Connect with us

Technology

Are Hackers Friends Of Crypto Industry Or Are They Enemies?

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money. Click To Tweet

Published

on

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money.
Hackers have been paid by crypto companies to fix bugs. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.

Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.

The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.

Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.

According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.

Both Block.one, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.

Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.

While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.

Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.

Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.

“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”

In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

These Series Of Ransomware Attacks Is More Than Just For Ransom — And The Government Should Listen And Investigate

Experts warn that the series of ransomware attacks against US City and state agencies is a message that the government should listen to. Click To Tweet

Published

on

Experts warn that the series of ransomware attacks against US City and state agencies is a message that the government should listen to.
Ransomware are plaguing city governments and experts warn that it will get worse. Photo: Christiaan Colen | Flickr | CC BY-SA 2.0

The ransomware epidemic is growing stronger, and researchers and tech experts warn that it will get much worse. Many ransomware attacks have been launched against city governments, private businesses, and have effectively shut down the system and social services in different states across the U.S.

According to a report by a cybersecurity firm Recorded Future, the recorded attacks rose from 38 in 2017 to 53 in 2018, and researchers noted that those numbers are expected to rise in the next few years.

Ransomware is not a new phenomenon. While malware remains to be the biggest threat in cybersecurity, ransomware is gaining traction in notoriety. In a typical ransomware attack, the attacker will send a Trojan, a worm, or malware to a system — to demand payment in exchange for the remedy to the ransomware. Sometimes, attackers threaten to publish the victim’s database or other secured information hidden within its system in exchange for a ransom.

Starting from around 2012, the use of ransomware scams grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This result marks a 229% increase over the same time in 2017.

In June 2014, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year. CryptoLocker was particularly successful, procuring an estimated $3 million before it was taken down by authorities, and CryptoWall was determined by the US Federal Bureau of Investigation (FBI) to have accrued over the $18 million by June 2015.

Atlanta ransomware attack

Probably one of the most significant and most damaging ransomware attacks in recent U.S. history, Atlanta had become one of the latest victims of ransomware attacks back in March 2018. The offense has knocked almost all of the city’s agencies offline, causing most of the social services to freeze including scheduling court cases and paying utility bills online. Furthermore, the ransomware has effectively caused decades worth of official correspondence to disappear in thin air.

Reports reveal that it took the city more than $17 million in costs to recover from the devastating effects of the ransomware.

Several tech experts have said that other cities should take the case of Atlanta to be a “wake-up” call for how vulnerable local and state governments were to these types of cyber crimes – and how underprepared they are to resist them. However, it seems like these calls have fallen to deaf ears.

More and more cities are being attacked

Just over 12 months later, Baltimore is in the throes of its costly ransomware attack. Now in its sixth week, the attack has left officials unable to process payments and even respond to emails. And Baltimore is not alone. In just the last two months, there have been ransomware attacks in Greenville, North Carolina; Imperial County, California; Stuart, Florida; Cleveland, Ohio; Augusta, Maine; Lynn, Massachusetts; and Cartersville, Georgia.

Related: Social Services Paralyzed Following A Ransomware Attack On Albany, New York

Increasing security defenses in companies shifted the target to government agencies

As corporations improve their security firewalls to prevent attacks like malware and ransomware against their systems from happening, hackers have found new ways to infiltrate vulnerable municipal and city systems whose defenses are much weaker. Add to that the fact that many cities and states are starting to digitize their records and services in recent years, making their juvenile systems vulnerable to all sorts of cyber crimes.

Read: Ransomware Are Plaguing American Cities And Experts Warn That It Will Get Worse

“The government knows it needs to change, but they move slowly compared to how quickly private business can pivot to manage their exposure to a new threat,” Gary Hayslip, a cybersecurity expert who previously acted as a chief information security officer for San Diego, said. “Until it is mandated that cities, counties, and states meet a specific level of security and have to demonstrate it as is done in business for compliance periodically, government entities will continue to be low-hanging fruit and cybercriminals don’t mind eating them for lunch.”

Moreover, because of improvements in technology and the availability of information online, it has become easier for cybercriminals to launch an attack. “On the dark web, there are lots of available tools for relative novices to craft together pretty effective pieces of ransomware technology,” said Chris Kennedy, chief information security officers at cybersecurity company AttackIQ. “It’s the ‘Idiots Guide to Hacking.’”

Read More: Ransomware Outbreak In Arizona Shuts Down Businesses

But with the growing number of cities and state agencies falling victims to ransomware attacks, will the government now listen? Maybe.

Continue Reading

Technology

A New Strain Of ‘Houdini’ Malware Is On Sale For $50 Per Month In The Black Market

The new Houdini malware targets financial institutions and their customers.

Published

on

A new strain of the Houdini malware known as Hworm has been discovered and it is now on sale in blackmarkets for $50 per month subscription.
A new strain of the Houdini malware known as Hworm has been discovered. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

When someone mentions Houdini, it is almost instantly recalled to the world’s greatest magician and escape artist. But, cybercriminals have found a way to transform the man’s legacy into something feared and unwanted. A new strain of the Houdini worm has been detected by security researchers and has launched a new series of campaigns against financial institutions and their customers.

A few days ago, a report from cybersecurity researchers from Cofense confirmed that a new strain of the Houdini malware – also known as Hworm – was released by its creators on June 2, 2019.

The new Houdini malware only took five days to start wreaking havoc and seek out victims via malicious phishing campaigns. According to the report, the main goal of the malware is to steal online banking credentials which the culprits could later use to make fraudulent online purchases. It uses a tool dubbed as WSH Remote Access Tool (RAT).

“Houdini Worm (HWorm) – a misleading name because it has more in common with a bot or RAT than a worm – has existed since at least 2013 and shares extreme similarities with what is undoubtedly its malignant siblings: njRAT and njWorm. This new iteration comes ported to JavaScript (JS) from HWorm’s original codebase of Visual Basic. WSH is likely a reference to the legitimate Windows Script Host, which is an application used to execute scripts on Windows machines,” wrote the researchers in a blog post.

How does it work?

The cybercriminals masqueraded the phishing campaign as legitimate emails from various financial institutions and banks. One particular bank used by hackers is HSBC. The fraudulent emails contain .MHT web archive files which act the same way as HTML files.

The phishing email delivering WSH RAT within an attachment . Photo: Cofense

“The email attachment contained an MHT file that is used by threat operators in the same way as HTML files. In this case, the MHT file contained an href link which when opened, directed victims to a .zip archive containing a version of WSH RAT,” they added.

When the MHT file, which contains a web address link, was executed, it directs the victims towards a .zip archive containing the WSH RAT payload. WSH RAT uses the same configuration structure that Hworm uses for this process.

WSH RAT is a version of HWorm which has been ported to Javascript from HWorm’s original Visual Basic setup but acts in the same manner as the original malware. The Trojan not only uses the same Base64 encoded data — which Cofense describes as “mangled” — but also the same configuration strings, with default variables named and organized in the same way for both types of malicious code.

The Trojan first communicates with a command and control server, controlled by the cybercriminal, request three additional .tar.gz files. These files, however, are PE32 executables which provide the Trojan with a Windows keylogger, a mail credential viewer, and a browser credential viewer module.

It is also noteworthy that these modules were developed by other third parties and cannot be attributed to the original creator of the Houdini worm. Furthermore, reports reveal that the malware is being actively sold in underground forums and the black market. The price point for the infection is said to be at $50 per month subscription basis. Sellers are marketing their product by waxing eloquent about WSH Rat’s Windows XP and Windows 10 compatibility, evasion techniques, credentials-stealing capabilities, among others.

New malware variants are sprouting

Only recently, researchers from Google has discovered a Linux-based strain of another prevalent malware, Winnti, which was attributed to the high-value attack against a Vietnamese gaming company a few years back by some Chinese hackers.

Researchers made the discovery from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems.

According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).

Continue Reading

Technology

‘Pavlok’ SmartTech Bracelet Stops Bad Habits With Electric Shocks

Need a stronger approach to stopping your bad habits? Pavlok is ready to zap you into good behavior. Click To Tweet

Published

on

Photo: Fitnish Media | Unsplash.com

Studies suggest that it takes 21 days to make or break habits. The truth is, it’s not the longevity that most people struggle with — it’s the consistency. Enter Pavlok, a wearable tech that uses aversive conditioning — a kind of negative reinforcement — to keep you from your bad habits is now available in Amazon.

How does it work?

Pavlok is made of two parts: a one-size-fits-all wristband and an app that is available in Android and iOS. The band uses electric shocks, ranging from low to high setting, to enforce negative stimuli when you engage in your bad habits. It is the digital form of snapping your wrist with a rubber band when you bite your nails or sneak a quick cigarette break.

According to its Amazon webpage, Pavlok has sold more than 50,000 units since its official launch in 2015. Behavioral Technology Group Inc., the company responsible for the product, has since released two versions of Pavlok. It has also released a new product called Shock Clock, an alarm clock that zaps its user awake.

History of Pavlok

Maneesh Sethi, the CEO, and founder of Behavioral Technology Group, Inc. claims to have the idea for Pavlok when he created an experiment back in 2014. He shared in a blog post that he hired a girl from Craiglist to slap him whenever he went on Facebook. Based on his experiment, he increased his productivity and concluded that aversive conditioning worked for him.

In 2014, Sethi put up Pavlok on crowdfunding website Indiegogo to create their initial prototype. It targeted to get funding of $50,000 and walked away with more than $250,000 with a total of 1,763 backers.

Despite success in crowdfunding, Pavlok’s popularity soared only on May 20, 2016, when it was featured on the last episode of Shark Tank‘s season 7. Sethi refused Kevin O’ Leary’s offer because he doesn’t want to work with him. Even though Sethi’s venture on the popular hit show was amiss, he continued working on his digital aversive conditioning technique.

Mixed Reviews

Users on Amazon and blogs have mixed reviews with this unconventional wearable tech. Testimonials are available on Pavlok’s website, boasting success on breaking bad habits like nail biting, stopping cookie addiction, and eating too many sugary snacks.

While others swear by the results, others felt that Pavlok’s expectations fell short. With Pavlok 1, users have to manually zap themselves when they engage in a bad habit. Users reported that after some time, they learned to ignore the electric shocks or forget to zap themselves.

As an improvement, Pavlok included a feature which would allow your friends to zap you when they caught you red-handed. Aside from that, they integrated an IFTTT feature, which would allow users to input conditions for when they will receive their shocks. For example, if you are trying to remove your nail biting habit, you can simply input Pavlok to zap you when you lift your hand to your mouth. Of course, it only works when you use the hand which has the Pavlok device.

Future of Wearable Tech

Pavlok is just one of the hundreds of wearable tech designed to improve users’ quality of life. Apple is set to release Apple Watch OS 6, which includes a menstrual cycle tracker. It is a much-awaited update after the launching of Apple Watch Series 4 last September 2018.

Starkey, a company focused on producing hearing aids, launched Livio AI last year as well. It is a hearing aid marketed for people who do not need any hearing aids. It features integrated sensors to detect noisy environments and lessen them, thereby reducing the user’s exposure to noise pollution. It also boasts an almost perfect language translation app that lets you understand 27 languages.

With the rise in popularity of these products, wearable tech has a bright future.

Continue Reading

Trending