Bitcoin, Cryptocurrency and Fintech Headlines Blog

#244 Anthony Lusardi: Ethereum Classic Cooperative – Accelerating the Growth of ETC 0

#244 Anthony Lusardi: Ethereum Classic Cooperative – Accelerating the Growth of ETC

The 2016 Ethereum hard fork left us with two distinct Ethereum chains. While the main Ethereum chain dwarfs Etherem Classic in terms of market cap, ETC has sustained its position as a significant actor in the broader blockchain ecosystem. ETC’s recent listing on Coinbase demonstrates its credibility as a significant industry player.

We’re joined by Anthony Lusardi, Director of the Ethereum Classic Cooperative, an organization who’s goal is to promote the development of the Ethereum Classic Network. Similarly to other industry organizations, The Cooperative invests in core development of the ETC blockchain, community building, marketing, and brand awareness.

Topics discussed in this episode:

  • Anthony’s background and how he became involved in the crypto community
  • The Ethereum Classic Cooperative and the goals of the organization
  • What the ETC ecosystem looks like two years after the fork
  • The people and companies contributing to the project and building on the platform
  • The overlap and friction points with the broader Ethereum community
  • ETC’s unique value proposition as a blockchain platform
  • SputnikVM as an alternative to the Ethereum Virtual Machine
  • The potential attack vectors on ETC, including 51% attacks
  • Why the ETC community stands behind Proof-of-Work
  • The Cooperative’s plans to remain relevant and the project’s development roadmap

Links mentioned in this episode:

Support the show, consider donating:

This episode is also available on :

Watch or listen, Epicenter is available wherever you get your podcasts.

Epicenter is hosted by Brian Fabian Crain, Sƒbastien Couture & Meher Roy.

Op Ed: Addressing the Threat of Cryptomining Malware 0

Op Ed: Addressing the Threat of Cryptomining Malware

Op Ed: Cryptomining Malware

One major class of attacks to hit the hacking landscape recently is cryptomining. While cryptomining on its own supports a good cause when being done consciously, it also allows nefarious actors to make a lot of money fast, and, with the sheer number of cryptocurrencies available to mine, it is becoming a popular choice for attackers.

The technique essentially involves an attacker taking advantage of another person’s computer and using its CPU power to mine for cryptocurrency. If the malware is configured to consume a large percentage of CPU power, it can prevent the CPU from doing other tasks and effectively deny the user access to the machine and its application.

The malware mining work is often done through mining pools, a collaborative framework which allows numerous “miners” to work together, thus increasing the amount of money the attackers can make collectively.

So what can organizations do to protect their systems against this attack?

Hitting the Target

Attackers try to exploit any publicly available interface that will allow them to carry out the attack. Such interfaces can include misconfigured services in the cloud like databases, caches, management tools like Kubernetes and more. For example, recent research from Imperva shows that 75 percent of Redis servers are infected with cryptomining malware.

Having said that, web servers remain the largest target for attacker, since they are meant to be public.In fact, cryptomining has grown so popular that, in the closing months of 2017, there was a surge in attacks, where researchers saw that 88 percent of all remote code execution attacks (RCE) sending requests to external sources were trying to download cryptomining malware on target machines.

To carry out cryptomining attacks, hackers will first look for an RCE vulnerability, which allows attackers to run arbitrary code on the vulnerable server. For example, a recent RCE vulnerability attackers used to mine cryptocurrency was related to insecure deserialization. In these types of vulnerabilities, attackers tampered with serialized objects that were sent to the web application. Then, after the object was deserialized, malicious code was run on the vulnerable server, which allowed the attacker to mine for cryptocurrency.

Cryptomining attackers use similar techniques to other attacks in terms of infection, evasion and persistency. However, in some cases, we see malware samples that try to maximize the attack, and their profit, either by spreading in the network through vulnerable devices or injecting code to the server that affects the end users.

In addition, cryptomining attacks can be a prelude to other kinds of malicious activity. If a server is infected, it usually means that it is vulnerable to some kind of a code injection. The same vulnerability that was exploited to infect the server with cryptomining malware can be reused to infect it with other malware or to launch further attacks on the attacker’s behalf. An infected end-point means that the attacker has gained a foothold in your internal network and that the attack can potentially spread to other machines in your organization.

Although bitcoin is probably the best-known and most popular cryptocurrency, attackers are not mining for bitcoin; this is not only because special hardware is required to mine for this coin, but also because bitcoin transactions are not private. This means that coins can be traced back along the transaction chain, which means attackers have a higher chance of getting caught.

As a result, attackers are instead increasingly mining for two types of coins: privacy-focused coins like Monero, and newer cryptocurrencies that require less specialized mining equipment. These alternative cryptocurrencies allow attackers to undertake transactions without the fear of it being traced back to them as an account balance cannot be seen, and the transaction does not reveal the sender, receiver or the amount transferred.

Protecting Against Cryptomining Attacks

To protect against cryptomining attacks, organization should try to reduce their attack surface as much as possible,  limit public access to their assets whenever it is possible and enforce rigid authentication processes.

Cryptomining malware usually needs a lot of computing power, thus a simple detection can be achieved by monitoring the CPU for high consumption. However, some cryptomining attacks are programmed to work under the radar. They are specifically configured not to overload the CPU, thus making them more difficult to detect.

To protect against cryptomining attacks, organizations must first ensure their systems are fully up to date with all relevant patches. In order for cryptomining to be successful, attackers must first take advantage of a vulnerability. However, if an organization is up to date with all its patches, then this entry point is sealed.

As attackers are targeting RCE vulnerabilities in web applications to launch their malware, patching is crucial. By ensuring IT teams are fully aware of— and ensuring systems are up to date with — the latest vendor patches, these kinds of vulnerabilities can be mitigated.

Alternatively, virtual patching can also be utilized to actively protect web applications from attacks. This reduces the window of exposure and decreases the cost of emergency patches and fix cycles. A web application firewall that provides virtual patching doesn’t interfere with the normal application workflow and keeps the site protected while allowing the site owners to control the patching process timeline.

Taking Action

Illicit cryptomining is an effortless way for nefarious actors to make money as it slips under the radar of victims. Plus, it is lucrative. The attack itself is simple to mount and is rapidly overtaking ransomware in becoming the most prevalent attack vector. Although some see this type of attack as simply a nuisance, cryptomining has the potential to cause large scale “brownouts,” as computer infrastructures collapse when criminals fight for compromised systems to get their hands on cryptocurrencies.

This is a guest post by Nadav Avital, an application security research team leader at Imperva. Nadav has more than a dozen years of experience working in the computer and network security industry with strong technical skills in application security, hacking, operating systems (Linux and Windows), web architecture, Python and PHP. Views expressed are his own and do not necessarily reflect those of Bitcoin Magazine or BTC Media.

This article originally appeared on Bitcoin Magazine.

Change.org Launches Screensaver That Mines Crypto for Charity 0

Change.org Launches Screensaver That Mines Crypto for Charity

Change.org Launches Screensaver That Mines Crypto for CharitySocial petition platform, Change.org, has announced the launch of a screensaver that mines Monero on behalf of the organization. “The Mining Screensaver” will pool the computing power of the program’s users, with all XMR generated being automatically transferred to the Change.org Foundation. Also Read: Iran Considers Using Cryptocurrencies to Evade US Sanctions “The Screensaver That Mines […]

The post Change.org Launches Screensaver That Mines Crypto for Charity appeared first on Bitcoin News.

Bitcoin Price Watch: Currency Spikes to Nearly $7,300 0

Bitcoin Price Watch: Currency Spikes to Nearly $7,300

At press time, the father of cryptocurrency has jumped to $7,327. This is a massive increase from yesterday’s price, and a clear sign that bitcoin is strong enough to handle present resistance, which is set at roughly $6,800. Granted the currency can step beyond that level, we are likely to witness $7,600 next, according to […]

DoE Backs Blockchain Energy Platform with $1 Million US Grant 0

DoE Backs Blockchain Energy Platform with $1 Million US Grant

The U.S. Department of Energy (DoE) has announced it will award 95 grants for a total of $95 million to 80 businesses in 26 states. One beneficiary is blockchain business Grid7, which is set to receive almost $1 million as a government grant. DoE Backs Blockchain Energy Project Grid7 is being awarded $999,363 by the

The post DoE Backs Blockchain Energy Platform with $1 Million US Grant appeared first on NewsBTC.

Bitcoin Price Rises as BlackRock Announces Interest in Crypto 0

Bitcoin Price Rises as BlackRock Announces Interest in Crypto

The next economic battleground is surely cryptocurrency; it is the first new asset class to have emerged in decades, and everyone wants a piece of the action. The Bitcoin price is rocketing as BlackRock, the world’s biggest investment fund manager, has announced its intention to explore and likely enter the crypto market with its $6.3 […]

Concern Mounts Over Potential Crypto Exchange WEX Exit Scam 0

Concern Mounts Over Potential Crypto Exchange WEX Exit Scam

Users are increasingly concerned that an exchange claiming to be based in Singapore is pulling an exit scam following suspicious trading activity and locked wallets that are now preventing all users from withdrawing funds. On July 11, CCN reported that BTC/USD was trading on the WEX exchange at over $9,000 despite the global market average

The post Concern Mounts Over Potential Crypto Exchange WEX Exit Scam appeared first on CCN