Blockchain Technology: An Easy Quarry For Cybercriminals
Of what benefit is a new blockchain technology for us if it does not suffice to the basic foundation of accepting and adopting the new players. Today’s technological advancements, specifically in Blockchain technology, is reaching immense heights and definitely have stayed in the game for a long time. However, with good actors come bad ones wherein people have resolved to various unethical ways to disrupt the good for their own benefit.
Recently McAfee has released a Blockchain threat report in which they have discussed the vulnerability of this popular technology.
The report highlighted the first Blockchain attack ever noticed was phishing due to its success rate. Recently $4 million of IOTA cryptocurrency was stolen because of using an online seed generator. A seed is an 81 character password used to access IOTA wallets and a seed generator is a tool for creating seeds. This being the case for a blockless distributed ledger but, for a blocked distributed ledger, MEWkit phishing campaign is a known example: which allows the actors to drain all the money out of the wallets within seconds while the user continues to exchange money without him knowing it. It was targeted for the Ethereum wallets and were mimicked as MyEtherWallet(MEW) hence the name. As demonstrated by the man-in-the-middle attack where the bad actors rerouted traffic supposedly directed to a specific router (Amazon Route 53). Phishing can also be done by spamming emails where e-mails appear to be originating from providers of cryptocurrency related services.
Another notable category is Malware where bad actors can use primary tools to acquire cryptocurrency and could also unknowably hide them. As reported by McAfee, cybercriminals also had easy-access tools, especially HiddenTear, which is meant to be an ‘educational’ tool on ransomware but was quickly used by actors to build hundreds of variants. These variants generally required Bitcoin payments for ransom, wait a few exceptions suggest Monero with the Kirk ransomware. Monero mining Malware who had targeted Mac users where the experiencing an increase in CPU activity and battery used than usual. Also, McAfee reported that- ransomware developers also adopted the mainstream coin Ethereum in early 2018.
A Trojan Malware is a type of software which is disguised as the legitimate software. Users are instigated to install and execute intrusions on the system through effective social engineering. It can be used to delete data, modify, copy, block, and even disrupt the performance of your computer. One such example is the CryptoShuffler Trojan where it resides quietly in the memory of your computer and monitors the clipboard which is basically used as a cut-paste area. As studied by Kaspersky Lab, they discovered that the Malware targets not only Bitcoin but also Ethereum, Zcash, Monero, Dash, Dogecoin and other cryptocurrencies as well. Substituting Bitcoin wallets is the Trojans most lucrative activity- at the time of Publication that occurs had snagged slightly more than 23 BTC (about $140,000 at current exchange rate).
Another Trojan MnuBot which functions as a remote access Trojan (RAT) and uses Microsoft SQL server database as Command & Control server. Basically, first, the user is logged out of the current window and the server details and hence decrypted and used for initial configuration after which the MNUbot communicates with the server for proceeding to the next stage. Here the MNUbot provides a fake web form overlay similar to the real banking website and misleads the victim to fill in his credentials for access. Meanwhile, using them, money can be stolen illegally.
While Blockchain as a not-so-novice Technology proceeds to prevail in various sectors of business and finance, it is of utmost importance to gain the confidence of its benefits by its users. Only will then the good traits overshadow the bad. Blockchain Technology has had a bad name in its cryptocurrency part but the numerous advantages of this technology can definitely compensate for what has always been called “scam”.