Nicehash devs reveal the details of attack

The livestream hosted on Nicehash Facebook page with further information about the attack performed on December 6th
08 December 2017   3964

Yesterday we've covered the hacking of Nicehash bitcoin wallet. At that time there were no official comments released about the scale or the exact method of attack.

Now, we have at least some information released by Nicehash team. Total amount of 4700 Bitcoin was stolen by as of yet unknown hacker, or a group of hackers.

The attack commenced on 1:18 AM CET according to available VPN logs. It was performed through a compromised computer at the company's office. The forensic analysis to determine the exact way the security was breached is ongoing. At 1:37 AM hacker logged in with the credentials of one of Nicehash engineers. During the next perpetrators studied the payout system and tried to modeled its work. At 3:24 AM they performed the transfer and have successfully stolen money from Nicehash account.

Local and international authorities and law enforcement organizations are on the case, and the local investigation is in full swing. From all the evidence it seems quite obvious, that the attack was extensively prepared and well-coordinated effort, because existing security systems should have filtered out any such attempt. Unfortunately, the company refused to comment on the internal investigation into possible insider leaks, citing ongoing investigation.

The most important question is, of course, what happened to the miners' accounts. Right now, Nicehash is in communication with the largest cryptocurrency exchanges to track and return the stolen money. The representative said during the livestream, that it will take time, but the company is looking for a way to pay the miners.

As of now, the site is still under maintenance, but the spokesperson said, that the team is working day and night to restore the functionality and to resume mining operations.

Crypto-mining malware has infected 23% of global organizations

An increasing threat gets challenging as the malware is put hidden in websites
19 February 2018   62

Check Point alarms the world of a steadily growing threat of crypto-mining malware. A leading provider of cyber security globally has compiled a list of top 10 prevalent threats. The first is Coinhive that during January 2018 has affected approximately 23 percent of organizations worldwide. Using Javascript the malware is implanted into website and with each user browsing the dangerous code drains users’ CPU and GPU resources to mine Monero cryptocurrency with their approval.

Over the past three months crypto-mining malware has steadily become an increasing threat to organizations, as criminals have found it to be a lucrative revenue stream


Maya Horowitz

Threat Intelligence Group Manager, Check Point

Ranked second is a malware Fireball. it is reported that as much as 21% of those organizations infected by the malware are yet to deal with the issue. The most serious point about Fireball is that the malware has a real potential to be transformed into a fully-fledged malware downloader capable of executing any code on the victim’s machine. The third rank was given to Rig Exploit Kit with 17% affected organizations globally.

As the popularity of the virtual currencies grows, so does the distribution was and methods of the associated malware. Usually, the exploit is injected in popular media websites, as reported by Cyberscoop of media outlet Salon using its own ad-blocker as a hidden tool for mining Monero. On top of that, last week Kaspersky Lab. reported of a zero-day vulnerability of Telegram desktop client. The vulnerability makes users to download a hidden malware, that potentially can be a mining code. This threat is reported to be active since March, 2017.

Another notable instance of an infection was reported by UK about a plugin for blind people Browsealoud.