25-10-18 Cyber Intelligence news

This article will give you a brief summary of the latest news related to cyber intelligence and proactive cyber security.

The bitcoin network vulnerability

Everyone knows about bitcoin, and almost everyone has their own strong opinion about it. Some love it, some hate it, but nobody is apathetic toward it.


Many people have concerns about digital currency, and what might happen if hackers were to abuse it.

Last month we saw the potential of this happening.

Bitcoins are generated by computers running complicated algorithms that require lots of computing power and resources. The people/companies who produce the bitcoins are called miners, since they ‘mine’ the Bitcoins using algorithms, then pass them along the network to what are known as nodes.
It was discovered that a Distributed-Denial-of-Service (DDoS) vulnerability had the potential to bring down the entire Bitcoin network by allowing miners to send transaction data to the nodes too many times.

This scenario would create a situation where the nodes would try to validate duplicate transaction values, causing the network to be crippled.

Taking advantage of this vulnerability requires the use real Bitcoins, which makes it a very expensive attack for small attackers, but probably not too expensive for state-sponsored attacks that have much more resources.

Luckily for us, the patch has already been released and the Bitcoin network is once again safe from the threats we know about.

Bristol Airport Ransomware Attack

During September 2018 the display screens showing the flight schedule in Bristol airport displayed a technical error with a blue screen behind it. If you remember, in a previous


podcast related to airport security we discussed multiple attacks like this in Vietnam, Iran, and more international airports.

At the time, The airport tweeted a message to its clients, saying that they were experiencing technical problems and flights were not affected by it.

A few days after getting back online, the airport spokesman revealed to the BBC that the information screens were taken offline to contain an attack similar to so-called “ransomware”.

Ransomware is a form of malware in which computer viruses threaten to delete files unless a ransom is paid.

The system went back on functioning after 3 days, during which the digital screens were replaced with good old whiteboard papers.

What caught our attention in this case is the fact the airport officially stated that a malware attack was able to break its defences and to solve the problem they paid the ransom.

So it makes one wonder, if this airport got infected by simple malware, what other surprises do they already have in their systems that they don’t know about yet?

IRS phishing campaign

The Fortiguard research team reported a sophisticated phishing campaign targeting alien, or foreign US citizens.


In law, an alien generally refers to any person who is not a citizen or national of a given country.

To begin with, the email was aimed for people who are less familiar with how the bureaucracy works. This email looked like it was officially sent by the Department of the Treasury, with a form attached aimed at non citizens living in the USA to reduce its taxes, and trying to lure the user to fill out the details.

The IRS never contacts tax payers by email, but this email was carrying what looked like an official W8 form, which is aimed at people for whom English is not thier first language. This made them an easier target, and they might not detect the small typos the email and form had.

This campaign launched from servers located in Italy, but it is unknown who was behind this attack and if those servers were just used as the distribution point by someone else from different country.

To avoid sophisticated scams like that you should pay attention to the small details.

For example, the IRS will never threaten someone that they will go to jail, or that immigration authorities will be called. You can find more details about this on their website.

The IRS released an official warning on their web site several months ago; you can read on it on their website for more details.

That’s it for this time.

Stay safe and see you at the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts and cyber intelligence.


Leave a Reply