Cryptocurrency miner

Cryptocurrency-mining bot targets devices with SSH service

Target: Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port.

Attack Vector: Cryptocurrency miner.
Summary: A newly discovered cryptocurrency-mining bot is targeting Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port, enabling it to exploit vulnerable devices. Not only are attackers targeting IoT connected devices, they are also capable of carrying out cryptocurrency mining in the background. The IP related to the attack has been identified as, which is based in the US, California, and connected to the organisation Vivid Hosting. It has seen to be typically landing on port 22, an SSH service. This implies the attack could be applicable to all servers and connected devices with a running SSH service.
Risk assessment summary: This threat has been assessed as 3c MODERATE. If successful, the attacker can install a cryptocurrency miner on to a device using social engineering tactics. Once the miner has been installed, the attackers can funnel profit, in the form of Monero and Ethereum cryptocurrency, over to a scam website. However, the likelihood of infection is mitigated by employing good security practices to protect against phishing or embedded email delivered malware.

Bitcoin Gold

What is Bitcoin Gold (BTG)

Bitcoin Gold (BTG) is a fork of the Bitcoin block chain. At block 491407, Bitcoin Gold miners will begin creating blocks with a new proof-of-work algorithm, and this will cause a bifurcation of the Bitcoin block chain. The original Bitcoin block chain will continue on unaltered, but a new branch of the block chain will split off from the original chain. The new branch is a distinct block chain with the same transaction history as Bitcoin up until the fork, but then diverges from it. As a result of this process, a new cryptocurrency is born and we gave it a name BITCOIN GOLD (BTG).

What is the purpose of Bitcoin Gold?

The purpose of Bitcoin Gold is to make Bitcoin mining decentralized again. Satoshi Nakamoto’s idealistic vision of “one CPU one vote” has been superseded by a reality where the manufacture and distribution of mining equipment has become dominated by a very small number of entities, some of which have engaged in abusive practices against individual miners and the Bitcoin network as a whole. By changing Bitcoin’s proof-of-work algorithm from SHA256 to Equihash, all of the specialized SHA256 mining equipment will be obsolete for mining the Bitcoin Gold blockchain. Thus, Bitcoin Gold will provide an opportunity for countless new people around the world to participate in the mining process with widely-available consumer hardware that is manufactured and distributed by reputable mainstream corporations. A more decentralized, democratic mining infrastructure is more resilient and more in line with Satoshi’s original vision.

How can I get Bitcoin Gold?

The Bitcoin Gold (BTG) initial coin distribution method is almost exactly the same as that used by the Bitcoin Cash fork of August 1. Everyone who held Bitcoin when block 491406 was mined automatically received Bitcoin Gold at the rate of 1 BTC = 1 BTG. (If you had 20 BTC at the time of the fork, you now also have 20 BTG.)

What wallet should I keep my BTC in to make sure I will receive BTG?

Some wallets may offer you direct access to your BTG, while others may require you to take additional technical steps. Verified wallets that support BTC and BTG side-by-side will be listed on the Bitcoin Gold home page. We will publish guides for retrieving BTG from the most popular wallets, including Bitcoin Core, Electrum, Mycelium, hardware wallets, paper wallets, and more.

Bitcoin Cryptocurrency

What is Bitcoin?

Bitcoin is a so-called virtual currency that has been devised for anonymous payments made entirely independently of governments and banks. In recent years, Bitcoin has generated a great deal of attention on several fronts. Bitcoin payments are based on a new interesting technical solution and function differently to traditional payments. In certain payment situations, Bitcoin can bring advantages in the form of lower costs, rapidity, anonymity, etc. over traditional payment methods. However, usage can also be more risky because Bitcoin is not directly covered by the laws that govern other payment mediation. Weak consumer protection is also a reason for why it may be difficult for Bitcoin to become generally accepted and viable as a means of payment. Use of Bitcoin for payments is low today, and although Bitcoin’s future is uncertain, it is an interesting innovation worthy of description. This article explains what a virtual currency is, and how Bitcoin works. Bitcoin use in Sweden – which is very limited – is also described. Finally, the future of Bitcoin and other virtual currencies is discussed.

Virtual currency

Bitcoin is what is known as a virtual currency. A virtual currency is a means of payment; that is, units of the virtual currency represent a value. It is intended for use in payments within a specific virtual community, such as a particular website, or in a network of users with special software for managing the virtual currency and making payments. This type of virtual community can thus be said to resemble a voluntary agreement to use a specific item as a means of payment. This is an important difference to national currencies, such as the Swedish krona. For the latter, it has been established in law that the monetary unit in Sweden shall be called the Swedish krona. The virtual currency thus has a different unit of account than national currencies. For Bitcoin, the unit of account is the Bitcoin itself. The issuer of the virtual currency can be a non-financial company or even a private individual, but such an issuer is not under the supervision of a government authority. The issuance of virtual currency is thus not a government-regulated activity. However, each virtual currency has some type of rules of its own governing where and how it may be used, and some form of technical infrastructure in which the payments are carried out. The virtual currency, the own set of rules and the technical infrastructure combined form a small payment system, hereinafter referred to as a virtual currency scheme. There are a large number of virtual currency schemes that have been built up, and function, in different ways. They can be broken down into different categories depending on the extent to which it is possible to buy and sell the virtual currency. Here, we divide them into virtual currency schemes that are closed, with unidirectional flow and bidirectional flows. In closed virtual currency schemes, the virtual currency can be neither bought nor sold, but only earned and used on certain websites (such as World-of-Warcraft Gold). If the virtual currency can be bought for national currency but not exchanged back, the scheme has a unidirectional flow (such as Amazon coins). When the virtual currency can both be bought and sold and used outside of a certain website, the scheme has bidirectional flows. As explained below, Bitcoin is an example of a scheme with bidirectional flows. However, these categories can overlap.

Global Threat Summary report First Week December 2017

Here is the Global Threat Summary reports First Week December 2017 which provides an overview of the current threat landscape from around the world.  The report includes a summary of the threats we’ve recently profiled, including:

  • Q3 2017 Akamai State of The Internet report
  • Bitcoin’s exponential value brings increased threats to cryptocurrency
  • Kaspersky boycott crosses into Britain

The Global Threat Summary is designed to provide organizations with an overview of the current threat landscape from across the world. It combines assessment of the strategic picture with a thought leadership approach and is also a collated summary of all the threats that we have profiled each week. The report should be received at a high level within organizations to give an overview of risk and summary of trends.

1. Strategic insight

This section includes a review of significant reports that have been published and provides a strategic viewpoint on identified or high profile trends.

1.1 Q3 2017 Akamai State of The Internet report

Akamai’s State of the Internet Q3 2017 report highlights useful quarterly statistics on threat vector trends. Akamai used data obtained globally from its infrastructure and DDoS solution to detail the current level of network-based attacks. Overall, more attacks were detected, which is expected due to rising technological skill sets, tool availability and sophistication. However, the geographical nature of these threats, as discussed in the report, opens questions about the perceptions of “less risky” cyber security regions.

Strategic assessment:

Comparing Q3 2016 and Q3 2017, several key trends have emerged:

• Web application attacks have increased by 69%

• Attacks sourcing from the US increased by 217% (Q3 2017 Top Source Country)

• The US also bears the brunt of targeting – 11 times as many registered attacks as the second most targeted, Brazil.

Overall, they show that US IP addresses are most likely to be the source of an attack. According to Akamai, 39% of all recorded attacks were attributed to US IP addresses, trumping Russia with 7%. Geographical-based blocking or rule sets may need refining to account for this finding. This is especially prudent for US domestic markets as the report also details a much higher risk of attack. Netherlands, Ukraine and Brazil accounted for 6% each.

The report also detailed that the emerging market for DDoS activity is Germany with “22% (58,746) of the unique IP addresses used in volumetric DDoS attacks” traced to the country. The report does not say what is driving this increase in unique IPs but, on a strategic level, it suggests that Germany’s technology infrastructure is perhaps neglecting cybersecurity.

The report found 86% of DDoS attacks targeted gaming customers. Indeed, the statistic may be viewed as more of a reflection on Akamai’s customer base which has over-represented the gaming industry. The culture around the gaming industry means the sector is more susceptible to DDoS targeting, as the threat vector is used a means of score-settling. However, every sector should still plan and mitigate for a DDoS activity.

2. Threat Reporting

This section provides a summary of the threats that Security Threat Intelligence has profiled over the past week. These are categorised based on modules included in Threat Reporting which is covered in Section 2 whilst Section 3 covers Cybercrime and Hacktivism.

2.1 Malware analysis

Bitcoin’s exponential value brings increased threats to cryptocurrency


Threat L 3e


Target: Web users Attack Vector: JavaScript
Summary: In the cybersphere, Bitcoin has featured a great deal in reporting due to its incredible year of trading. Introduced in 2009, 2017 has seen it the value greatly increase, with stock rising from $1000 dollars at the start of the year to over $11,000 in November. Investors are willing to pay increasing amounts for the asset due to a fear of missing out on potential profit, similar to the dot-com bubble. In addition, the currency is being used at a growing rate with speculation that it may gain a foothold in the mainstream financial industry. At the moment it cannot be used to pay bills, taxes or settle debts. However, it can be used for a range of online activities, purchasing items on the dark web for example, as well as many everyday activities such as music downloads or gift cards. The digital currency, existing online, is a virtual token and there is no middleman in a transaction. This peer-to-peer characteristic is something that attracts many to the cryptocurrency market.

The rise of Bitcoin has inevitably also brought about a new wave of threat actors across the cryptocurrency spectrum attempting to reap the rewards of the rising stock through the illegal means of spreading malware. In order to obtain cryptocurrency, without actually buying it, they have to be “mined” using a high volume of computer power and resources. It involves solving large amounts of algorithms and, if successful, a user can gain currency. Due to the scale of processing power required, some miners work with several machines together to acquire currency.

This has also resulted in a shortage of affordable graphics cards, with the price of the stock rising far above RRP prices as they are extremely effective for crypto mining. While they have seen a rise in demand for many years, more recently their value has increased exponentially. This is due to certain types of mining cannot be carried out with specialized application-specific integrated chip (ASIC) mining hardware, leaving graphics cards, particularly AMD, as the only viable solution. The demand is so great that Nvidia has announced plans to release graphics cards specially designed for crypto mining.

A result of the increase in the value of cryptocurrency is threat actors infecting websites with coin mining code, designed to run in the background of the machine of any visitor to a targeted website. Once this is done, the threat actor can have hundreds, even thousands, of unsuspecting users helping mine for cryptocurrency on their behalf.

However, Bitcoin is notoriously difficult to mine and requires significant processing power, Other cryptocurrencies have been put at risk instead, with threat actors using victim’s machines to help them in their mining activities.

Risk Assessment Summary: It should be noted that this attack vector offers scope for a user to have their machine used for activities they are unaware of and undertaken without their permission. Additionally, this activity utilises RAM and CPU of the victims power without permission. Although coin-mining does not perform any malicious activity, it does expend a user’s CPU power and RAM without their permission. There are certain websites (detailed in this report) that have this code injected into their site and this is certainly increasing. Therefore a risk exists here but it is still reasonably low due to mitigations which can be put in place.

3. Cybercrime and hacktivism

3.1 Global geo-political threat analysis

Kaspersky boycott crosses into Britain Threat L 3e


Target: Businesses using Kaspersky products Attack Vector: Supply-chain
Summary: Since 2015, Russian Anti-Virus software company Kaspersky Lab has allegedly been working with the Russian government to aid interference into the 2016 US Election and pass Intel from the United States government to Moscow. Many professionals within the security industry believe it is probable that Kaspersky software; installed on the machines of NSA employees, helped obtain intelligence for the Russian government. When Israeli hackers breached Kaspersky systems, they uncovered stolen tools belonging to the NSA.

The resulting actions by US Homeland Security caused them to remove all Kaspersky products from all branches of the US Government, damaging the Russian antivirus providers’ market share, along with their reputation. This drastic decision lead to many other Kaspersky customers reviewing their partnership. In December 2017, Kaspersky has begun to lose business on this side of the Atlantic. The UK National Cyber Security Centre advised all government departments against using Kaspersky software for systems related to national security. Following this, all anti-virus products from Russia were effectively banned.

In addition, Barclays, who offer Kaspersky products to over 2 million customers, halted their distribution of Kaspersky as a free product and notified 290,000 customers who had taken up the offer.

Risk Assessment Summary: It appears the Russian government has already gained access into the NSA they may also be exploring access into other organisations. As the NSA, UK Government and Barclays have all taken steps to limit Kaspersky’s presence in their businesses, this indicates it is considered a tangible threat. Although highly likely, it is not confirmed that the attack vector is via Kaspersky. Since the NSA discovery, Russian government operations have been brought into the spotlight. This mitigates the threat to some degree and affords businesses the opportunity to review their vendors, limiting their attack vectors.