Hackers scan the web for vulnerable information from Bitcoin and Ethereum portfolios
Cryptoactives are the object of desire by cybernetic pirates due to their value and in recent years, Bitcoin and other cryptoactives have had important price hikes that seem to threaten the financial markets, being the protagonists of a dynamic and volatile market where more and more people are participating.
Bitcoin and Ethereum, have been two of the main attractions for cyber pirates, who according to reports are no longer satisfied with making ransomware attacks to obtain them, but now scan the network in search of sensitive information about cryptoactive portfolios.
The effort of scanning the network carried out by the hackers has been detected by cybersecurity researchers, who identified that various compressed, copying and backing files of cryptoactive portfolios are in the sights of hackers. According to researcher Didier Stevens, he had done similar research a couple of years ago, but he had never seen so many scans of the network at the same time, the last time he saw a similar amount during the rise of 2013.
The idea of scanning the Internet in search of these files is to detect sensitive information from portfolios that may allow access to funds, and then steal them. Now, they are not only looking for bitcoin portfolios, but also for Ethereum, the second cryptoactive in market capitalization.
In the case of the smart contracts network, the attackers make false requests to the JSON-RPC interface contained in the Ethereum nodes, being an API that allows them to access information that should only be exposed in closed, local environments. This is because that interface does not have authentication mechanisms, so any server can make requests to the node to make fund movements in the portfolio applications installed there, according to the specialist Dimitrios Slamaris.
As specified by Slamaris, during the same month a robbery of 8 ethers, or $ 3,200, of some vulnerable accounts was detected; while during this week Slamaris and the researcher Johannes Ullrich of Storm Center registered a new campaign of portfolio scanning, before which they warn that it is fundamental for those who execute nodes with the JSON-RPC interface that disable the proxy requests using filters as intermediaries to only receive approved clients.
One of the main security recommendations for cryptoactive users is not to include access information to their portfolios in the network, since it is vulnerable to being obtained by hackers. All access pins and private keys must be recorded on paper, physically, and stored in a safe place. Also, do not store the cryptoactives in exchange houses or online sites, but in private portfolios, which are nothing more than applications or interfaces that allow you to visualize the blockchain assets that are owned.