Connect with us

Cybersecurity

‘Tis the Season for Cyber Criminals

Published

on

With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cyber criminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.

For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.

According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk of 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.

Let’s take a look at the biggest threats that you should be aware of.

Malvertising: A growing threat

Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.

Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.

Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.

Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.

Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.

Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.

Phishing

One of the most dangerous threats this season is Phishing. Phishing occurs when cyber criminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.

This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.

The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter, and that retail/service was the most targeted industry sector, with payment services close behind.

To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.

When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.

Weak Passwords

Big sites have strong security measures in place, but independent of all that security, the weakest link is probably your password.

Nowadays, several sites enforce the use of secure passwords, but for those that don’t, you should be proactive.

Here are some suggestions for creating passwords:

  • Don’t use common passwords.
  • Don’t use passwords related to your personal information.
  • Do use a combination of lowercase characters, uppercase characters, numbers and symbols.
  • Do use long passwords: 10+ characters.
  • Change your passwords periodically.
  • If you use a phrase, using random words is preferred.
  • Use multifactor authentication wherever available. Multifactor authentication adds one or more security layers to accessing accounts, making them almost impossible to compromise, even if the attacker gets your password.

Using debit cards for online purchases

As debit cards are a direct link to your bank account, you should avoid using them for online purchases. If they get compromised, a cyber-criminal can empty your bank or savings account.

Credit cards offer better protection against identity fraud, and allow you to dispute any fraudulent charges. Even better if you have a low-limit credit card that you use only for online purchases.

Remember also to frequently check your card statements, especially during the holidays, and immediately refute any suspicious charges.

Security holes due to outdated software

Update your software frequently on all your devices, including smartphones and tablets, as it will keep you safer. Cyber-criminals are constantly working to discover security flaws that will grant them access to your sensitive information.

Nowadays, people know the importance of keeping their operating systems up-to-date to be protected against viruses and malware. But they do not know that hackers have moved to targeting browsers, which everyone uses to interact with the Web. They are looking for vulnerabilities in the browser, especially in the browser’s plugins, such as Flash Player or Java.

To prevent these flaws from being exploited, make a habit of frequently updating both your operating system and any third-party applications, including browser plugins.

Not having anti-virus and anti-malware software

Whether you’re using a Windows or a Mac computer, run anti-virus and anti-malware software. Macs are just as prone to getting viruses as Windows computers, contrary to what most people believe. These software don’t degrade your computer performance, especially on new devices. Lastly, schedule periodic—at least once a month—full malware scans on your computers.

Unencrypted devices

Your personal devices—laptops, tablets, and mobile phones—typically contain a lot of sensitive information about you.

What if they end up in the wrong hands? Encrypt your devices. Encrypting scrambles the information so it is not easy to read. If any of your devices are lost or stolen, your sensitive data will be safe.

Encrypted devices protect your information if your device is ever stolen.

Public WiFi

Never, ever send your sensitive information when on a public WiFi network, especially if you want to buy online or enter your bank account. Most public WiFi services are not secure. Cyber-criminals may be watching the network, waiting for you to enter your personal information.

Recommendations

Based on all the aforementioned threats, we created the following list of recommendations that you should consider to stay protected this season.

  • One easy way to confirm that you are on a legitimate site is to look for https:// at the beginning of the URL, and look for the padlock icon, identifying that the site has been approved by a third-party certification authority.
  • It doesn’t matter how convincing a site might look—a deal that seems too good to be true probably is. Try to stick to stores you recognize, if possible.
  • Be careful against scams that spoof major retailers by always verifying the URL.
  • Do not click on any links you do not recognize, especially if they come from an unknown source.
  • Use credit cards for online purchases; if you have low-limit cards, even better. Credit cards have better protection against identity fraud, should you be victimized.
  • Periodically review your credit card statements, and report suspicious transactions immediately.
  • Never disclose your credit card information, either online or over the phone, unless you know who you are doing business with.
  • Use strong passwords for your accounts.
  • Passwords you use on shopping sites should never match passwords you use for more sensitive sites, such as your bank, social media networks, or cloud storage accounts.
  • Password management software is a very good idea, so you can have different strong passwords for each site you use without memorizing them. You just have to remember the passwords to unlock the password manager. Password management software helps you create complex passwords for your accounts and automatically submits this information when you need to log into them. There are even excellent free alternatives, such as Last Pass
  • Use multifactor authentication wherever available. Multifactor authentication adds one or more security layers to accessing accounts, making them almost impossible to compromise, even if the attacker has your password. For example, Amazon added this option a few days ago.
  • If you use your smartphone to shop online or use online banking, make sure your mobile devices are protected using a password or your fingerprint. This reduces the chance of losing confidential data if your phone is stolen.
  • Equip your devices with security software (anti-virus and anti-malware) and encrypt them if possible.

 Closing Comments

Cyber criminals are always lurking to steal information from vulnerable devices and incautious customers, especially this season.

The best defense against cyber crime is prevention—knowing the threats and taking action to minimize the risk of being an easy target. We have given you the knowledge—use it to your advantage and shop safely.

Credit to Auth0.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...





Feedback or Requests?

Bitcoin

BlockState Interview Part One: Institutional Investment Framework Story

Published

on

The mainstream media narrative has shown an uncompromisingly negative bias towards institutional crypto investment of late and it only seemed fair that we got in touch with some people who have professional expertise in the field.

BlockState is a platform that aims to deliver a modular blockchain-based legal and technological infrastructure for financial institutions which combats the low interest and return rates offered by traditional asset classes.

We spoke to the three co-founders: Paul Claudius, Michael Weber and Samuel Brack regarding the nature of the project. In addition to how they met and how it all started, their current status, and their plans for the future.

BlockState in Brief

On their website, the BlockChain team states that their intention is to provide “a technological and legal bridge between blockchain technology and financial markets.”.

It is an infrastructural platform upon which organisations within these sectors build or inform their own solutions – and is unashamedly focused towards providing products for the institutional investment crowd.

On the One Hand…

When asked about the ethics, technological approach and modus operandi of BlockState, Managing Director Paul Claudius was eager to provide a comprehensive, dichotomised summary.

“On the one hand we are creating the basis for institutional investors to access the digital assets markets.

“Investment banks can’t simply open a wallet on their phone and start buying crypto-assets. They need a range of services and processes in place to make sure that they abide by regulation and their internal requirements.”

The BlockState consensus is that there are insufficient frameworks in place to mitigate the obstacles faced by companies unfamiliar with the many intricacies of the crypto-space at present.

This is not to mention the prohibitive nature of the past progression of technological and regulatory standards, which are largely non-standardized.

… And On the Other

The ‘other hand’ to which Paul refers to is the lack of blockchain or cryptocurrency integration at product or service levels within the institutional market.

For this reason: BlockState posits the second half of its service as an offering to:

“help institutions leverage blockchain to improve their existing processes… helping them tokenize financial products and using smart contracts to govern their execution… [to] save massive amount of resources while making their systems more transparent and efficient.”

In theory all transactions will be immutably recorded on the blockchain, which will ensure that all parties involved can access this data and that all transactions will be processed quickly.

Performance can distinguish a winning cryptocurrency from a useless dud.

The Three Musketeers

In addition to Paul Claudius, we got the opportunity to speak to fellow founding members Michael Weber and Samuel Brack.

Paul specialises in Strategy and Business Development, whilst Michael’s role is to take the lead on Product Development and Project Management duties. Their specialisms are Strategy and Business Development, and Product Development / Project Management (respectively).

Samuel Brack is the cryptocurrency brains of the operation and performs something of a hands-on position, donning the title of Chief Technology Officer. He sits in a more hands-on position, acting as Chief Technology Officer (CTO) for BlockState.

Before BlockState

Paul recalls that the executive leadership team had “all already knew each other” before the BlockState project even began.

Whilst he and Michael Weber had made acquaintance whilst studying together at the ESPC Europe business school, Michael had met up with Samuel Brack as they were co-founding partners on a prior blockchain based project entitled ‘Goodcoins’.

Whilst they have sold their stake in Goodcoins since, Samuel at least considers his time on the project to have equipped him a knowledge which has been brought forth to BlockState.

Beginners Luck?

On a more personal level: Paul Claudius described his first interaction with the world of cryptocurrency as being the moment in 2012 in which a friend had recommended Bitcoin to him as a potential investment.

He has not disclosed exactly how much Bitcoin he purchased in 2012 but if story is true, considering the token’s contemporary value of $13: Paul would have made a profit of a whopping 51614.53% on his investment. No matter the amount invested.

Products, Pains and Peers

Michael Weber (product lead and project management professional) broke down the trio of primary services / product lines that BlockChain focuses on as being “asset management, dept capital, and derivatives” – with a perceived overlap between the three.

This is as well as the ability for tailoring packages for clients from these tested specialisms.

If these products names appear distinctive yet simple, then you would be correct. Of course, this is one of the main objectives of marketing – however it does not help a company to distinguish itself from its peers.

“While most focus on very specific needs, our infrastructure integrates solutions at every level of the financial product lifecycle, from issuance to reporting always with a view to improving current products on the market.”

This isn’t an easy task however, with obstacles to full-automation rearing their heads alongside undesirably long payment clearance times,

“Some of the major pain points specific to the asset management and derivatives markets and resource consuming operations are settlement and clearing, which can take up to 30 days… with manual processes like getting signatures and manual transactions.”

With a Little Help From My Friends

The three musketeers of BlockState with whom we have already spoken are supposed to possess their own unique-yet-compatible inventories of skills and experience. If the team has any luck it will prove a winning combination.

Three men cannot rule an empire alone however and as the popular idiom goes: successful leaders fill the gaps in their expertise by surrounding themselves with knowledgeable advisors. Following this, BlockState boast a roster of advisors who may just fit the bill for now.

They include (according to Paul):

  • “Patrick Storchenegger, co-founder of the Ethereum Foundation in Zug, is our advisor on legal questions. He brings years of experience from blockchain, capital market law and international tax and business consultancy…
  • “Andrea Voinea, who helped to structure the first Gold Exchange Traded Fund, is a seasoned professional from the asset management market…
  • “Ludwig Schrittenloher, who spent nearly six years at Credit Suisse, offers a breadth of knowledge in DCM and structuring…
  • “[and] Martin Schröder, currently a Director in an investment firm, is an expert in derivatives and also very knowledgeable in capital markets and structuring.”

Estimated Time of ETN

Looking not to the past or present, but forward to what the future may hold for BlockState (or at least, what they plan to happen), we asked Paul Claudius some closing questions in an attempt to reach some conclusions on what may come next…

“At the end of September, we will launch the CTF15 Exchange Traded Note, and it will also be listed on a major European Stock Exchange – to be announced soon…”

An Exchange Traded Note (or ETN) is “a type of unsecured, unsubordinated debt security”

Final Words

Perhaps more exciting even is the fact that the team are currently in the process of preparing the launch of an ‘Equity Token Sale’, issued as part of the company’s equity in a public sale.

According to Paul, it will be “one of the first companies ever to tokenize their equity in a fully regulated and compliant manner, driving the adoption of security tokenization in the financial space.”

Paul, Simon and Michael parted our discussion by asking to remind readers of a forthcoming event at which all three will be attending: the Delta Summit in Malta, which takes place from October 3rd to the 5th.

Stay tuned for the second part of this interview coming soon: in which the team will deliver their commentary on recent news, the present situation; and future predictions on the market and industry.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.4 stars on average, based on 8 rated posts




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats

Published

on

Bitcoin Core has emerged seemingly unscathed from a major vulnerability that threatened to shut down parts of the network in a denial-of-service (DoS) attack. But apparently, the bug was even worse than originally thought. According to a Bitcoin Core Full Disclosure Report, the issue included an “inflation vulnerability,” one in which if seized upon could have bolstered the supply of bitcoin beyond the famous 21 million coin ceiling. By pouring more coins into the supply, the hackers would have diminished the value of the circulating bitcoins.

The decision to expose only the lesser extreme part of the bug to the public was deliberate. According to the report:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”

Double-Edged Sword

The strategy was a success and the bug is no longer a threat, as evidenced by more than 50% of the bitcoin mining hashrate having been upgraded to the patched nodes with no known attempts to “exploit this vulnerability.”

Here’s what we know, according to the report –

“A developer by the title earlz independently discovered and reported the vulnerability to the Bitcoin Core security contact email.”

Meanwhile, on social media, a contributor identified as a Bitcoin Cash developer who goes by the handle “Awemany” was cheered on Reddit for discovering and reporting the bug and cementing their place in “bitcoin’s history book.” Awemany in a blog post pointed to bitcoin developer Matt Corallo, whose 2016 pull request in an attempt to accelerate validation times led to what Awemany characterized as “one of the most catastrophic bugs in Bitcoin ever.”

The bottom line is that the bug was discovered and the threat has been lifted. It’s both a reminder of the risks associated with the consensus mechanism and a demonstration of good faith among the decision makers.

While it’s mostly the future of ETH that has been contemplated of late, given the plummeting of the No. 2 cryptocurrency’s value this year along with the confidence of investors, bitcoin has its own issues. In an exclusive interview with CCN, Sheffield Clark, who is at the helm of bitcoin ATM maker Coinsource, pointed to potentially “stagnant” mainstream adoption of bitcoin amid a lack of regulatory framework to help resolve issues like extreme volatility.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 62 rated postsGerelyn has been covering ICOs and the cryptocurrency market since mid-2017. She's also reported on fintech more broadly in addition to asset management, having previously specialized in institutional investing. She owns some BTC and ETH.




Feedback or Requests?

Continue Reading

Cyberespionage

North Korea is now Targeting Crypto Users with Macs

Published

on

AppleJeus Malware Hack

The Lazarus group has earned quite a reputation for themselves in cyber-security circles.

This group of North Korean hackers have been responsible for some of the most well known intrusions in the past few years. For example, they were behind the Sony Pictures hack in 2014, the Bangladesh central bank heist in 2016 and the Wannacry ransomware outbreak in 2017.

It is safe to say that these are quite effective operators.

However, with the popularity of cryptocurrencies, the Lazarus group has changed their attack vectors and are targeting every day users with Malware.

The latest report now has the hackers using MacOS malware to hoover up information from those cryptocurrency users who work on Macbooks.

“AppleJeus”

This was the first time that the Lazarus group has developed malware to target Mac users. Indeed, Mac operating systems are far less susceptible to Malware than Windows based systems.

It was a surprise for researchers at Kaspersky Lab to have learned about the latest Lazarus attempt to target users with there macOS malware. They have labelled it “AppleJeus”.

This was first spotted on machines that were being used by cryptocurrency company in Asia. Indeed, this is no coincidence as the Lazarus group has often targeted cryptocurrency related businesses and exchanges in South Korea.

How Does it Work?

AppleJeus hides itself inside the code of a seemingly legitimate piece of cryptocurrency trading software called Celas Trade Pro. The user will download the app from the website of the developer. When it is first downloaded, there are no signs that anything could be off. The app appears to operate normally.

Celas Trade Screenshot

Screenshot of Celas Trade, the offending program. Source: kaspersky labs

Once the app is installed on the device, it will request to update the software. This sort of request is present in authentic software and as such will not trigger any alerts. However, there is malicious code that is inside of this update.

The moment that the update is installed, it will scan the computer and gather as much information as possible. This will then be sent back the hacker’s server so that they can make a decision on whether the person is worth attacking.

If they think that there is valuable information (or cryptocurrency) on the machine then they will instruct the software to install a trojan called “Fallchill”. For those who do not know, Trojans are malicious malware that will install a “backdoor” into the machine

Fallchill is a particularly robust trojan and can gather a great deal of information from the machine. This includes data such as financial information, login credentials and of course, information about cryptocurrency trading accounts.

Once the hackers have this personal information, they can either access your online accounts or they can conduct other spear phishing attacks against you. It is indeed a troubling development and according to Vitaly Kamluk of Kaspersky:

“For macOS users this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies”

So now that you know North Korea is actively trying to get their hands on your cryptocurrency, how do you protect yourself?

Keeping Safe from AppleJeus

The most effetive way to protect yourself from this Malware is to make sure that you only download software that is well known and reputable. This of course goes without saying but it is far too often that relatively inexperienced cryptocurrency traders will avoid doing their research.

The researchers have recommended that people and businesses do not download the software of Celas Trade. Even though they appear to have a a good reputation and verified digital certificates, this cannot be fully trusted.

You should also consider investing in some effective anti-malware software that you should use to scan all files that you have downloaded. This should be done even if you trust the source because hackers have been known to infiltrate trusted websites.

Cryptocurrency Security 101

Even if you are unlucky enough to have your machine infected with crypto grabbing malware, basic crypto security best practices will still protect you.

If you do a great deal of online trading with your cryptocurrency then it is essential that you secure your accounts with 2 factor authentication. This way, you are at least able to reduce the number of attack vectors.

You should always secure your large cryptocurrency holdings in hardware wallet. This is because the wallets operate external from the machine and hence the trojan cannot read your private key information.

Caution and a healthy does of scepticism will protect you from the an unhealthy does of AppleJeus.

Featured Image via Fotolia.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 3 rated postsNic is an ex Investment Banker and current crypto enthusiast. When he is not sitting behind six screens trading Bitcoin, he is maintaining his numerous mining rigs.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending