful attachments to the staff at various South Korean anti-malware protection firms, they noted.

Shiba Inu Crypto Exploited by Scammers for their Scams

 

Since the Shiba Inu cryptocurrency, meme-based digital money, has struck its all-time high in October, it didn't take too long for fraudsters to capitalize on the craze. Shiba Inu token is a decentralized cryptocurrency established by an unidentified person or group identified as "Ryoshi" in August 2020. 

As per the information shared, live YouTube videos offering phony token giveaways had racked up hundreds of thousands of views, whilst Telegram groups supporting similar frauds have also proliferated. 

Tenable has uncovered numerous Shiba scams that all employ a remarkably identical strategy. Accounts live-stream outdated material from a June event involving Jack Dorsey and Elon Musk, a well-known figure amongst crypto enthusiasts, with on-screen directions for consumers to deposit an arbitrary amount of currency into a wallet in exchange for the promise of receiving twice as much or more. 

According to Satnam Narang, a researcher at Tenable, scammers have gained $239,000 in cryptocurrency since October 20 based on a study of internet wallet addresses related to dubious Shiba Inu-themed pages. 

Although Shiba may be one of the newest virtual currencies to draw attackers looking to prey on investors, it is merely the most recent step of a growing problem. In total, the FTC recorded more than $80 million in recorded consumer losses from cryptocurrency fraud in May. Victims' damages are not covered by the federal government since cryptocurrency exchanges lack the same statutory protections as standard finance exchanges. 

Customers have been reporting scams since at least May, as per the Shiba Inu token's official Reddit page. And phony-freebies aren't the only way crooks are taking advantage of the coin to deceive would-be investors. 

Tenable discovered one effort in which scammers lured customers to a phishing URL posing as the cryptocurrency wallet Trust. It's uncertain whether the link succeeded in duping any victims into disclosing their wallet information. 

The fraudulent giveaways reported by CyberScoop received over 500,000 views in total. Several streams originated from the very same Thailand-based account, "SHIBA INU." All of the live-streamed videos were in the top 10 search results, frequently outranking a cautionary video about the fraud with only 1,400 views. 

Scams involving the coin have become so prevalent that Shiba developers published a video on Twitter on Sunday, 21st of November, advising customers to avoid giveaway videos and not disclose their wallet addresses. In addition, the developers released a video warning of suspicious behavior on Telegram, in which fraudsters spoof accounts and establish bogus users.

Cryptocurrency Farm in Kyrgyzstan Have Been Shut Down by Authorities

 

Central Asia, especially the Republic of Kyrgyzstan, has recently become a powerhouse for cryptocurrency mining farms. Businesses involved in the extraction of digital currency have indeed been drawn to the region because of its low energy costs, despite China's increasing crackdown upon that industry. 

Officials in Kyrgyzstan discovered and pulled down a massive crypto mining farm in the country's northern region. According to law enforcement authorities, the unlicensed currency minting operation has caused "colossal damage" to the nation's electricity network grid, and they are still attempting to determine the damages. 

The inflow of miners has been criticized for rolling blackouts, and several countries have taken steps to address a developing power shortfall. 

The Kyrgyzstan government raised its electricity price for crypto mining firms, amongst many other consumers, in early October, emphasizing the energy-intensive aspect of their activities. A similar scheme has been suggested by lawmakers in neighboring Kazakhstan. 

Authorities in Bishkek are also on the lookout for subterranean cryptocurrency miners. In May, law enforcement agents confiscated 2,000 mining equipment from numerous facilities minting digital money illegally throughout the capital city and Chuy area. 

The State Committee for National Security (GKNB) also uncovered a big illicit mining farm in the town of Druzhba, Issyk-Ata region, during a similar operation. According to media reports, its officials have detained another 2,500 mining machines. 

According to a news release published by the department and quoted by Sputnik Kyrgyzstan, the data center, which had been operated inside a greenhouse, was administered by foreign nationals. The GKNB goes on to say that their illicit operations have "caused colossal damage to Kyrgyzstan's electric networks."

Kyrgyzstan has begun to control its burgeoning cryptocurrency mining industry. The Ministry of Economy proposed a bill establishing mining taxation in August 2020. The proposal calls for a 15% tax on the price of power used to generate digital currency. The law required mining corporations to register with regulatory agencies to function in the country. 

Furthermore, researchers are now attempting to assess the state's losses and determine whether the mining equipment was properly imported into the nation. The committee further stated that it is attempting to identify all those participating in the project.

US Department of Treasury Declares Sanctions Against Chatex Cryptocurrency

 

The US Treasury Department today declared sanctions against Chatex cryptocurrency exchange for assisting ransomware groups escape sanctions and helping them in carrying out ransomware transactions. The US department also sanctioned Suex crypto exchange (based in Russia) in September for assisting a minimum of 8 ransomware teams, with more than 40% of public transactions linked to threat actors. 

"Ransomware incidents have disrupted critical services and businesses globally, as well as schools, government offices, hospitals, and emergency services, transportation, energy, and food companies. Reported ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020," said US Treasury. The investigation of public transactions hints that more than 50% of transactions are tracked down to malicious or illegal activities like darknet market, ransomware, and high-risk exchanges, says US Treasury Department. 

As of now, Chatex is designated as pursuant to Executive Order (E.O) 13694, amending for material support assistance to Suex and malicious harm posed by ransomware hackers. When the crypto exchanges are sanctioned for providing material support to ransomware groups, the United States is hoping to extract out fundings and shut down the campaign. According to the US Treasury of the department, unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals. 

The treasury is constantly using all available resources to restrict harmful threat actors, disrupt illegal criminal proceedings, and stop extra activities against US citizens. According to Bleeping Computers, "FinCEN's Financial Trend Analysis report was issued on the heels of governments worldwide saying they will crackdown on cryptocurrency payment channels used by ransomware gangs. One year ago, the Treasury Department's Office of Foreign Assets Control (OFAC) also warned that ransomware negotiators that they could face civil penalties for facilitating ransom payments if their deals involve ransomware gangs already on its sanctions list."

Russian oil companies offer to use their fields for mining cryptocurrencies

Russian oil companies have offered to use Russian equipment at their fields for mining cryptocurrencies. They proposed using associated petroleum gas (APG) for these purposes, with the help of which electricity will be generated to supply data centers needed for mining. The project has been sent for consideration to the Ministry of Industry and Trade, the Ministry of Digital Development, Communications and Mass Media and the Central Bank of the Russian Federation.

It is reported that one of the major Russian oil companies would like to scale its cryptocurrency mining project, but this segment is in a legally gray zone, and the company is afraid of a negative reaction from the Central Bank, so it turned to the Ministry of Industry and Trade, which can discuss the risks with the regulator.

The Ministry of Industry and Trade reported that the project is being discussed with regulators. In accordance with the law “On Digital Financial Assets”, the procedure for the circulation of digital currency should be regulated by separate laws. According to the Central Bank, approaches to regulation are currently being discussed.

Experts consider the proposal controversial. On the one hand, there is the gas that is unprofitable for transportation, from which electricity can be obtained. On the other hand, this business is non-core and costly for oil companies, since they will have to pay for the maintenance of data centers.

Although there is no legal ban on mining in Russia, cryptocurrency cannot be exchanged or used as a means of payment. Therefore, according to experts, it is possible that oil companies will provide excess capacity for investors from China, where mining is prohibited.

It is worth noting that officially only Gazprom Neft has a mining project: in 2020, the company launched it at its field in Khanty-Mansiysk JSC. For a month, the company's partners managed to get 1.8 BTC. Gazprom Neft declined to comment.

Elon Musk Backed Floki Turns Rs 1000 Into Rs 34 Lakh

 

Everyone knows that at the start of this year, Musk was one of the most vocal proponents of Dogecoin. His regular pronouncements and tweets propelled the cryptocurrency to new heights. Tesla CEO Elon Musk, on the other hand, stated in June that he will be getting a Shiba Inu dog (the face of Dogecoin) as a pet shortly, and that it will be named 'Floki.'

In September of this year, Musk shared a photo of Floki, which sparked another surge in the Dogecoin. This benefited all the linked or inspired coins, such as Baby Doge and Shiba Inu. Floki Inu, on the other hand, has been the largest gainer, with significant returns to its investors. Surprisingly, the coin didn't even exist until recently. 

The digital token has risen 3,40,150% in just two months, from $0.00000002 on August 8 to $0.00006805 on October 8. In rupee terms, this implies it turned a Rs 1,000 investment into Rs 34 lakh in less than two months. As of Sunday, Floki Inu had a market capitalization of $700 million (Rs 5,250 crore), which was higher than that of listed companies such as Sequent Scientific, Strides Pharma, Inox Leisure, Cochin Shipyard, Sudarshan Chemicals, MTAR Technologies, and others. 

Floki Inu is also the only crypto project officially affiliated with Elon Musk's brother Kimbal Musk's 'Million Gardens Movement,' which aims to empower people to choose, grow, prepare, and consume healthy food. In a contribution drive for this movement last week, Floki Inu raised $1.4 million in just 35 minutes. Floki Inu issued 10,000 Flokitars to the general public on September 18, 2021. 

Floki Inu is riding high on the play to earn revolution, which resonates with millions around the world, according to Sharat Chandra, Blockchain & Emerging Tech Evangelist. This explains the coin's unprecedented pricing. 

"It’s going to head north in the days and months to come. Team behind Floki is focussed on developing an ecosystem of use cases powered by NFTs, games, decentralized banking and creating new monetization models," Sharat said. 

According to Darshan Bathija, Co-Founder and CEO of Vauld, "the way this meme coin is being regarded has radically changed over the last six months as they have grown more mainstream." If a coin's price movements are influenced by a big external source, it poses a greater concern and investment risk, Darshan added.

RDP Attacks On A Massive Increase, Warns ESET Threat Report

 

Cybersecurity firm ESET released a report warning a sudden rise in attacks RDP (Remote desktop protocol) endpoints, besides this Nobelium gang has also been active against European government organisations. ESET data tells that attacks on RDP servers went upto 103.9% in its T1 June reports that ESET publishes three times a year. The report shows total number of identified brute force attacks to be 55 billion, owing to a hacking campaign targeting Spanish victims. From the T1 2021 ESET report, one would assume that RDP attacks would go down. 

However, it came as a surprise when RDP related attacks were found again. The pattern suggests a potential increase in hacking attempts, especially a stark one in T3, it being the busiest time of 2021. The RDP attacks notice a small increase in some parts, but there was a huge uptick in RDP attacks against the Spanish targets. ESET data suggests that the total number of attacks against the Spanish targets in August accounts for one third globally. In addition to Spain, the US, Germany and Italy were also in the list. A similar pattern was noticed in SQL password guessing incidents. Meanwhile there was a 200% increase in RDP related attacks, cryptocurrency attacks noticed a slight downside. 

ESET experts believe that there might be a relation between cryptocurrency attacks and cryptocurrency price, especially in matters of cryptomining. ESET says "our report even mentions PayPal's and Twitter's announcements which sent the prices of major cryptocurrencies up following this increase (visible in the trend toward the end of T2). If there are more high-profile adoptions/announcements supporting cryptocurrencies in the coming months, we expect their prices to grow and cryptomining to follow." 

Even though ransomware attacks observed a single digit deficit (ESET also linked it to fall in cryptocurrency prices), the company is sure that the problem still persists. It wasn't possible to keep a full account of ransomware attacks in T2 as it was too busy, however, some incidents couldn't be ignored. "The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya IT management software, sent shockwaves that were felt not only in the cybersecurity industry," says ESET.