Connect with us

Breaches

Report: BitTorrent Malware Risks Call For Better Security Measures

Published

on

Peer-to-peer (P2P) file sharing has become a popular past time, but malware in some files can make downloading games and applications very dangerous to organizations in all types of  industries when the content is downloaded on employers’ networks.

// -- Discuss and ask questions in our community on Workplace.

BitSight-File-Sharing

A report recently released by BitSight Technologies, a Cambridge, Mass.-based security firm, assessed the cybersecurity readiness of more than 30,000 companies and found 39% of the games and 43% of the applications available for free on peer-to-peer piracy sites carry malicious software.

The most downloaded games were “Grand Theft Auto 5,” followed in order by “The Sims 4,” “Mortal Kombat X,” “FIFA 15,” and the “Witcher.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

“Adobe Photoshop” was the most downloaded application, followed by Microsoft Windows 8.1, Microsoft Windows 7, and Microsoft Windows 10. Education industry employees were the most frequent downloaders, followed by hospital/tourism, government and energy.

A Ground Breaking Report

The report, “Peer to Peer Peril: How BitTorrent File Sharing Impacts Vendor Risk and Security Benchmarking,” noted that many organizations ban downloading from piracy sites, but in some industries, more than 25% of companies are sharing files over the BitTorrent protocol. Some of the files are most likely legitimate, but many are classified as games, movies and other copyrighted content.

Software and games are especially dangerous since they contain executable files, as opposed to music and video files. Files that are executable authorize a user to automatically do tasks and functions without the user’s participation. For example, rather than booting up a video game menu screen, a user can be providing access to his or her employer’s payroll data.

“Grand Theft Auto 5” and Adobe Photoshop have been torrent site fixtures for years, despite the fact that Adobe said it would move to a subscription plan to prevent piracy. A random search of Kickass Torrents and Pirate Bay websites yielded hundreds of illicit files being spread by thousands of users, who presumably are from all over the globe.

Pirate Bay Closing Draws Attention

The 12-page BitSight report notes that file sharing problems have come to public light due to Sweden’s closing Pirate Bay after the U.S. threatened sanctions through the World Trade Organization. It notes that P2P file sharing became popular in the late Eighties and early Nineties thanks to websites like Limewire, Napster and Kazaa.

BitSight tracked file sharing activity on 23% of companies using the BitTorrent protocol among more than 307,000 companies that it rates for security performance. It notes that much of the activity violates corporate policies, even though there are no public metrics on how many companies forbid P2P file sharing.

File sharing is not illegal, the report notes; only sharing copyrighted content is.
P2P file sharing results from “shadow IT,” where employees download copyrighted business applications like Adobe and Microsoft products. Legal departments and IT departments are knowledgeable about the consequences of illegal sharing of copyrighted material. However, companies may not be aware of the security risks these activities pose.

The fact that BitSight researchers found that 43% of torrented applications carried malicious software in reviewing hundreds of torrented files from the BitTorrent protocol indicates businesses need to have technologies and policies that mitigate the risks these activities pose.

The report includes industry metrics as well as recommendations to help security professionals reduce this threat to vendor and corporate networks.

BitSight security ratings measure an organization’s security performance. The ratings are based on an analysis of observable data. Banks, insurers and equity companies use the ratings to mitigate third party risks, underwrite cyber insurance, benchmark security performance, manage portfolio cyber risk, and conduct M&A due diligence.

Report Uncovers Problems With File Sharing

Report findings include:
• File sharing is a common problem.
• Companies with file sharing carry lower BitSight security ratings.
• Torrented files carry a major malware business risk.
• A correlation exists between file sharing activity and botnet activity.
• Government, utilities and education industries are poor performers.

In analyzing the correlation between BitTorrent activity and botnet infections, BitSight noted high malware infection rates indicate companies with file sharing activity are more vulnerable to botnet infections.

Earlier research reinforces this finding, including a Vienna University of Technology paper, “Vanity Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem.” Researchers analyzed file sharing download links and observed that a majority of the programs seek to infect the target machine with one or more malware types.

BitSight examined applications and games since these categories contain executable files that tend to be more susceptible to malware. It found that 39% of games and 54% of applications carried malicious code after running the files through file scanners and accounting for false positives.

This finding indicates a high number of files shared over the BitTorrent protocol have potentially harmful software. Researchers, after finding these files had a high rate of infection, explored whether companies with file sharing activity have more compromised machines on account of botnet infections.

BitTorrent Tied Closely  To Botnet Infections

BitSight found a correlation between botnet infections and file sharing over BitTorrent protocol. BitSight cannot demonstrate malicious software from BitTorrent files caused the infections, but it does believe companies with more BitTorrent activity are more apt to have more botnet infections.

The report notes significant differences exist among industry sectors in file sharing activity. It examined 10 industries: retail, education, government, media/entertainment, energy/utilities, tourism/hospitality, manufacturing, legal, finance and healthcare. These industries provide a diverse set of sectors in the global economy.

The research found that finance is the top performer in preventing file sharing on corporate networks. A security culture and strong regulations are credited for this.

Retailers have the most breaches. In light of breaches at Home Depot and Target, many are skeptical of retailers’ ability to prevent attacks. The report noted that 22% of retailers have file sharing activity on their networks.

Healthcare achieved a “middle of the pack” file sharing performance. This sector has a lower than average number of shares.

File sharing was found in around 25% of energy/utility sector companies. The most surprising finding here is the high average shares per entity: 2.8k. The researchers found this surprising given that energy/utilities is a highly-regulated industry.

The government sector is a poor performer. About 32% of government entities indicated some level of file sharing activity on their networks. The average number of shares per entity was 3.1k.

Also read: XcodeGhost malware threatens iOS users, FireEye warns

Government Agencies Recognize The Risks

Government agencies have cited the dangers of corporate file sharing. A 2009 bill that never got beyond the U.S. House of Representatives attempted to halt file sharing by federal employees.

Downloading copyrighted media has plagued higher education administrators. The Copyright Clearance Center noted that universities may face liability claims from students’ conduct. About 58% of education sector organizations have observed file sharing on networks. Nonetheless, share-per-entity is 1.2k, which is below that of government and energy/utilities.

BitSight examined the relationship between its security ratings and BitTorrent activity. The analysis found a significant difference in median security ratings for firms with file sharing and those without it for every industry.

Recommendations For Business

Bittorrent activity in industries

The report recommended the following guidelines for businesses:
• Have a clear file sharing policy for the corporate network and enforce it. Periodic training and updates will make employees aware of security policies. If file sharing is allowed for some purposes, there need to be policies to stop unauthorized sharing.
• Configure firewalls to prevent file sharing. Companies can adjust firewalls to stop file sharing over networks.
• Verify file sharing with continuous monitoring. BitSight provides outside-in monitoring of networks. No information is required from the rated company, providing professionals the means to identify unauthorized file sharing on a network.
• Examine file sharing activity on third party vendor networks and acquisition targets, in particular, those with access to company information. Third party risk teams need to invest in verification tools to make sure vendors adhere to their stated policies. Companies seeking to make acquisitions should review file sharing activity on the acquisition target’s network.

Steps to prevent file sharing are available on the FTC website, www.ftc.gov/tips-advice/business-center/guidance/peer-peer-file-sharing-guide-business.

Professionals Can Use Recommendations

Security professionals can use the recommendations for several uses. These include:
• Benchmarking security performance
• Managing vendor risks
• Conducting M&A due diligence
• Underwriting cyber insurance

Images from Shutterstock and BitSight.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

Breaches

Coincheck Hackers Launder 40% of Stolen NEM Funds, Experts Say

Published

on

The hackers behind Coincheck’s massive NEM heist have successfully offloaded 40% of the stolen funds, according to new research by Tokyo-based consultancy group L Plus. The successful money laundering campaign highlights the ongoing challenges authorities face in bringing cyber criminals to justice.

// -- Discuss and ask questions in our community on Workplace.

Hackers Launder NEM

Analysts at L Plus believe that roughly 200 million NEM tokens, worth $79 million, have already been laundered through the dark web. However, the hackers likely pocketed a much smaller amount amid ongoing efforts to blacklist the tokens.

Nikkei Asian Review reported Monday that Coincheck was targeted with “suspicious traffic” for weeks leading up to the Jan. 26 heist. Citing a person close to the investigation, Nikkei said the attackers hacked an employee email and stole a private key needed to transfer the NEM tokens to the desired accounts. L Plus indicated that the attacker must have repeatedly accessed the Coincheck server to obtain the private key.

When the hack took place, the stolen NEM tokens were worth more than $400 million. Today, they are worth less than half that amount. The identity of the attackers remains unknown to this day. However, authorities have speculated that North Korea may have been responsible for the attack.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Coincheck plans to resume operations this week following a government-mandated freeze on all trading activity.

Japan Boosts Oversight

The attack has prompted Japan’s financial regulators to step up their oversight efforts of the cryptocurrency market. Last week, regulators penalized seven exchanges after deeming their internal controls insufficient to deal with a cyber attack.

Japan’s Financial Services Agency (FSA) slapped two exchanges – FSHO and Bit Station – with month-long suspensions. The remaining five exchanges – Bicrements, Coincheck, GMO Coin, Mr. Exchange and Tech Bureau – were given business improvement orders.

The FSA began conducting on-site inspections in late January following the Coincheck attack. Regulators have uncovered several issues, including a lack of customer protection measures and insufficient anti-money laundering controls.

Japan remains one of the most welcoming jurisdictions for cryptocurrency trading, but repeated attacks may prompt regulators to reconsider their relatively lax approach. Digital currency exchanges in Japan and elsewhere face a growing threat from cyber criminals looking to capitalize on the rising value of digital assets.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 348 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Breaches

Skepticism Grows Over BitGrail’s Supposed $167 Million Hack

Published

on

A relatively unknown cryptocurrency exchange by the name of BitGrail has informed its users of a coordinated cyber attack targeting Nano (XRB) tokens. However, the incident does not appear to be holding up to scrutiny after the founder of the exchange made an odd request to the developers of Nano shortly after discovering the alleged theft.

// -- Discuss and ask questions in our community on Workplace.

BitGrail Exchange Allegedly Compromised

The Italian exchange issued a notice to its clients last week informing them that 17 million XRB tokens were compromised in a cyber attack. The XRB token, formerly known known as Raiblocks, is valued at $9.80 at the time of writing for a total market cap of $1.3 billion. That puts the total monetary loss of the supposed heist at nearly $167 million.

Parts of the notice have been translated into English from the original Italian by Tech Crunch, a media company dedicated to startups and technology news. According to the agency,  BitGrail has stated the following:

“… Internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by BitGrail… Today a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The notice indicated that all transactions have been put on hold until authorities complete their investigation.

Very little is known about BitGrail, as it is not listed among the 183 exchanges whose volume is ranked by CoinMarketCap.

Suspicion Grows

Unlike other crypto heists, the circumstances surrounding the alleged BitGrail attack have been met with widespread suspicion. As David Z. Morris of Fortune rightly notes, this isn’t the first time BitGrail has suspended Nano withdrawals. The same thing happened in early January when the exchange halted not only Nano, but Lisk and CryptoForecast transactions as well.

The suspension was followed by an announcement that the exchange was taking measured steps to verify users and enforce anti-money laundering requirements. It was around this time that users became suspicious that BitGrail was going to cut and run with their tokens.

BitGrail founder Francesco Firano made an unusual request to the developers of Nano following the alleged attack: he asked them to fork their record, a move that would essentially restore the stolen funds.

Nano officially rejected the request on Friday, the day after Firano supposedly discovered the stolen coins. In a post that appeared on the Nano Medium page, the team said:

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Last month, hackers made off with more than $400 million worth of NEM tokens stolen from Coincheck, a Japan-based cryptocurrency exchange. The coins have yet to be recovered and the perpetrators remain at large. In 2014, a cyber heist brought down Mt Gox, which was the world’s largest exchange.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 348 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Breaches

Coincheck Hackers Are Trying to Sell Their Stolen NEM Coins

Published

on

hacker extortion bitcoin

The hackers behind the biggest crypto heist of all time are attempting to sell their stolen coins, according to an executive at the NEM Foundation. The revelations are the latest in a four-day saga that has authorities still struggling to identify perpetrators or locate the account in receipt of the stolen funds.

// -- Discuss and ask questions in our community on Workplace.

Hackers Try to Profit

Jeff McDonald, Vice President of the NEM Foundation, said Tuesday that his organization had traced stolen XEM coins to an unidentified address. It was here that the thief tried to unload the stolen funds onto six online exchanges for the purpose of selling them. McDonald said the exchanges have since been notified.

It was not immediately apparent how many of the stolen coins were spent or even the whereabouts of the account. A spokeswoman at the NEM Foundation later said the attacker sent the cryptocurrency to several random accounts in 100-token increments.

Last Friday, the attackers made off with more than $400 million worth of NEM tokens from Japanese cryptocurrency exchange Coincheck. The monetary value of the heist has fluctuated several times over the past four days, reflecting regular price moves in NEM’s native XEM token. However, Coincheck said it would reimburse account holders at a rate of 81 U.S. cents per token, which reflects the average price between Jan. 26 and 27.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Coincheck has been fined administrative penalties for failing to secure client funds. It was later revealed by the executive management team that the exchange failed to implement basic security features, such as multi-signature capability and cold storage. Rather, the XEM tokens were held in accounts connected to the internet.

Although the NEM Foundation is trying to prevent the liquidation of stolen funds, MacDonald said the attackers will likely get away with some of the money. However, the likelihood that they spend all of it is virtually zero given the market’s underlying liquidity constraints.

NEM Price Volatility

News of the heist on Friday triggered significant volatility in the price of XEM and the broader cryptocurrency market. Following a brief recovery, XEM has declined steadily over the past three days, with prices reaching new six-week lows on Tuesday. The coin touched a session low of 79 cents on volumes of more than $32 million. At press time, the coin was worth a little more than 80 cents.

Even with the decline, NEM held on to tenth spot in the global cryptocurrency rankings based on market cap. The coin’s overall value remains well north of $7 billion, according to CCN.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 5 (3 votes, average: 4.33 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 348 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending