A major Russian-language underground forum has been running a “contest” for the past month, calling on its neighborhood to submit “unorthodox” ways to perform cryptocurrency attacks.
The forum’s administrator, in an announcement designed on April 20, 2021, invited customers to submit papers that evaluate the chance of focusing on cryptocurrency-relevant technology, together with the theft of private keys and wallets, in addition to masking unusual cryptocurrency mining software, good contracts, and non-fungible tokens (NFTs).
The contest, which is likely to keep on until September 1, will see complete prize dollars of $115,000 awarded to the most effective investigate.
“So significantly, the top rated candidates (in accordance to discussion board member voting) consist of matters like making a faux blockchain front-stop site that captures delicate facts these kinds of as private keys and balances, developing a new cryptocurrency blockchain from scratch, escalating the hash price speed of mining farms and botnets, and demonstrating a personalized tool that parses logs for cryptocurrency artifacts from victim devices,” said Michael DeBolt, Intel 471’s Senior Vice President of Worldwide Intelligence, in an email job interview with The Hacker News.
Other entries looked at manipulating APIs from common cryptocurrency-similar expert services or decentralized-file technology to get non-public keys to cryptocurrency wallets as nicely as generating a phishing web page that permitted criminals to harvest keys to cryptocurrency wallets and their seed phrases.
With underground marketplaces like Hydra enabling cybercrime groups to hard cash out their cryptocurrency haul, submissions that could be of use to Ransomware-as-a-Support (RaaS) operators in buy to move up the tension and drive their victims into heeding to their ransom needs is probably to obtain enormous consideration. But DeBolt pointed out that most entries so significantly have been about recommendations or applications for how to plunder cryptocurrency property, which is not probably going to be of “immediate significant value” to RaaS cartels.
Despite the fact that other circumstances of incentivized contests involving topics like mobile OS botnets, ATM and position-of-sale (PoS) exploits, and phony GPS alerts have been observed right before in the cybercrime underground, the development is however a further indication that criminals are progressively exploring cutting-edge techniques to meet up with their monetary motives.
“The greatest takeaway from the adversary aspect is that this style of incentivized awareness-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit assets in a single spot and earning it simpler for like-minded criminals who want to go after cryptocurrency hacks by offering them a platform to collaborate, talk about and share tips,” DeBolt mentioned.
“Conversely, the largest takeaway from the defender side is that we can just take edge of these open up contests, to gain an being familiar with of present and rising methodologies and techniques that we can put together for. It illuminates matters for us and aids to stage the enjoying field,” he added.
Found this write-up attention-grabbing? Observe THN on Facebook, Twitter and LinkedIn to read through extra exclusive written content we post.
Some components of this short article are sourced from: