Showing posts with label hackers. Show all posts
Showing posts with label hackers. Show all posts

Atlanta city government hit by cyber attack - hackers demanding Bitcoin ransom...

The details have been vague on which systems have been compromised - so far the city has only told us what isn't effected: public safety, water, and airports.

“Our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue. We are confident that our team of technology professionals will be able to restore applications soon. Our city website, Atlantaga.gov, remains accessible and we will provide updates as we receive them.” officials said in a statement.

As far as which systems are effected - it sounds like they're still figuring that out as well.

“We don’t know the extent or if anyone’s personal data or bank accounts will be compromised, all of us are subject to this attack” said Mayor Keisha Bottoms.

According to local TV station WXIA, the hackers are demanding $51,000 worth of Bitcoin to unlock the government systems, which is an an odd, and surprisingly low number for a government system hijack.

Officials have also stated they are working with the FBI, and U.S. Department of Homeland Security.

We are awaiting further updates.

------- -------
Author: Ross Davis
San Francisco News Desk


North Korea's digital army has a new target: Bitcoin! A look inside their latest, and still active operation...


They're known within the darknet underground as "The Lazarus Group" but intelligence sources say they're North Korea's digital army. You may have heard the name before in the infamous 2014 hack of Sony Pictures.

But their latest operation has a new target - cryptocurrency, and was discovered by cyber security company Secureworks.

The focus of the attack is executives at financial firms that hold and manage cryptocurrencies, and it works like this - an executive receives an e-mail, which states there's an opportunity to move up in the ranks, and become the company's Chief Financial Officer.

There is an attachment in the form of a Microsoft word file.  When opened, they recieve a notification "editing must be enabled to view the docunent" and when the user clicks "ok" it launches an embedded script that does 2 things.

First, it creates then opens harmless document - an actual job description to keep the user distracted and unsuspicious.

Second, secretly launches the instillation of a Trojan virus.

The harmless looking job description doc (Image: Secureworks)
The virus is designed to give full remote access to the hackers.  The computer is now completely under their control - they can log what's being typed, see what's on the screen, and even install more malware if they wish.

While remote access Trojans are nothing new and can even be bought and sold on underground darknet forums, what stands out about this one is it doesn't seem to be a variation of previously known Trojans - this one appears to have been freshly coded from scratch.

Evaluating the code, Secureworks Counter Threat Unit recognized something from previous North Korean operations - it's heavy reliance on the C2 protocol, which The Lazarus Group has used in the past to communicate to their main command and control servers.

The first discoveries of this new attack started in October, and are continuing today.

Those who feel they could be the target of such attacks are recommended to make sure macros are disabled in Microsoft Word, and require two-factor authentication on systems with sensitive data.

-------
Author: Ross Davis
San Francisco News Desk


Hackers are scanning computers worldwide for open Bitcoin and Ethereum wallets...


Security researcher Didier Stevens setup a trap, or in digital security terms - a "honeypot".  Think of it as digital sting operation, where someone puts a server online open to attack - but nothing of value is really there, it's only there to record the attacks as they happen.

The logs of these honeypots revealed hackers running scrips aimed at detecting files that contain cryptocurrency wallets.

The filenames included:

wallet - Copy.dat
wallet.dat
wallet.dat.1
wallet.dat.zip
wallet.tar
wallet.tar.gz
wallet.zip
wallet_backup.dat
wallet_backup.dat.1
wallet_backup.dat.zip
wallet_backup.zip

Didier said he's seen activity like this since 2013 - but never at such high volume.

The same is now happening to Ethereum since it's taken a strong hold as the #2 cryptocurrency. Threat hunter Dimitrios Slamaris set up a honeypot and faked having some Ethereum in his wallet.

The hacker checked what software he was running, how much ethereum he had in the wallet, then issued a eth_sendTransaction command in an attempt to steal gas from the previously received account.

It appears the hacker has had some small success too, "The destination account has almost 8 Ethers..." Dimitrios tweeted on Nov 8th.

Since then, there's been a few more transactions coming in, as well as a transfer going out to the ShapeShift exchange.
A look at the wallet activity of the hacker.

The lessons to take from this are: Your wallet shouldn't be named "wallet", and even better, your wallet shouldn't be on a computer that's online, or at the least, behind a strong firewall.
-------
Author: Ross Davis
San Francisco News Desk


Hack Coinbase - get $50,000!


Coinbase is taking part in this years "Hack the world" competition for White Hat (good) hackers who help companies find, and fix security holes.

$50,000 is the grand prize - if a hacker can pull off remotely executing code on coinbase's servers.

But that's not all they're offering, additional rewards include:

$10,000 for XSS/CSRF/Clickjacking affecting sensitive actions.
$7,500 for theft of privileged information.
$5,000 for partial authentication bypass.
and $3,000 for a variety of "lesser tasks".

Coinbase isn't new to this idea either, they proudly admit - they've already paid $176,031 in bounties to 223 hackers/researchers.

The practice is actually commonplace among tech companies and other sponsors of this event include Airbnb, Uber and Dropbox.

"Hack the world" is in progress now, and wraps up November 18. 

-------
Author: Ross Davis
San Francisco News Desk