Skip Navigation

Critical Infrastructure News

Hackers running malvertising campaign on YouTube to mine cryptocurrency

Security researchers have revealed how hackers are now bombarding YouTube videos with fake antivirus ads and running crypto jacking codes without alerting users.

Malvertisers are running fake antivirus adverts on YouTube videos by abusing Google's Double Click ad platform and tricking users into downloading malware.

Security researchers at both Trend Micro and Adguard have unearthed a sophisticated malvertising operation that helped people run cryptomining software on systems without alerting users. Ideally, such cryptomining consumes CPU power in user systems, and thus creators are required to inform users about such operations. However, those behind the malvertising campaign did no such thing.

According to security firm Adguard, the campaign was exposed after YouTube users complained about their antivirus alerting about mining attempts while they were watching videos on YouTube. Following deep analysis, researchers concluded that malicious actors abused Google's Double Click ad platform to run fake antivirus ads on YouTube videos, thereby provoking people to download malware.

'We discovered that advertisements found on high-traffic sites not only used Coinhive, but also a separate web miner that connects to a private pool. Attackers abused Google’s DoubleClick, which develops and provides Internet ad serving services, for traffic distribution. Data from the Trend Micro™ Smart Protection Network™ shows affected countries include Japan, France, Taiwan, Italy, and Spain,' noted researchers Chaoying Liu and Joseph C. Chen at Trend Micro.

The malvertising campaign was launched on such a large scale that the researchers observed a 285% increase in the number of Coinhive miners on January 24.

'The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,' they added.

Speaking with Gizmodo, YouTube acknowledged the operation and termed it 'a relatively new form of abuse'. However, it also claimed that the malicious adverts were blocked in less than two hours, thanks to a multi-layered detection system set up by the company.

'Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms,' said YouTube.


Delaware hacker indicted in multimillion-dollar fraud scheme

His notoriety began seven years ago when he was arrested at a video game convention in Boston and accused of pirating $6 million in game code that was derived from a system used to train CIA agents for combat. May agreed to a Boston judge’s offer for pretrial probation in exchange for a dismissal of his case.

Last year evidence emerged that he was back on federal authorities' radar when police seized a $60,000 BMW Coupe and about $40,000 from his Brandywine Hundred residence. The FBI at the time declined to say why the assets had been seized.

The recent indictment against May states that the car was purchased through ill-gotten gains from the alleged fraud scheme.

That scheme began in April 2016 when May and other unnamed "co-schemers" obtained legitimate serial numbers to expensive Cisco computer hardware that they did not own, prosecutors say. The indictment does not state how they obtained those serial numbers. 

The group set up false online aliases to make it appear they worked for a legitimate company. They then submitted warranty claims for the equipment associated with the ill-gotten serial numbers, the indictment states. 

Their goal was to pose as legitimate owners of the computer components and present problems to Cisco engineers that they knew would require the company to replace the hardware through a warranty program. 

Through such misrepresentations, May and his conspirators were able to convince Cisco to ship approximately 169 pieces of computer hardware to replace technology they never owned. In all, May received some 155 pieces of computer hardware — valued at $2.3 million.  

He and his conspirators had submitted requests to replace some 266 pieces of equipment from Cisco, tot. It is unclear how the group's scheme was discovered. The indictment states that they agreed to return the equipment they had reported as broken, but never did.

Chicago Police Cut Crime with Major Upgrades to Analytics and Field Technology

The Chicago Police Department (CPD) is deploying predictive and analytic tools after seeing initial results and delivering on a commitment from Mayor Rahm Emanuel, a bureau chief said recently.

The issue, as the mayor said during his 2018 Annual Budget Address on Oct. 18, is how best to ensure that a rise in shootings and murders dating to 2015 continues to decline. Emanuel emphasized and police officials agree that using the latest in IT, including video surveillance and computer analysis of incidents, is reducing violent crime in the city.

Last year, CPD created six Strategic Decision Support Centers (SDSCs) at police stations, essentially local nerve centers for its high-tech approach to fighting crime in areas where incidents are most prevalent.

Jonathan Lewin, chief of CPD’s Bureau of Technical Services, revealed plans to expand the number of centers at the recent CES 2018. Effective immediately, CPD will add four additional SDSCs, Lewin told an audience of more than 100 on Jan. 11 at the consumer electronics show in Las Vegas.

“I’m happy to say that in the first six districts that went live, we were able to tie together a range of technology into a single platform,” Lewin said during a discussion of “Paving the Way for Connected Emergency Vehicles.”

Connecting features like predictive mapping and policing, gunshot detection, surveillance cameras and citizen tips lets police identify “areas of risk, and ties all these things together into a very consumable, very easy to use, very understandable platform,” said Lewin.

“The predictive policing component … the intelligence analyst and that daily intelligence cycle, is really important along with the room itself, which I didn’t talk about,” Lewin said in an interview.

P2P Botnet

This unusual new IoT botnet is spreading rapidly via peer-to-peer communication

A new Internet of Things botnet is the first of its kind to use custom-built peer-to-peer communication to spread to new targets.

Dubbed Hide 'N Seek (HNS) by the researchers at security company Bitdefender, the botnet first appeared in early January before disappearing then re-emerging on January 20.

The botnet communicates between devices using a decentralised peer-to-peer mechanism. It uses the same exploit as the Reaper botnet to infect devices, although there's currently no indication that the two armies of hijacked machines are related.

While Hide 'N Seek isn't the first botnet to have a peer-to-peer element -- the Hajime botnet used P2P architecture -- but rather than being constructed around a existing BitTorrent protocol, HNS uses a custom-built P2P system.

Equipped to carry out commands including data exfiltration, code execution, and interfering with a device's operation, initial reports said 2,700 devices were infected by the malware as of the end of January 23.

Now, under 48 hours later, the figure is thought to be over 24,000, and the botnet has spread around the globe. This is a network which just days ago was only made up of 12 devices in South-East Asia.


Hacker jailed for DDoS attacks against Skype and Google

A 21-year-old has been jailed for two years after being convicted of launching DDoS attacks against high-profile technology firms.

The UK's West Midlands police force said late last week that Alex Bessell, from Liverpool, was behind a string of attacks against well-known brands, including Skype, Google, and Nintendo's Pokemon web domains.

In a statement, the law enforcement agency said Bessell ran a botnet with over 9,000 slave PCs under his command which were used to launch Distributed Denial-of-Service (DDoS) attacks.

DDoS attacks send a flood of illegitimate traffic to web domains in a bid to crash them and prevent legitimate traffic from reaching these addresses, causing businesses disruption, time, and money to resolve.

West Mid says that this "zombie army" was used to conduct 102 attacks on companies.

In addition, the botnet was used to steal 750 account credentials -- although which and where were not disclosed -- and compromised PCs to deliver malware payloads.

The 21-year-old was also charged with operating a store hidden in the Dark Web.

Under the name "Aiobuy," Bessell sold a variety of hacking tools and malware, including remote administration tools, botnet systems, crypters, booter access, and "other illegal items," according to law enforcement.

Over 9,000 products were on sale, and Bessell made at least $700,000 from his business. Aiobuy catered for roughly 26,000 customers.

Bessell was charged with 10 offenses, including unauthorized access to computers, impairing the operation of computers, making and supplying malware, and money laundering.

The man pleaded guilty and landed a two-year jail sentence.