Cryptocurrency mining attacks have skyrocketed in the last year. The Cyber Threat Alliance reported a 459 percent increase in cryptominer detections from 2017 through 2018, demonstrating they have rapidly become one of the most in-vogue forms of attack.
By: Ray Kafity Things are heating up in the Middle East when it comes to cyberattacks, with entire industries, including regional governments, feeling the brunt. So much so, that mainstay industries like Banking & Finance, Oil & Gas, and Retail are increasingly finding themselves in the crosshairs of cybercrime, making them the most heavily targeted sectors in the region. It has become evident that no organization, regardless of size, is off-limits. Organizations must assume they are a target – or will become one eventually. Therefore, adopting advanced tactics of defense and keeping up-to-date with technological advancements in the field is a necessity.
Hackers used a man-in-the-middle attack to compromise an Amazon DNS server leading to about $152,000 in Ethereum cryptocurrency being stolen from MyEtherWallet.com customers when they were redirected to a phishing site where their wallet’s login credentials were stolen.
The incident began on Tuesday when cybercriminals used a border gateway protocol, a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems, rerouting traffic intended for Amazon’s Route 53 DNS service to a second server hosted by Equinix and then on to a server in Russia, according to reports from ESET’s Graham Cluley and a CloudFlare blog.
The IPs involved, 188.8.131.52/23, 184.108.40.206/23, 220.127.116.11/23 and 18.104.22.168/23, are all allocated to Amazon. CloudFlare said during the two-hours when malicious actors had control of the DNS server the IPs only responded to requests for myetherwallet.com and these requests were then sent along the chain to the Russian server where they were delivered to a phishing website where the victim’s wallet credentials were stolen leading to their Ethereum wallets being emptied.