Connect with us

Business

CRYPTOHACKERS BREACH STATCOUNTER TO STEAL BITCOINS

Published

on

Hackers planted malware on StatCounter to steal bitcoin revenue from Gate.io account holders, according to Eset researcher Matthieu Faou, who discovered the breach.

The malicious code was added to StatCounter’s site-tracking script last weekend, he reported Tuesday.

The malicious code hijacks any bitcoin transactions made through the Web interface of the Gate.io cryptocurrency exchange. It does not trigger unless the page link contains the “myaccount/withdraw/BTC” path.

The malicious code secretly can replace any bitcoin address that users enter on the page with one controlled by the attacker. Security experts view this breach as critical because so many websites load StatCounter’s tracking script.

“This security breach is really important considering that — according to StatCounter — more than 2 million websites are using their analytics platform,” Faou told TechNewsWorld. “By modifying the analytics script injected in all those 2 million websites, attackers were able to execute JavaScript code in the browser of all the visitors of these websites.”

Limited Target, Broad Potential

The attack also is significant because it shows increased sophistication among hackers regarding the tools and methods they use to steal cryptocurrency, noted George Waller, CEO of BlockSafe Technologies.

Although this form of hijacking is not a new phenomenon, the way the code was inserted was.

The growth of the cryptocurrency market and its emerging asset class has led hackers to increase their investments in devising more robust attempts and methods to steal it. The malware used is nothing new, but the method of delivering it is.

“Since the beginning of 2017, cryptocurrency exchanges suffered over (US)$882 million in funds stolen through targeted attacks across at least 14 exchanges. This hack adds one more to the list,” Waller told TechNewsWorld.

In this instance, attackers chose to target the users at Gate.io, an important cryptocurrency exchange, said Eset’s Faoul. When a user submitted a bitcoin withdrawal, attackers in real time replaced the destination address with an address under their control.

Attackers were able to target Gate.io by compromising a third-party organization, a tactic known as a “supply chain attack.” They could have targeted many more websites, Faoul noted.

“We identified several government websites that are using StatCounter. Thus, it means that attackers would have been able to target many interesting people,” he said.

Telling Financial Impact

Gate.io customers who initiated bitcoin transactions during the time of the attack are most at risk from this breach. The malware hijacked transactions legitimately authorized by the site user by changing the destination address of the bitcoin transfers, according to Paige Boshell, managing member of Privacy Counsel.

As a rule, the number of third-party scripts, such as StatCounter, should be kept to a minimum by webmasters, as each represents a potential attack vector. For exchanges, additional confirmations for withdrawals would have been beneficial in this case, given that the exploit involved swapping the user’s bitcoin address for that of the thieves.

“Gate.io has taken down StatCounter, so this particular attack should be concluded, Boshell told TechNewsWorld.

The extent of the loss and the fraud exposure for this breach is not yet quantifiable. The attackers used multiple bitcoin addresses for the transfers, Boshell added, noting that the attack could have been deployed to impact any site using StatCounter.

Protection Strategies Not Foolproof

StatCounter needs to improve its own code audit and constantly check that only authorized code is running on its network, suggested Joshua Marpet, COO at Red Lion. However, most users will not realize that StatCounter is at fault.

“They’ll blame Gate.io, and anything could happen — loss of business, run on the bank,’ and even closing their doors,” he told TechNewsWorld.

Checking the code is not always a workable prevention plan. In this case, the malware code looked like the Gate.io user’s own instructions, noted Privacy Counsel’s Boshell.

“It was not easily detectable by the fraud tools that Gate.io uses to protect against and detect malware,” she said.

Network admins are not really affected in this type of breach, as the malicious code is processed at the workstation/laptop rather than on the webserver, according to Brian Chappell, senior director of enterprise and solutions architecture at BeyondTrust. It also does not provide any mechanism to gain control over the system.

“In essence, a lot of stars need to line up to make this a significant risk in that regard,” he told TechNewsWorld. “Effective vulnerability and privilege management would naturally limit the impact of any intrusion.”

That is a direction that admins need to look. There is nothing they can do to control the initial attack, assuming the targeted websites are accepted sites within their organization, Chappell added.

Even a well-protected website can be breached by compromising a third-party script, noted Eset’s Faou.

“Thus, webmasters should choose carefully the external JavaScript code they are linking to and avoid using them if it is not necessary,” he said.

One potential strategy is to screen for scripts that replace one bitcoin address with another, suggested Clay Collins, CEO of Nomics.

Using analytics services that have a good security reputation is part of that, he told TechNewsWorld.

“Folks with ad/script blockers were not vulnerable,” Collins said.

More Best Practices

Traffic analysis, website scanning and code auditing are some of the tools that could have detected that something was causing abnormal transactions and traffic, noted Fausto Oliveira, principal security architect at Acceptto. However, it would have been ideal to prevent the attack in the first place.

“If the Gate.io customers had an application that requires strong out-of-band authentication above a certain amount, or if a transaction is aimed at an unknown recipient, then their customers would have had the opportunity to block the transaction and gain early insight that something wrong was happening,” Oliveira told TechNewsWorld.

Using script blocking add-ons like NoScript and uBlock/uMatrix can put a measure of personal control in the website user’s hands. It makes Web browsing more challenging, noted Raymond Zenkich, COO of BlockRe.

“But you can see what code is being pulled into a site and disable it if it is not necessary,” he told TechNewsWorld.

“Web developers need to stop putting third-party scripts on sensitive pages and put their responsibility to their users over their desire for advertising dollars, metrics, etc.,” Zenkich said.

Beware Third-Party Anythings

As a rule, the number of third-party scripts should be kept to a minimum by webmasters, suggested Zenchain cofounder Seth Hornby, as each one represents a potential attack vector.

“For exchanges, additional confirmations for withdrawals would also be beneficial in this case, given that the exploit involved swapping the user’s bitcoin address for that of the thieves,” he told TechNewsWorld.

Even third-party outsourcing solutions can open the door to cyber shenanigans, warned Zhang Jian, founder of FCoin.

“So many companies within the cryptocurrency space rely on third-party companies for different duties and tasks. The ramification of this outsourcing is a loss of accountability. This puts many companies in a tough spot, unable to locate attacks of this nature before it is too late,” he told TechNewsWorld.

Instead, network admins should work toward creating in-house versions of their tools and products, from beginning to end, Jian suggested, to ensure that control of these security measures lies within their reach.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Business

Samsung to invest $115 billion in its foundry business by 2030

Published

on

By

Samsung is earmarking $9.5 billion a year for Samsung LSI and Samsung Foundry.

Samsung Electronics is one of the largest semiconductor players around, and the manufacturer is investing $115 billion (133 trillion won) over the next 12 years to take on Qualcomm and Intel. Samsung says its goal is to become the world leader in semiconductors and logic chips, and the company will invest $9.5 billion a year from now through 2030.

Samsung will invest $63.4 billion (73 trillion won) toward domestic R&D — where it is looking to add 15,000 jobs to “bolster its technological prowess” — and spend $52 billion (60 trillion won) toward production facilities that will make the logic chips. Samsung has long been the dominant player in the memory business, but with that market shrinking the South Korean manufacturer will be looking to diversify.

While the $115 billion seems like a staggering amount at first, it’s in line with what Samsung has been spending in recent years. Just last year alone Samsung invested over $15 billion in R&D, and Intel also spent over $10 billion toward developing new products.

Source: https://www.androidcentral.com/samsung-investing-115-billion-take-qualcomm-and-intel

Continue Reading

Business

Apple will start selling AirPods 3 by the end of 2019

Published

on

By

Apple is expected to start selling third-generation AirPods by the end of 2019. One big difference is that the new wireless headphones will have a noise canceling feature. At the level of the companies that will be involved in this project, we have Inventec, from Taiwan, that will be responsible for the production of the AirPods 3, while Luxshare Precision, also from China, will also receive part of the orders.

AirPods 3 arrive until the end of 2019 with new functionalities

Apple has dominated the wireless headphone market and will continue to do so. Statistics show that this company sold 35 million AirPods in 2018, which translates into a 75% global market share. As we said, the AirPod sales boom is expected to continue, with annual shipments for distribution rising to 50 million devices by 2019.

Of course, when a market becomes profitable, competition arises. Inspired by rising sales of AirPods, many brands like Huawei, Xiaomi and even companies like Microsoft, Amazon, and Google are betting on wireless headphones to meet strong demand.

To meet the challenges of rivals, Apple and its partners want to raise the bar.

That said they will add new features to AirPods 3, including the noise canceling function. However, do not think this is an easy task.

Noise canceling technology consumes a significant amount of battery. Since AirPods are not the king in this field, the runtime may be even more affected.

It is not known now what Apple could do and if it is even going to consider a change in design. Because considering the integration of new features, it may be necessary to increase the size of the battery. This requires more space. However, the solution may also involve shrinking the other components to accommodate the larger battery.

However, in addition to the design change, Apple may also be considering adding new colors to AirPods 3.

Source: https://techlector.com/apple-will-start-selling-airpods-3-by-the-end-of-2019/

Continue Reading

Business

Verizon’s new activation fees cost more in-store, less in-app

Published

on

By

It’s adding an extra $10 on top of in-person and over-the-phone upgrades and activations.

Verizon has simultaneously slashed and increased its activation and upgrade fees, depending on how you process the transaction. According to CNET and reports posted online, you now only have to pay $20 if you upgrade your device or activate a line on the carrier’s website or the My Verizon app. That’s down $10 from the previous $30 fee for either service. However, if you walk into a store or call the company’s phone line for upgrade or activation, you’ll now have to pay $40 instead.

A Verizon spokesperson described personal and over-the-phone transactions to CNET as a “full-service experience,” perhaps suggesting that those channels deserve the extra $10. The company is probably hoping to discourage people who can do things on their own from engaging customer service and sales reps, though what the fee adjustments mean for employees remains to be seen. The Redditor who posted the news on the website claimed to work for an indirect store and said employees aren’t getting a pay upgrade despite the higher fees. We’ve reached out to Verizon for confirmation and will update when we hear back.

Continue Reading
Advertisement

Trending

%d bloggers like this: