Como a criptomoeda está moldando o atual ambiente de ameaças

By: Renato Santos

A criptomoeda tem se tornado uma maneira cada vez mais popular de dar suporte às transações digitais. Desde a sua criação, os usuários descobriram uma variedade de maneiras de tirar vantagem da moeda eletrônica, incluindo estratégias de mineração e carteiras digitais.

O crescimento no interesse do uso da criptomoeda ajudou a impulsionar o valor das moedas digitais. No momento em que este texto foi escrito, o preço de mercado da Bitcoin estava acima de US$9.450, com um volume de mercado de mais de $8,5 milhões, embora o valor tenha oscilado muito nos últimos meses.

Ao mesmo tempo, no entanto, uma moeda digital que era irrastreável e não vinculada a nenhuma organização bancária específica, atraiu consideravelmente os cibercriminosos.

Dessa maneira, além dos usos legítimos, o uso malicioso da criptomoeda está moldando o atual ambiente de ameaças.

O atrativo da criptomoeda

Muitos consideram 2017 como o ano em que a criptomoeda quebrou barreiras e tornou-se popular: no entanto, a bitcoin e outros tipos de criptomoedas, representam há muitos anos, a principal força por trás do conceito de blockchain.

Um grande diferenciador entre a criptomoeda e outras transações digitais é o fato que as moedas como a bitcoin não exigem a verificação ou o suporte de um banco central ou provedor de serviço financeiro.

“Ao invés disso, é utilizada a criptografia para confirmar as transações em um livro-razão público chamado de blockchain, assim possibilitando os pagamentos entre pares”, assim explicado por Adam Levy, colaborador do The Motley Fool.

A criptomoeda oferece inúmeros benefícios para usuários comuns: incluindo transações digitais mais simples e maior privacidade. Esse mesmo tipo de vantagem, infelizmente, trabalha a favor dos hackers, que enxergam as criptomoedas como o elemento ideal para dar suporte às infecções maliciosas, como o ransomware.

Vantagens como a privacidade, as tornam ideais para possibilitar pagamentos que não podem ser rastreados até o agente malicioso responsável pela infecção – e é assim que os cibercriminosos tiram vantagem da criptomoeda.

O pagamento feito sem um intermediário (como um banco ou uma empresa de cartão de crédito), permite aos autores de ciberataques um elevado nível de anonimato.

Ataques às carteiras digitais

Um dos melhores exemplos da influência da criptomoeda no atual ambiente de ameaças, tem conexão com a enorme onda de ataques ransomware que vem acontecendo nos últimos anos.


Darknet Card Fraud Increased By 50% in Germany in the First Quarter of 2018

By: Anonymous

In 2017, more than 80,000 cases of stolen card details were reported in Germany. The victims complained that they tried to make purchases only to find that they couldn’t access their funds. According to the The Local De, CNP is one of the most common crimes in the European country.

Card Not Present (CNP) Policy Fuels Fraud

CNP fraud is a crime that involves making transactions with a person’s card without their knowledge. When making a Card Not Present payment (CNP), the physical card is not needed. The transactions are made automatically as long as the individual can prove a few things about the card. This becomes a ‘major route’ for credit card fraud as it is hard for store owners to verify the real holders when authorizing payments.

There has been a 50% increase of CNP cases. Dagens Handel reports that the National Deception Center Police department received nearly 100,000 complaints last year. In the first quarter of this year (2018), an increase of 50 percent has been recorded.

“We received 80,000 notifications last year, but we expect the darkness to be twice as big. CNP is the most common crime in the world,” said Jan Olsson, an investigator from the center.

He warns that the figure could continue increasing if strict measures are not taken to curb the fraud. Pundits believe that the problem can be alleviated if proper steps are taken to protect the consumers. Some of these measures include introducing 3D Secure services in the e-commerce. Then, the transactions should be verified by the card provider (Visa, MasterCard etc.) through secure codes. The consumers could use a personal password to complete transactions. This could reduce the theft.



By: sikur

Europol and the World Economic Forum (WEF) have signed a Memorandum of Understanding (MoU) to establish a mutual framework of cooperation to foster a safer cyber environment for citizens, organisations and businesses.

The aim of this collaboration is to develop a more robust and resilient global cyber security approach by promoting private-public partnerships. The WEF has recently launched a Global Cyber Security Centre together with Europol, where they will engage in joint efforts to improve the fight against cybercrime by exchanging knowledge, expertise and information on cyber threats.

Europol and the WEF will exchange expertise, such as, but not limited to, best practice, statistical data, technical information or cybercrime trends between the two parties and cooperate when implementing projects in common areas of interest.

Mr Steven Wilson, Head of the European Cybercrime Centre (EC3) at Europol, said: “As criminals increasingly threaten citizens’ and businesses’ digital lives, it is vital for the law enforcement community to work closely with the global business community to create a safe cyber environment. Europol has been supporting the WEF cyber initiatives for many years and this MoU will strengthen our cooperation. We are looking forward to working with the Forum’s Global Cybersecurity Centre to collectively contribute to thwarting cyber threats and to making the internet a safe place for everyone.”


Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Trump’s mobile phone security questioned

By: Teri Robinson

It’s a familiar, and disheartening, refrain to most cybersecurity pros when smartphone users reject stringent security features because they’re just “too inconvenient.” But when it’s repeated by the president of the United States, as allegedly was recently the case, it sets alarm bells clanging.

While Barack Obama’s Blackberry use was restricted during his presidency and former Secretary of State Hilary Clinton was pilloried for using her private smart device for work, President Trump still wields at least two two devices issued to him by the government – one for phone calls and the other that lets him access Twitter and some news sites, Politico reported Tuesday.

The report cited officials as saying that the call phone had a camera and mic – which could be vulnerable to surveillance – and the “Twitter” phone isn’t swapped out regularly. Obama’s phone was swapped out monthly on the insistence of his security team.

After explosive excerpts from an upcoming book on the Trump administration were published earlier this year and reports noted that author Michael Wolff taped interviews, the White House finally bannedstaffers in January from using their personal cellphones as it said it would do in 2017.

At the time, White House Press Secretary Sarah Huckabee Sanders said in a statement that since the “security and integrity of the technology systems at the White House is a top priority for the Trump administration” that all personal devices belonging to “guests and staff will no longer be allowed in the West Wing.”

Last fall, noting that government-issued phones, which among other things don’t allow users to text, are more secure than personal devices, Chief of Staff Gen. John Kelly reportedly expressed support for a ban.


U.S. seeks to take control of infected routers from hackers

By: Jim Finkle - Pavel Polityuk

The U.S. government said late on Wednesday that it would seek to wrestle hundreds of thousands of infected routers and storage devices from the control of hackers who security researchers warned were planning to use the “botnet” to attack Ukraine.

A federal judge in Pennsylvania gave the FBI permission to seize an internet domain that authorities charge a Russian hacking group known as Sofacy was using to control infected devices.
The order allows them to direct the devices to communicate with an FBI-controlled server, which will be used to query location to pass on to authorities around the globe who can remove malware from infected equipment. “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement.

The U.S. government announced the takedown effort after Cisco Systems Inc (CSCO.O) early on Wednesday released a report on the hacking campaign that it said targeted devices from Linksys, MikroTik, Netgear Inc (NTGR.O), TP-Link and QNAP. (

Cisco said the largest number of infections from the VPNFilter malware were in Ukraine, which led it to believe Russia was planning an attack on that country.


Mobile Fraud Soars as Social Sites Help Scammers

By: Phil Muncaster

Phishing continues to dominate the fraud landscape, accounting for nearly half of all attacks, but mobile fraud has jumped 650% over the past three years, according to RSA Security.

The security vendor’s Q1 2018 Fraud Report found phishing to account for 48% of all attacks during the quarter, followed by Trojans (24%) and brand abuse 21%).

The report uncovered a decline in use of traditional web browsers to conduct fraud, 62% in 2015 to 35% today, whilst the mobile app’s share of fraudulent transactions has risen from 5% to 39% over the same period.

However, as an attack type, mobile attacks comprised just 6% of the whole, linked to over 8,000 rogue apps in Q1. Some 82% of fraudulent e-commerce transactions spotted by RSA originated from a new device in Q1 2018, indicating the lengths scammers are going to in order to avoid detection.

RSA also confirmed the increasing role of legitimate social networks in unwittingly helping fraudsters to sell their wares.

“Social media provides the perfect control station for cyber-criminals, who can easily create profiles using fake details to operate on the platforms before collaborating with other fraudsters in closed groups, or peddling stolen wares in online marketplaces,” explained RSA Fraud & Risk Intelligence Unit director, Daniel Cohen.


New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

By: Swati Khandelwal

Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple.

Variant 4 comes weeks after German computer magazine Heise reported about a set of eight Spectre-class vulnerabilities in Intel CPUs and a small number of ARM processors, which may also impact AMD processor architecture as well.

Variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715), known as Spectre, and Variant 3 (CVE-2017-5754), known as Meltdown, are three processor vulnerabilities disclosed by Google Project Zero researchers in January this year.

Now, Microsoft and Google researchers have disclosed Variant 4 (CVE-2018-3639), dubbed Speculative Store Bypass, which is a similar Spectre variant that takes advantage of speculative execution that modern CPUs use to potentially expose sensitive data through a side channel.

Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues and is discarded if not.

However, the speculative-execution design blunders can be exploited by malicious software or apps running on a vulnerable computer, or a nefarious actor logged into the system, to trick the CPU into revealing sensitive information, like passwords and encryption keys, stored in system memory and the kernel.

Unlike Meltdown that primarily impacted Intel chips, Spectre affects chips from other manufacturers as well.

Spectre and Meltdown Continues to Haunt Intel, AMD, ARM

The latest Variant 4 flaw affects modern processor cores from Intel, AMD, and ARM, as well as IBM’s Power 8, Power 9, and System z CPUs—threatening almost all PCs, laptops, smartphones, tablets, and embedded electronics regardless of manufacturer or operating system.

Speculative Store Bypass attack is so far demonstrated in a “language-based runtime environment.” The most common use of runtimes, like JavaScript, is in web browsers, but Intel had not seen any evidence of successful browser-based exploits.

Linux distro giant Red Hat has also provided a video outlining the new Spectre flaw, alongside publishing a substantial guide:

DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

By: Swati Khandelwal

Widespread routers’ DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users.

Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users’ login credentials and the secret code for two-factor authentication.

According to security researchers at Kaspersky Labs, the criminal group behind the Roaming Mantis campaign has broadened their targets by adding phishing attacks for iOS devices, and cryptocurrency mining script for PC users.

Moreover, while the initial attacks were designed to target users from South East Asia–including South Korea, China Bangladesh, and Japan–the new campaign now support 27 languages to expand its operations to infect people across Europe and the Middle East.

How the Roaming Mantis Malware Works

Similar to the previous version, the new Roaming Mantis malware is distributed via DNS hijacking, wherein attackers change the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by them.

So, whenever users attempt to access any website via a compromised router, they are redirected to rogue websites, which serves:

  • fake apps infected with banking malware to Android users,
  • phishing sites to iOS users,
  • Sites with cryptocurrency mining script to desktop users

“After the [Android] user is redirected to the malicious site, they are prompted to update the browser [app]. That leads to the download of a malicious app named chrome.apk (there was another version as well, named facebook.apk),” researchers say.

To evade detection, fake websites generate new packages in real time with unique malicious apk files for download, and also set filename as eight random numbers.


Potential Spy Devices Which Track Cellphones, Intercept Calls Found All Over D.C., Md., Va.

By: Jodie Fleische Rick Yarborough and Jeff Piper

The technology can be as small as a suitcase, placed anywhere at any time, and it’s used to track cell phones and intercept calls.

The News4 I-Team found dozens of potential spy devices while driving around Washington, D.C., Maryland and Northern Virginia.

“While you might not be a target yourself, you may live next to someone who is. You could still get caught up,” said Aaron Turner, a leading mobile security expert.

The device, sometimes referred to by the brand name StingRay, is designed to mimic a cell tower and can trick your phone into connecting to it instead.

 The News4 I-Team asked Turner to ride around the capital region with special software loaded onto three cell phones, with three different carriers, to detect the devices operating in various locations.

“So when you see these red bars, those are very high-suspicion events,” said Turner.

If you live in or near the District, your phone has probably been tracked at some point, he said.

A recent report by the Department of Homeland Security called the spy devices a real and growing risk.

And the I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City. The I-Team got picked up twice while driving along K Street — the corridor popular with lobbyists.

“It looks like they don’t consider us to be interesting, so they’ve dropped us,” Turner remarked looking down at one of his phones.