Kaspersky Lab's Head of Commercialization: We 'Continue to Monitor' Cryptojackers & North Korean 'Threat Actors'

Vitaly Mzokov, the head of commercialization at Kaspersky Lab, a leading Moscow-based global cybersecurity and anti-virus solutions provider, recently shared his views with CryptoGlobe regarding the main security threats related to decentralized cryptocurrency platforms such as the Bitcoin (BTC) network.

Mzokov, who’s also the head of verification and growth center as Kaspersky Lab, revealed that “the main threats cryptocurrency owners may face” include “phishing, such as replicas of crypto-exchange sites or sites of projects that collect cryptocurrencies” for upcoming initial coin offerings (ICO). He added that “even if the user is careful and everything is done correctly, the stock [or crypto] exchange can be hacked and funds can be stolen. The same goes for landing pages of the ICO projects.”

According to the mathematics and computer science postgraduate from Tyumen State University, “malicious code can be injected in different open-source websites or repositories, from which it can compromise different systems.” Other attack vectors include installing “malware, which replaces the address of the wallet at the time of sending cryptocurrency”, Mzokov noted.

North Korea "Had Successfully Compromised Several Banks"

Additionally, the cybersecurity expert confirmed that hackers may use “spyware that can help an attacker to get a private key from a wallet by spying on the user (by taking screenshots, for example).” In response to a question about any updates or latest information regarding North Korean hackers allegedly stealing cryptocurrency from other countries, Mzokov said: 

In August 2018, Kaspersky Lab published a report on how the Lazarus threat actor, which has been linked to North Korea, had successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies in an operation named Apple Jeus.

He added that Kaspersky Lab continues to monitor Apple Jeus and other threat actors in the crypto space. When asked whether he expects cryptojacking, or selfish crypto mining, to remain a threat this year and in the future, he remarked:

Yes, we consider cryptojacking a threat that will remain of relevance at least in the near future, as the profit is easy to monetize and cryptocurrencies remain more valuable than the cost of such an attack. This year we have seen a large botnet that was mining Electroneum.

How To Prevent Cryptojacking

Mzokov also noted that “Monero (XMR) is still [a] popular [choice among cryptojackers as it is a valuable currency, plus it is an anonymous blockchain so its transactions are untraceable. Yet everything can change if its price falls.” When asked about preventive measures we can take to avoid being a victim of cryptojacking, Mzokov recommended the following:

Install a high-quality security solution that can protect you against Trojans downloading miners. Miners themselves are not malicious applications, as users can intentionally install them. Kaspersky Internet Security detects such applications, but does not block or remove them by default. It puts them into riskware category — software that is legitimate but can be used for malicious purposes.

Responding to a question about how to prevent clipboard/keyboard hackers from stealing users’ private SEED and other personal information, Mzokov explained:

It is vital to have a proven security solution installed on your devices. Apart from that, it’s necessary to double-check the entered crypto address, or at least several characters in them in the beginning and in the end. Also, many stock (crypto) exchanges have begun to introduce a practice where users can only transfer their funds to a previously confirmed wallet. If a transfer is requested to a final recipient that is different from the one initially confirmed, the exchange will not allow the transaction until you have confirmed approval.

$3.1 million: Crypto Exchange Cashaa Hacked for 336 BTC

London-based cryptocurrency exchange Cashaa revealed it lost 336 bitcoin, at press time worth $3.1 million, to hackers who managed to access one of its cryptocurrency wallets.

According to a tweet the exchange published on July 11, the attackers managed to access one of its Blockchain.com wallets, and quickly transferred the funds to an address they control. From the address they went to the BTC has been through a series of hops, suggesting the use of coin mixing software to limit traceability and throw off blockchain sleuths.

Cashaa believes that the attacker may have managed to infect one of its computers with malware, and then waited for an employee to access its machine. As soon as that happened, the funds were moved out of its wallet. Reacting to the security breach, the exchange halted withdrawals and deposits and “called the board meeting to decide whether the company will bear all the losses.”

The exchange suspects the hacker is from east Delhi, India, and filed a report with the Delhi police cybercrimes department.

Cashaa also reached out to other cryptocurrency exchanges and businesses informing them of the address, in a bid to stop the hacker from cashing out. In statements provided to industry media Kumar Gaurav, Cashaa’s CEO, seemingly lashed out at trading platforms that allow hackers to cash out.

Gaurav was quoted as saying:

As of today, hackers are very confident to hack crypto addresses and move it through exchanges that are facilitating such laundering through their systems. Exchanges like these must be shut down and owners of these exchanges should be charged with money laundering facilitation crime.

CryptoCompare’s Exchange Benchmark report, as recently reported, revealed that 38% of crypto exchanges interact with high-risk entities in 25% or more of their transactions. High-risk entities are those associated with darknet markets and vendors, criminals, gambling projects, malware operators, and others.

Featured image by Kevin Ku on Unsplash