ZDNET reports about new Lazarus attack activity designed to steal bitcoins from global banking organizations:
Now Lazarus has resurfaced once again, with a phishing campaign which aims to plant malware on the systems of global financial organisations and bitcoin users for both short-term and long-term gain.
Dubbed ‘HaoBao’, the campaign has been uncovered by MacAfee [sic] Labs. It’s different to other phishing operations by the Lazarus group and uses novel code to infect machines.
The latest Lazarus campaign was first spotted in mid-January, when researchers discovered a malicious document being distributed via a Dropbox link, which claimed to be a job advert for a business development executive located in Hong Kong for a large multi-national bank.
The author is listed as ‘Windows User’ and the document was created in Korean, with additional similar documents appearing in the days which followed.
Attackers pose as a job recruiter, and send the target a spear-phishing email with a fake job advert, which when opened encourages the user to ‘enable content’ to see a document they’re told was created with an earlier version of Word.
The entire campaign does not appear to be all that sophisticated despite the techniques not having been previously witnessed. North Korea seems to be laser focused on stealing money rather than disruption or destruction. Now is an interesting time to focus on stealing bitcoin considering its recent major devaluation, but if Lazarus is in it for the long-term then it may prove lucrative.
Dark Reading tracking bitcoin wallet addresses as indicators of compromise (IOCs) as a valuable defense data point:
By tracking bitcoin wallet addresses as an IOC, we’ve been able to connect the dots between ransomware, wallet addresses, and shared infrastructure, TTPs (tactics, techniques, and procedures), and attribution.
Here is an example of how bitcoin is used in a ransomware campaign: A new piece of ransomware gives you a bitcoin address for payment. You can then make correlations that connect across sectors, like retail, energy, or technology groups based on the blockchain and/or reuse of the same address. With WannaCry, there were hard-coded bitcoin addresses that made it easy to correlate what you are dealing with and which sectors were being affected. The more bitcoin addresses are shared, the more you can identify addresses to which bitcoins are forwarded.
The ability to track transactions through the blockchain allows you to connect different ransomware campaigns. Cybercriminals don’t typically share bitcoin wallets as they might share the same exploit kit, but by tracking blockchain transactions, analysts have another investigation point from which they can pivot and dig for more.
I doubt there are many organizations using this technique. It is both valuable, and forward-thinking, and should be considered based on an organization’s cyber defense capabilities maturity level. If threat intelligence is already being consumed, adding this should be fairly straight-forward.
No one may be using Bitcoin, but we’re all paying for them.
Bitcoin analyst Alex de Vries, otherwise known as the Digiconomist, reports that the coin’s surge caused its estimated annual energy consumption to increase from 25 terawatt hours in early November to 30 TWh last week-a figure, wrote Vox’s Umair Irfan, “On par with the energy use of the entire country of Morocco, more than 19 European countries, and roughly 0.7 percent of total energy demand in the United States, equal to 2.8 million U.S. households.” Just one transaction can use as much energy as an entire household does in a week, and there are about 300,000 transactions every day.
Some Bitcoin enthusiasts claim that it will eventually become a mainstream currency, and that the cryptogovernance system upon which it’s built could actually help the environment.
The Bitcoin market is volatile, its future murky.
We don’t have time or resources to waste on Bitcoin.
Unlike cash, a Bitcoin cannot be printed or otherwise “Made” by a human.
In order to create one, a computer must access the Bitcoin network and solve a complicated math problem, a process known as “Mining.” But there are a finite number of Bitcoins that can be mined-21 million, to be exact-and as more Bitcoins are mined, the math problems get more challenging.
According to an affidavit unsealed Thursday, the Justice Department learned in April 2015 that Bridges might have kept a private cryptographic key giving him access to a Bitcoin wallet with the $700,000 in currency that the Silk Road task force had seized in 2014. The department urged the agency to move the funds elsewhere.
“Unfortunately, the U.S. Secret Service did not do so and the funds were thereafter stolen, something the U.S, Secret Service only discovered once it was ordered by a court to pay a portion of the seizure back to affected claimants,” a team of prosecutors wrote in an accompanying motion. The Bitcoin in question was moved in July 2015 but only discovered missing in December, the affidavit said.
There is a lot of bitcoin news lately, both positive and negative.
Part of what makes bitcoin valuable is the fact that there is a finite supply of 21 million bitcoin. No more will ever be created. This was done to make bitcoin similar to a natural resource like gold. When bitcoin’s creator built the system, he (or she, or they) knew that if bitcoin took off and there was an abundance of miners, that cap would be reached quickly. Currently, there are almost 16 million bitcoin in circulation and about 3,600 bitcoins are created each day.
So, to slow things down, Nakamoto did two things. First, in the bitcoin code, Satoshi made miners compete with one another to win the block reward. As more people are attracted to mine bitcoin, it gets progressively more difficult for any single miner to win the reward. As competition increases, miners load up on processing power, turning bitcoin mining from a bedroom hobbyist activity to one that requires the computing power of entire data centers today.
The second change? After every 210,000 blocks, the mining reward is cut in half. This is known in the bitcoin industry as a halving event. As of now, it looks like the 420,000th block will be mined on July 9th, at approximately 11:23 UTC.
I am slowly learning more about bitcoin and am thoroughly intrigued by the technology powering the currency, as well as the ideas set forth that make this such a compelling idea. Until this article, I had no idea such things like “halving events” existed.