The number of MikroTik routers that have been affected by a malicious malware that mines privacy-centric cryptocurrency Monero (XMR) has risen to 415,000, according to security researchers.
The cryptojacking malware was first discovered in August. According to a Trustwave report, the malware attacked the MikroTik routers after their systems became vulnerable earlier this year in April. Initially, hackers had penetrated 175,000 routers and then expanded to Eastern Europe, where they attacked 25,000 more routers. The hackers were using Coinhive and 15 other malware to mine XMR.
Since it was discovered, Twitter user VriesHd and researchers from Bad Packets have been following the cryptojacking malware. In September, they reported the number of affected MikroTik routers have risen to 280,000. In his recent tweet, VriesHd explains that the numbers have doubled since the initial attacks.
Just three different ways to abuse vulnerable Mikrotik routers to try to mine cryptocurrencies. Total combined 415 thousand results. Many more ways active. pic.twitter.com/u01HEr2UQy
— Kira 2.0 (@VriesHd) December 2, 2018
According to VriesHd, the number is derived from checking three possible ways hackers could be abusing MikroTik, although the number could be higher since the data reflects IP addresses known to have been infected with cryptojacking scripts. He noted that it would not surprise him if the actual number totals to somewhere around 350,000 to 400,000.
The researcher further found that the hackers are no longer exclusively using Coinhive; they have been using other mining software like Omine and CoinImp to mine the privacy-centric cryptocurrency.
To protect themselves from the malware, Bad Packets Report security expert Troy MUrsch advises MikroTik router users to download the latest firmware version available for their device. This will prevent the malware from using their routers to mine cryptocurrencies.
VriesHD also points out that internet service providers (ISPs) can also be used to fight the spread of malware by forcing over-the-air updates to the routers.
Cryptojacking cases continue to rise with figures increasing by 500% this year. According to reports, Brazil is the leading country affected by the malicious malware. Research shows that Coinhive has hit the country over 81,000 times in October. India ranks second with 29,000 discovered incidents followed by Indonesia, which has more than 23,000 cryptojacking cases.
The post MikroTik cryptojacking still in play with over 400K affected routers appeared first on CoinGeek.
Vertcoin (VTC) has fallen prey to a 51% attack, with some estimates suggesting losses have already surpassed $100,000 as a result of double spend transactions on the chain. It is the latest example of a 51% attack, where attackers take control of a majority share of a network, reflecting the inherent weaknesses in the proof of work model.
According to a Medium post by Mark Nesbitt, a security engineer at Coinbase who identified the attack, the requirement for ‘honesty’ in proof of work remains the key vulnerability to attacks of this kind. He wrote: “The “honesty” of more than half of miners is a core requirement for the security of [BTC] and any proof of work cryptocurrencies based on [BTC]. Honest action, in this context, means following the behavior described in the…white paper. This is sometimes described as a “security risk” or “attack vector,” but is more accurately described as a known limitation to the proof of work model.”
“Failure to meet this requirement breaks several core guarantees of the Bitcoin protocol, including the irreversibility of transactions,” according to Nesbitt.
The attack follows on from several other similar attacks this year, including those affecting MONA, BTG and XVG. According to Nesbitt, this demonstrates the vulnerability of the so-called ‘long tail’ of crypto assets, as well as the weaknesses of the proof of work system.
“These attacks on VTC are not the only examples of a successful 51% double spending attack. 51% attacks occurred in BTG, XVG, and MONA earlier this year; this is merely another incident that shows that threat actors exist that are both resourced and sophisticated enough to execute this kind of attack. This recent spate of successful 51% attacks has significant implications on what is often referred to as the “long tail” of cryptocurrency assets,” he explained.
“There are a large number of cryptocurrencies, including many based on [BTC], that implement their own proof of work based blockchains. Observers of the industry have claimed that these assets have the same properties as SegWit. This claim has now been undeniably, empirically proven to be false.”
With attacks of this kind becoming increasingly common, it looks as though more unsuspecting crypto investors will be caught out by investing in insecure tokens.
The post Vertcoin loses over $100,000 in 51% attack: report appeared first on CoinGeek.
The U.S. Department of Homeland Security (DHS) has become the latest arm of government to take an interest in blockchain, this time with a view to develop forensic analysis tools for analysing blockchain transactions.
The department is seeking submissions from blockchain experts as part of a consultation exercise, inviting design applications as well as commentary from interested parties. The process is aimed at exploring solutions that would allow Homeland Security investigators to conduct detailed analysis of blockchain transactions, including privacy coins, which have until now eluded existing analytics technologies.
Interestingly, the Department of Homeland Security specifies that while previous analysis work has been conducted on Bitcoin Core (BTC) blockchain, it is interested in new options for analysis on privacy coins such as Monero and Zcash, which exist within private blockchains.
This is relevant given the association of privacy coins along with BTC in alleged criminal use cases for these digital currencies, with criminals turning to the anonymity afforded by transacting on these blockchains.
According to the solicitation document, the technology should “provide working approaches to treating newer blockchain implementations,” as well as having applicability in other administrative use cases. It noted, “Because of the significant impact in areas such as governance, data sharing agreement enforcement, and encrypted analytics interchanges, there are a wide variety of applications in government and the commercial marketplace that can benefit from successful product development.”
The pre-solicitation notice will be finalised on December 19, at which point formal applications will be welcomed, as part of the initial stages of a process that could offer greater access for the authorities to these closed blockchain networks.
In launching the pre-solicitation notice, the Department of Homeland Security becomes the latest government agency to increase its focus on blockchain technology.
Recently the U.S. Defense Advanced Research Projects Agency announced plans for a two day research event, as part of its interest in “several, less-explored avenues of permissionless distributed consensus protocols.”
It comes at a time of increasing awareness of the value of blockchain technologies in public administration across different sectors, with government agencies exploring a number of use cases for blockchain systems.
The post Homeland Security wants a look at activities on private blockchains appeared first on CoinGeek.
It’s no secret that Japanese authorities are looking to take control over tax money it feels is lost in the crypto space. The country is behind an effort being developed by the G20 to implement a global crypto tax strategy that could see governments receive millions of dollars in payments. Back home in Japan, regulators are now looking to introduce a new system that will report significant profits from crypto-based transactions, helping the country recover even more funds.
According to the Japanese media outlet Mainichi Shimbun, the new system to be implemented will give the National Tax Agency (NTA) the ability to gather data from transaction intermediaries, which include crypto exchanges. The NTA will have the authority to request information – such as names, addresses and personal ID numbers – on customers that it suspects of tax evasion. If everything goes according to plan, the system will be developed next year, with an anticipated implementation for the new fiscal year beginning in April 2020.
Not all individuals would be targeted by the new system. The media outlet quotes several sources who said that only those who earn over 10 million yen ($88,700) through crypto transactions would be held accountable.
Currently, crypto exchanges and other companies that are deemed intermediaries only give up data voluntarily. They have the legal ability to refuse to hand over information, but this could change with the new legislation. The exchanges could be forced to adhere to the requests, but would still maintain the right to appeal any request it feels is unwarranted.
The impact won’t be felt widespread, at least not initially. According to a recent survey conducted by the NTA, only just over 300 people indicated that they earned more than 100 million yen through crypto last year. Given the current market slide, the number has probably dropped significantly.
Japan is also ready to come down hard on initial coin offerings (ICO). The Japanese Financial Services Authority (FSA) announced this week that it would introduce stricter regulations on the offering in order to protect investors from fraud. Going forward, any entity wishing to launch an ICO would have to first register with the FSA.
The post Japan to introduce new reporting system to prevent crypto tax evasion appeared first on CoinGeek.
Intel was born by being on the cutting edge of technology, so it’s no surprise that the tech giant would continue to ensure that it is able to be an influencer. The company already has a number of patents related to cryptocurrencies and blockchains, but just added another to its growing binder. The latest could go a long way to countering all of those obtuse individuals who believe that cryptocurrency mining is bad for the environment.
The U.S. Patent & Trademark Office (USPTO) has awarded Intel a patent for a crypto mining processor that allows for “energy-efficient high performance bitcoin mining.” The patent filing specifically refers to the SHA-256 algorithm, which is the most common algorithm used by Bitcoin Core (BTC).
According to the patent, “Dedicated Bitcoin mining ASICs [application-specific integrated circuits] are used to implement multiple SHA-256 engines that may deliver a performance of thousands of hashes per second while consuming power of greater than 200 [watts]. Embodiments of the present disclosure employ micro-architectural optimizations including selective hardwiring certain parameters in Bitcoin mining computation.”
By hardwiring the parameters, the number of computations needed would be reduced. This would allow the mining system to also rely on a decreased amount of power, possibly as much as 15%. The chip could also be made smaller than current chips, which would result in a smaller footprint for the mining equipment that doesn’t have to incorporate a significant amount of cooling devices.
The processor would include additional characteristics that could even further lower the power needs. The patent discusses that, by changing the amount of 32-bit nonce that is used to verify validity, there could be a further reduction in power usage. Intel states in the patent, “Instead of comparing the final hashing result with the target value, [the] bitcoin mining application may determine whether the hash out has a minimum number of leading zeros.”
Intel obviously has a strong history – and a great deal of expertise – with computer processors. In addition to crypto patents the company already holds, it was also the chip manufacturer for 21 Inc., a crypto mining operation. 21 Inc. was later renamed Earn.com and subsequently purchased by Coinbase.
Botnets are being repurposed to distribute crypto mining malware, using victim’s processing power and energy resources to mine for cryptocurrency, according to security experts at Kaspersky Labs.
The findings from cybersecurity company Kaspersky Labs identifies a growing trend towards using botnets in conjunction with crypto mining attacks, which allows hackers the opportunity to commandeer processing power from infected networks.
This processing power is then devoted to mining for cryptocurrencies, including the BTC token, which provides a source of funds for those behind the attacks.
According to the report, botnet owners are increasingly switching towards mining from other attack vectors, highlighting the profitability of this kind of attack. The research suggests that a corresponding drop in DDoS attacks could be as a result of attackers switching focus to mining over other types of malware.
“Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining. For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled,” it noted.
The report goes on to say that the malware is often distributed alongside unlicensed, or pirated, software, explaining, “The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software.”
Kaspersky Labs has previously identified these types of attacks are being attractive for scammers, thanks to the difficulties with detection—both from law enforcement authorities, and from the victims themselves.
Running silently in the background, it is hard for victims to even identify when their system has been compromised, leading to a longer time to detection compared to other types of malware.
There was also the suggestion that some jurisdictions were more amenable to these types of attacks than others, with Kazakhstan, Vietnam and Indonesia amongst the most prominent locations for these types of attacks to originate, according to the report.
The report will serve as a reminder of the dangers of pirated software, and the type of attacks that can infect the computers of those who download software illegally.
The post Botnets increasingly used for crypto mining malware, Kaspersky says appeared first on Coingeek.
“What is wrong with Bitcoin ABC?” Let Unwriter break it down for you.
The prolific developer, who was behind a number of the useful infrastructure projects in the Bitcoin Cash ecosystem, recently shared his thoughts on the so-called BCH hash war and the ABC group—and they’re not pretty.
In a scathing post on Medium, Unwriter was keen to say he was not criticising individual developers, and was not personally attacking any groups or organizations, but instead reflecting on the outcome of the hash war, which has in his view resulted in significant code errors from the ABC team.
“Bitcoin ABC was so afraid of an imaginary attack from SV that they made all kinds of mistakes, writing permanent code in rapid fire releases to the point where what they stand for is no longer recognizable,” he wrote. “And THIS — ABC’s self-inflicted scars that will forever exist immutably on the blockchain — has led to a blockchain I can no longer build on.”
Specifically, he highlighted the fear of an imagined attack from the Bitcoin SV camp as contributing to ABC’s hasty releases, which in his view have made the BCH ecosystem less effective for developers.
In the post, Unwriter goes on to explain that ABC has irreversibly created five conditions that are sub-optimal: that ABC is censorable, centralized, and unstable, and that it is anti Bitcoin maximalist, while signalling the death of ‘permissionless innovation.’
He noted, “There is something very wrong with Bitcoin Cash ABC and its ‘community’ today. There is too much misinformation out there, and people seem too willing to believe anything if it comes from some influencer guy who they see as ‘respected by the community,’ even when they have no idea why they are ‘respected by the community’ in the first place.”
Concluding, Unwriter said that Bitcoin SV is the real Bitcoin, and the one that best serves the needs of users and the developer community. He wrote, “Bitcoin SV is the Real Bitcoin. This is not an opinion. This is a fact. Bitcoin works. And I choose to build everything on top of Bitcoin. I feel 100% safe operating on SV because the protocol hasn’t changed at all, there has been no behind-the-doors centralized collusion…”
Read Unwriter’s Medium post, “The resolution of the Bitcoin Cash experiment,” here.
The post ‘No longer sound money’: Developer Unwriter slams ABC’s ‘self-inflicted scars’ appeared first on Coingeek.