Cryptocurrency-Mining Malware: 2018’s New Menace? By Menard Osena
Will cryptocurrency-mining malware be the new ransomware? The popularity and increasing real-world significance of cryptocurrencies are also drawing cybercriminal attention — so much so that it appears to keep pace with ransomware’s infamy in the threat landscape. In fact, cryptocurrency mining was the most detected network event in devices connected to home routers in 2017.
It’s been 4 years na pala since my last blog post at TrendLabs Security Intelligence Blog, and I really feel great that I’m writing again there. I am still not decided if my other follow up insights will be for menardconnect.com or for AVSecurityProductManager.com but definitely there will be some follow up posts at #TrendLabs #Security Intel Blog and my blogs… Soon!
But for now just let me do a repost and some shoutouts and mentions 🙂
Special thanks to John, JR, Dianne, Bri, Caloy, Kerr and Gelo. You guys rock!
And some waves and hugs to my TrendLabs CoreTech XRS Ops Team 🙂 I love you all!
I am seeing lots of social media activity from my online Pinoy friends about Bitcoin, Cryptocurrencies, and hacking and oh boy I’m really amazed that we’ve got lots of pinoy experts on BTC and crypto and hacking now na ha! Hehehe!
Honestly I think this is good and bad! Good, that there is an increasing interest in this topic and therefore more meaningful conversations can follow. Bad, because I see a lot of FUD (fear, uncertainty, doubt) out there about bitcoin and crypto (re: Bitcoin is EVIL), and I believe that FUD = misinformation and will not be helpful for all if it is not properly put into its place.
Disclaimer: I do not claim to be an expert on Bitcoin and cryptocurrency. I am just fortunate that in my line of work I am exposed to the good and bad of Bitcoin and cryptos. And as GI Joe series taught me “…Now you know… and knowing is half the battle” so I’m posting my thoughts here at menardconnect.com.
So first, before we spread FUD about bitcoin,cryptocurrencies and hacking, please do read about Mt. Gox and Bitfinex. I was looking for related materials on this topic and found the following links below can give a pretty good start…
Our company, Trend Micro is hosting a cybersecurity event called Threat Experts Summit for students!!! It will be this Friday, November 10, 2017 1:00 PM – 5:30 PM at the Hotel Novotel, Araneta Center, Cubao, Quezon City.
IT students, this is your chance to learn cybersecurity in-depth straight from the experts! We will be discussing cool topics like Cybersecurity, Machine Learning and lots of other infosec/geeky stuff so if you’re free, come and join our event!
Interested students can register HERE
For more details visit Trend Micro Pilipinas FB page (https://www.facebook.com/TrendMicroPH)
Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro Pilipinas Facebook Page.
Our company is running a cool educational contest this summer that is worth checking out. It is a global competition intended to help build skills among young professionals and seasoned veterans in the area of cybersecurity.
This Trend Micro event, called Capture the Flag (CTF), will consist of challenges across 4 disciplines including targeted attacks, cybercrime, IoT, and SCADA. Winner gets JPY 1,000,000 (approximately US$8,700) plus much much more!!!
Trend Micro is also offering an amazing opportunity for the top 10 online qualifying teams and will cover travel expenses to Japan (up to JPY 200,000 / approximately US$1,810/ conditions apply) as well as three nights hotel accommodation. Even if you are not really interested in the prizes, this is a great opportunity for you to test your skills and learn!
With a global shortage of skilled cybersecurity experts, this is a great way for people to build their knowledge of this industry.
Before I end the post, the usual disclaimer/disclosure: I work at Trend Micro. The information contained in this post is taken from Trend Micro press materials. The views expressed in this blog are mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
I love bitcoins and cryptocurrencies and I wrote some articles about bitcoin here at menardconnect.com and in our company security blog some years back.
I also delved into mining crypto-coins but my electricity costs and my alt-coin mining difficulty is at odds so I re-assessed the situation and concluded it was not cost effective anymore. So I stopped mining some years ago and I monitored the bitcoin scene and its infosec connection from the sidelines of social media.
This year, I read that Bangko Sentral ng Pilipinas (BSP) issued some guidelines on virtual currencies and for me this is some sort keeping up with the times of BSP (hehe acceptance of reality maybe) and is a long awaited good news overall. So I decided that the time is ripe for Philippines and Bitcoin so I searched what my friend Dexter of TechAthand.net and BestofRiyadh.com mentioned in one of his posts that a PH-based company is offering an easy way to buy bitcoins and do purchases and remittances with cheaper costs. So I researched more about that company (Coins.PH) and find that it’s very promising 🙂 . Luckily, a friend IRL mentioned that he is using Coins.PH too so this sealed the deal.
I registered at the Coins.PH website and downloaded the iOS app and tried using the Coins.PH services. And I am very happy to say that Coins.PH is very easy to use and is really promising as lot of merchants are using it to sell e-loads, pay bills (for telco/utilities like meralco) and allow sending of remittances. Payment is very easy too (via G-cash, 7-11 stores, Cebuana Lhuillier or bank transaction (online or OTC (over-the-counter). These are my top choices of payment but you can see other options in the website or app and use what is convenient for you. From my personal checking, the app and the website is secure, but of course I will be constantly be vigilant about this and will check it from time to time. I know that good security practices with your mobile phone and computing machines (PC/Macs) is a must for the overall security and safety of bitcoins transaction and other online financial activities. Update: I also had some good experience dealing with the support folks on some issues so this is another plus for them 🙂
To show my appreciation and support to Coins.PH and the bitcoin community around the world and in the Philippines I am doing this awareness post on Bitcoins and Coins.PH. I strongly recommend that you, my readers, friends (online and IRL) and supporters try Coins.PH too by registering using my Coins.PH referral link . Registration is FREE, but the good thing with registering using my Coins.ph link, we both earn 50 pesos each (credited to our Coins.PH wallet) when you complete the verification process. To complete the verification process they will require Identification (ID) card upload as to prevent potential abuse (hehehe shoutout to our friends at BSP and AMLC 😀 ). If you are not comfortable about uploading your ID and complete the verification it’s A-OK too, the only drawback is that you will have some daily transaction limit (P2,000) but still, the basic account can be a good way to try and have a hands-on feel on how to do wallet and bitcoin transactions.
Again I invite you to try Coins.PH its FREE and SAFE. And as the saying goes… there is no harm in trying 🙂
Hope you like my bitcoin and Coins.ph post. If you like bitcoin and coins.ph too please feel free to leave a comment at the end of this post or leave some comments at our facebook page.
“I’m so three thousand and eight
You so two thousand and late”
Boom Boom Pow, Black Eyed Peas
And so our beloved Philippine National PoliceAnti-Cybercrime Group (PNP-ACG) warned the Filipino citizenry about ransomware. Wow! I’m lost for words, so let me just sing a song from the the Black Eyed Peas instead
We have this quote/saying in Filipino “Huli man daw at magaling, naihahabol din!” So let me welcome the Philippine National Police, PNP-ACG to the Ransomware party! Habol na lang mga Boss Chief, kaya natin ito!
On the brighter side of things, I’m happy that our PNP finally gave some warning about the dangers of ransomware. I know they are doing their best in keeping up with the latest threats and cybercrime and as a responsible Pinoy infosec (information security) dude here in the Philippines, I support them on these efforts.
On the geeky tech side of things, Ransomware started sprouting like mushrooms in the last 2~3 years (or maybe more). How do I know this one? I’m just lucky, because I eat malware for breakfast (almost every day) 🙂 I am very thankful that I am part of this wonderful team that helps protect the world from these types of online threats! I love you TM Team! 🙂
So when I read GMAnews article on PNP, Ransomware it brings back “senti” ransomware moments because if I remember it correctly, the first ransomware that caught my interest was the Bundespolizei Police Ransomware (around 2012). Bundespolizei is Germany’s Police force and that ransomware variant pretends to becoming from the German Police entity and it demands payments/ransom from the victims. More geeky details of the German police ransomware here . Police and ransomware always go together pala talaga! Hehehe!
Before we end, some disclosure: I work at Trend Micro. The views expressed in this blog are mine and mine alone (and do not necessarily represent my employer’s positions, strategies or opinions). Read my about page on what I do.
That is what the orcs will shout (in their very unique husky and grunty voice) when the enemies attack their orc base in Warcraft 3.
That is also my topic of this post:
No I’m now screaming about the attack on my blog. I have this good mindset about threats and attacks: I don’t panic. I am also not feeling kawawa or wawa (poor victim in loose filipino translation) in this situation. I think I survived the onslaught of the attack and to spread some good vibes why not share some useful tips here at menardconnect.com 🙂 OK enough of the intro. Let’s get it on:
Late last month, this blog experienced some form of attack from malicious actors who-must-not-be-named. We all know I’m using WordPress, and some dudes out there are trying to login to this blog’s WordPress administration panel and do some brute force attack on guessing my password. Simply put, this means some bad guys (I will collectively call it hax0r) are trying to pretend to be me (me, the website blog admin) and try to get into the wordpress admin console so that they can control the website and blog. More basic info on brute force attacks here.
I will not delve into the technical details of the attack , but in tradition of my good old free six video and free six series, here are six easy to-do tips and tricks that users/admins can do to prevent or better prepare themselves (blog owners) against these WordPress WP-ADMIN Bruteforce attacks.
1. Update your WordPress core files as soon as possible
Just like any software, WordPress have its own security flaws and it needs to get updated from time to time. Admins are advised that they should always update WordPress to the latest version, for more info on this go here. When a new version of WordPress is available admins will receive an update message in your WordPress Admin consoles.
2. Update your WordPress plugins too
Just like the wordpress core files, plugins needs to get updated too. If your blog relies on many plugins, do not worry because when a new version of WordPress plugins are available you will also receive message in the WordPress Admin console that its time to update. There are also automated update settings if you want to try it out.
3. Do not use Admin as the username of the administrator account.
Yes the hax0rs are trying to login via the “admin” username, but as a basic security practice, I disabled it every time create a wordpress blog. I suggest the you be creative. Use NIMDA instead!
4. Do not use your name as the blog admin username account
This piece is quite a revealing one, the hax0rs are trying to get in via the username menard. My name is public info in this blog, so they are clever and they tried it too. But luckily I did not use that name so I avoided that loophole in this admin account issue.
5. Discard unused wordpress themes and plugins
If you are not using the wordpress themes and plugins, do not keep it. Delete it asap. This one caused me some issues several years ago, but my advise here is if you are not using any theme or plugin that theme or plugin should be deleted ASAP because these are like low hanging fruits for attackers.
6. Have good WordPress security plugins installed
Just like security softwares (antivirus, antimalware, anti-threat) for your PC, Macs, iPads, smartphones and other devices, wordpress blogs needs some security tools too. There are some good free wordpress security plugins that works well but I will try to share two: Login Lockdown and Sucuri .
Login lockdown locks the admin console after several failed attempts, a good old trusted plugin. A recent good addition to my security plugin arsenal is Sucuri Security- Auditing, Malware Scanner and Hardening, a free plugin and it has helped me detect this attack. How? See this…
So I’m giving the good folks at Sucuri some love link here in my blog. Kindly go visit them at Sucuri
That’s all for now, i will try to share other tips in the future. Hope you liked my free six tips and tricks to combat WordPress Admin Brute-force Attack
Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro website and TrendLabs Security Intelligence Blog. To know more on what I do full-time kindly visit my blog’s about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.
For infosec, malware and tech (and not so techie) stuff, please follow me in Twitter🙂
Going to analytics.twitter.com will give you great metrics about your tweets and your followers.
For followers stats, it shows data about your followers interests (Top Interests and Most Unique Interests), location, gender and list tweeps your followers also follow.
For the tweets metrics, it highlights your tweets impressions and engagement data. Good visualization given the data is free.
For the followers stats, I believe it’s already there as you check it out, but for the tweets metrics, you need to somewhat enable it (or login once into the analytics page) to start the population of data.
We might argue that these are geeky data points, but my personal take here is that in this interconnected world of social media this is good and interesting data (and quite possibly profitable too *hint* *hint*) .
No security issues so far but I will try to update this post (and my soon to be re-launched tech blog) if I find something new.
I recently attended an information security conference in San Francisco, CA, USA (hence some lull moments with the posting frequency for this blog late last month and early March). I was able to collect some insights and posted them in TrendLabs Security Intelligence Blog. TrendLabs posted it yesterday and so I am reposting it here at menardconnect.com:
RSA Conference 2014: The Way Forward
I attended the RSA 2014 Conference in San Francisco, which has held about two weeks ago. This year the conference offered new insights to today’s threat landscape, which will help us all plan for and protect users in 2014 and beyond.
Largest Security Conference of 2014
The attendance numbers for RSA are always impressive: this year had more than 25,000 attendees, 400+ sponsors and exhibitors, with more than 550 speakers. Such was the number of vendors that two large Exposition Halls – one each in the Moscone Center’s North and South buildings were used for vendor exhibits. The various sessions – including most of the technical track talks I attended – were in the Moscone West hall.
Earlier my colleague JM Hipolito shared her own thoughts about RSA; here is what I found most interesting there.
Opening Keynote: Finding a Path Forward in an Increasingly Conflicted Digital World
The Executive Chairman of RSA, Art Coviello, delivered the opening keynote. He gave his first public comment on the RSA and NSA controversy, as well as the need to separate the NSA’s offensive and defensive functions. But what I will remember most on his keynote is his call to governments and the security industry as a whole to adopt four guiding principles to help maintain a safer Internet for everyone:
Renounce the use of cyberweapons, and the use of the Internet for waging war
Cooperate internationally, in the investigation, apprehension and prosecution of cyber criminals
Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected
Respect and ensure the privacy of all individuals
He also reiterated the need for the security industry and governments to work hand in hand to create a safer digital world that will benefit this and the generations to come. All of the guiding principles are all equally important, but I would like to highlight the first and second ones as being the most important.
The topic of cyberwar and cyberweapons is very sensitive, but I found the correlation between cyberweaponry and nuclear weapons compelling. I totally agree with Coviello’s statement that “we must have the same abhorrence to cyberwar as we do nuclear and chemical war.”
As for cooperation in prosecuting cybercrime, this is a topic where Trend Micro’s positions are well-known. We’ve frequently spoken about the need for researchers and law enforcement agencies to work together to prosecute the actual “threat actors”, as we believe that this is the most effective way to catch cybercriminals. These partnerships allow researchers and police to combine their strengths and ensure that Our efforts have netted effective results, most recently being the arrest of the creator of SpyEye.
Bitcoin Is Here: How to Become a Successful Bitcoin Thief
Uri Rivner of Biocatch and Etay Maor of Trusteer co-presented the one technical session at RSA dedicated to Bitcoins. They discussed the basics of cryptocurrency and how one can use it. They also discussed the usual use cases of Bitcoin: from creating a wallet and having your very own address, to filling the wallet with Bitcoins using an online Bitcoin exchange.
The highlight of the session for me was the a live demonstration of a hack using a SpyEye variant. In the demo, they performed a man-in-the-browser (MiTB) attack and stole the user’s Bitcoin from his wallet.
They also discussed the top cybercriminal activities that Bitcoin has been tied to. These include phishing attempts to steal Bitcoin-related website credentials, deploying RATs (Remote Access Trojans) to have direct access to desktop wallets, up to using botnets to mine Bitcoins (even though this is no longer particularly attractive).
They also explained why cybercriminals are interested in cryptocurrencies like Bitcoin. Because the cybercriminals believe that cryptocurrencies offers anonymity, they think that these will help in laundering money made from illegal activites. In addition, advanced services available in the cybecrime underground (like Bitcoin fogging services) may enable threat actors to further increase their anonymity tenfold.
In summary, the presenters said that Bitcoin is a new exciting frontier and encouraged everyone in the room to try and delve into it so that they understand its potential. They warned about the increasing phishing and malware attacks related to cryptocurrencies. They also pointed out that online Bitcoin exchanges and online wallets are low hanging fruit that may be a big opportunity for the cybercriminals. (The troubles of many online exchanges recently, including erstwhile leader Mt. Gox, have only reinforced this last point.)
The talk mirrored many of the points we have discussed. In December, we had discussed the possibility of Bitcoin’s then-record prices causing thefts of Bitcoin wallets. We had also earlier discussed how users can help secure their cryptocurrency. Overall, we share their sentiments: Bitcoin is the object of much potential, but is the subject of multiple threats as well.
Definitely I will do a follow up post/s with my other insights on RSA, the keynotes and on Bitcoin. But not yet sure if it will be for menardconnect.com or my other tech blog.
Like my previous posts on RSA, I would like to convey my thanks to Jonathan and JM for their assistance with the article.
And of course some shout-out to my RSA 2014 buddies (Jamz, Malen, JM and Ian) for their ideas and thoughts that kept me sane in RSA. Another special shout-out to other pinoy AV dudes I’ve met in SF.
Lastly some disclosure:
I work at Trend Micro. The views expressed in this blog post are mine and mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
To know more about me (work and other stuff), kindly visit my about page.
To know more about my blogs full disclosure policy, kindly visit my disclosure page