Rewterz Threat Alert – New IcedID banking Malware Campaign – Active IOCs
December 28, 2022Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
December 28, 2022Rewterz Threat Alert – New IcedID banking Malware Campaign – Active IOCs
December 28, 2022Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
December 28, 2022Severity
High
Analysis Summary
One of the biggest cryptocurrency mining pools in the world, BTC.com becomes the target of a cyberattack that resulted in theft of around $3 million worth of crypto assets. BTC.com is one of the largest platforms for transferring Bitcoin, with millions of users worldwide.
The cyberattack resulted in the theft of $2.3 million in digital assets owned by the company as well as $700,000 in cryptocurrency owned by customers of the company.
The company stated,
BTC.com, experienced a cyberattack on December 3, 2022. In the cyberattack, certain digital assets were stolen, including approximately US$700,000 in asset value owned by BTC.com’s clients, and approximately US$2.3 million in asset value owned by the Company.
The company reported the attack to Chinese law enforcement officials in Shenzen after discovering the attack. On December 23rd, 2022, the authorities initiated an investigation into the security breach.
“On December 23rd, 2022, the authorities had launched an investigation, began collecting evidence, and had requested assistance from and coordination with relevant agencies. The Company will devote considerable efforts to recover the stolen digital assets.”
Since then, the company has partially recovered some of the stolen cryptocurrency, though it has not disclosed how much.
In the wake of discovering this cyberattack, the Company has implemented technology to better block and intercept hackers.
BTC.com added that it has taken measures to block similar attacks in the future and that its operations and client fund services have not been affected.
There is no information available currently on how the attackers were able to obtain the bitcoin or whether any information was stolen during the incident.
The company concludes, “BTC.com is currently operating its business as usual, and apart from its digital asset services, its client fund services are unaffected.”
Impact
- Crypto Assets Theft
- Digital Assets Theft
Remediation
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Ensure that all employees have received comprehensive training on the necessity of protecting sensitive data, best practices for preventing cryptojacking, and a detailed awareness of the various ways cyber attacks can occur.
- Update software and patches regularly against all known vulnerabilities.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- Limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible. Keep track of users with admin privileges and access to critical infrastructure.