BlockThreat - Week 35, 2019
Lightning | Parity | Siacoin | Retadup
Never a dull week in blockchain security! This week multiple critical vulnerabilities were patched in Bitcoin Lightning projects and the Parity Ethereum node software. Interesting news of French law enforcement agency using malware infrastructure against itself to disable 850,000 malicious miner instances. Also check out the detailed McAffee report covering the latest TTPs (Tactics, Techniques, and Procedures) used by cryptocurrency related malware and actors.
News
- Capital One Hacker ‘Breached 30 Organizations And Mined Cryptocurrency,’ Claims DOJ - a recently released indictment alleges that the Capital One hacker used her access to compromised servers to mine cryptocurrency.
Bugs
- CVEs assigned for lightning projects: please upgrade! - a mailing list notification about yet unpublished vulnerabilities in Bitcoin Lightning projects urging users to upgrade. Details of the three upcoming CVEs will be released on September 27th. Patches are available.
- New Parity Ethereum update protects against RPC call vulnerability - a Denial of Service vulnerability was discovered in the Parity node implementation with a public facing RPC. Patches are available.
- A Cryptocurrency Heist, Starring Your Web Browser - a detailed exploitation report of attacking a locally running service to steal Siacoin.
- Libra bug bounty program - Facebook promises up to $10k reward for critical bugs in the upcoming Libra cryptocurrency.
Malware
- Putting an end to Retadup: A malicious worm that infected hundreds of thousands - a detailed report on the Retadup miner malware and the disinfection operation in collaboration with a French law enforcement agency. The article documents an unusual case where defenders commandeered a command and control server to issue a self-destruct command to all running malware instances.
- McAfee Labs Threats Report - August 2019 - the report documents a significant growth in the number of ransomware attacks and identifies new malware families aiming to steal wallets and mine cryptocurrencies. The analysis enumerates a number of new infection vectors and social engineering tactics used to distribute malware.
- Fortnite Ransomware Masquerades as an Aimbot Game Hack - malicious software targets powerful gaming machines to mine cryptocurrencies and encrypt files.
- XMR Cryptomining Targeting x86/i686 Systems - malware report on a family targeting IoT devices running Telnet and SSH services.
- Sodinokibi Ransomware Spreads via Fake Forums on Hacked Sites - malware report on a family spreading through fake WordPress forum posts.
Events
- #blockchainhackers vol.3 recap - a quick recap of the blockchain security event during Berlin Blockchain Week.
That’s all for this week in blockchain intelligence. Patch your nodes and stay safe out there.