Kaspersky Lab's Head of Commercialization: We 'Continue to Monitor' Cryptojackers & North Korean 'Threat Actors'

Vitaly Mzokov, the head of commercialization at Kaspersky Lab, a leading Moscow-based global cybersecurity and anti-virus solutions provider, recently shared his views with CryptoGlobe regarding the main security threats related to decentralized cryptocurrency platforms such as the Bitcoin (BTC) network.

Mzokov, who’s also the head of verification and growth center as Kaspersky Lab, revealed that “the main threats cryptocurrency owners may face” include “phishing, such as replicas of crypto-exchange sites or sites of projects that collect cryptocurrencies” for upcoming initial coin offerings (ICO). He added that “even if the user is careful and everything is done correctly, the stock [or crypto] exchange can be hacked and funds can be stolen. The same goes for landing pages of the ICO projects.”

According to the mathematics and computer science postgraduate from Tyumen State University, “malicious code can be injected in different open-source websites or repositories, from which it can compromise different systems.” Other attack vectors include installing “malware, which replaces the address of the wallet at the time of sending cryptocurrency”, Mzokov noted.

North Korea "Had Successfully Compromised Several Banks"

Additionally, the cybersecurity expert confirmed that hackers may use “spyware that can help an attacker to get a private key from a wallet by spying on the user (by taking screenshots, for example).” In response to a question about any updates or latest information regarding North Korean hackers allegedly stealing cryptocurrency from other countries, Mzokov said: 

In August 2018, Kaspersky Lab published a report on how the Lazarus threat actor, which has been linked to North Korea, had successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies in an operation named Apple Jeus.

He added that Kaspersky Lab continues to monitor Apple Jeus and other threat actors in the crypto space. When asked whether he expects cryptojacking, or selfish crypto mining, to remain a threat this year and in the future, he remarked:

Yes, we consider cryptojacking a threat that will remain of relevance at least in the near future, as the profit is easy to monetize and cryptocurrencies remain more valuable than the cost of such an attack. This year we have seen a large botnet that was mining Electroneum.

How To Prevent Cryptojacking

Mzokov also noted that “Monero (XMR) is still [a] popular [choice among cryptojackers as it is a valuable currency, plus it is an anonymous blockchain so its transactions are untraceable. Yet everything can change if its price falls.” When asked about preventive measures we can take to avoid being a victim of cryptojacking, Mzokov recommended the following:

Install a high-quality security solution that can protect you against Trojans downloading miners. Miners themselves are not malicious applications, as users can intentionally install them. Kaspersky Internet Security detects such applications, but does not block or remove them by default. It puts them into riskware category — software that is legitimate but can be used for malicious purposes.

Responding to a question about how to prevent clipboard/keyboard hackers from stealing users’ private SEED and other personal information, Mzokov explained:

It is vital to have a proven security solution installed on your devices. Apart from that, it’s necessary to double-check the entered crypto address, or at least several characters in them in the beginning and in the end. Also, many stock (crypto) exchanges have begun to introduce a practice where users can only transfer their funds to a previously confirmed wallet. If a transfer is requested to a final recipient that is different from the one initially confirmed, the exchange will not allow the transaction until you have confirmed approval.