New attack on the blockchain: why crypto platforms are not 100% safe and how to protect yourself

Late last year, cybersecurity company Kaspersky discovered a new malicious program called “NKAbuse”, a type of threat that attacks the blockchain, the public ledger of transactions in which cryptocurrencies work. This malware allows attackers to provide unauthorized access to other people’s information and, Among other things, this can lead to the theft of goods.

This is an advanced threat that operates on NKN, a blockchain connectivity protocol, and was detected during the response to a recent incident by the Kaspersky Global Research and Analysis Team (GReAT). Use peer-to-peer communication to deliver to criminals control of the infected computer.

While responding to a recent incident, Kaspersky experts discovered new malware that leverages NKN technology, a peer-to-peer (blockchain-oriented) network protocol known for its decentralization and privacy. The malware was first detected in Vietnam, but then also in Vietnam Colombia AND Mexicowhich is why it is already circulating in Latin America and could be seen Argentina.

Here is what this attack consists of, how it abuses the blockchain and what precautions to take to avoid falling into the clutches of attackers.

What is the NKN protocol and how does it attack NKAbuse?

NKN stands for New Kind of Network, or New Type of Network, and is “a decentralized, open source, and anonymous peer-to-peer connectivity protocol. It aspires to be the equivalent protocol to TCP/IP but on blockchainacting as an independent layer from any underlying communication protocol,” Alfonso Martel Seward, head of compliance at the Argentine virtual wallet Lemon, explains to Clarín.

That is, what this protocol does is connect different devices across the Internet, using the blockchain, which is a sort of digital ledger that records all the transactions and operations carried out on the network, where what is sought is “to encourage the sharing of resources network from tokenize connectivity of network and data transmission capacity to motivate Internet users to share their connections and unused bandwidth,” adds the encryption specialist.

The problem, warns Kaspersky, is that this protocol can also be abused, beyond the security it offers. “The facility’s use of the NKN protocol highlights its advanced communication strategy, enabling decentralized and anonymous operations, as well as leveraging NKN’s blockchain capabilities for efficient and stealthy communication between infected nodes and C2 servers. This approach complicates detection and mitigation efforts,” says Lisandro Ubiedo, a security researcher at the Russian company’s Global Analysis and Research Team.

“NKAbuse is a hybrid implant that acts as a backdoor/RAT e floodermaking it a versatile dual threat that provides attackers with unauthorized access to victims’ systems and allows them to surreptitiously execute commands, steal data and monitor activities,” Kaspersky explained.

A flooder (“flooder” in English) is, as the word indicates, “a tool used to send many messages in a certain channel and thus cause, for example, a Distributed Denial of Service (DDoS) attack”, explains Martel Seward. .

“This can congest the network, causing transactions to queue and increase fees if you want to prioritize them. In turn, if this reaches a smart contract that needs information from an oracle, if the search for such data is not continuous, it can bring up transactions with lower prices and this can have some impact with a hacking attack. flash loan Also [ver acá]”, he adds.

“This capability is particularly valuable for espionage and data exfiltration. At the same time as flooderis capable of launching destructive DDoS attacks, overwhelming and disrupting specific servers or networks, significantly impacting organizations’ operations,” adds Kaspersky.

What this malware does and how it can steal resources

According to research, once this malware is installed on the victim’s computer, the attacker can take screenshots, manage files, restore system and network information, as well as executing system commands.

“All collected data is sent to the botmaster (the attacker who controls the malware) via the NKN network, using decentralized communication to achieve a stealthy and efficient attack,” they explain.

As for how it enters a computer, “NKAbuse’s infiltration process begins by exploiting an old remote code execution vulnerability.” [esto es, acceso “a la distancia” de un atacante a otro equipo], allowing attackers to gain control of affected systems. Once they have it, the malware downloads an implant onto the victim’s hostwhich is initially placed in the temporary directory for execution.”

The malware is written in the Go language in part because this allows for cross-platform compatibility, “making it easier for NKAbuse to target multiple operating systems and architectures, including Linux desktops and IoT devices”.

“This programming language improves plant performance, particularly in network applications, by ensuring efficient and simultaneous processing. Additionally, Go’s ability to produce self-contained binaries simplifies implementation and improves robustness, making NKAbuse a formidable tool. in the field of cybersecurity threats“, they say from the cybersecurity company.

How to avoid these attacks

While there are several security issues to consider when operating blockchain, one starting point is to understand that there is no such thing as absolute security, but rather security relative to each scenario.

In this sense, in the world of cryptocurrencies and blockchain there is a maxim: “Do Your Own Research” (DYOR). This refers “not only to investment research, but also to understanding and applying sound security practices. Just as the ethics of blockchain tend to strengthen the freedom of the individual, It is also her responsibility to take care of herself.“, they explain from Lemon.

Here they shared with Clarín some tips to take into consideration when operating in blockchain, a technology famous for being “very secure” but which, ultimately, can have the weak link in the user and his inattention. .

1. Continuous training: The first step towards blockchain security is to constantly inform yourself. Understanding how cryptocurrencies and blockchain technology work allows you to identify potential risks.

2. Use of secure wallets and/or secure platforms: I chose safe wallets. There are two main types: cold (offline) and hot (online). Cold wallets offer more security for long-term storage but also require some attention from the user, while hot wallets are useful for daily transactions and security depends on the company’s mechanisms. In turn, investigate which exchange you will operate on, who are its founders, what is the goal of the project, what they have done in terms of security, whether they have been hacked, etc.

3. Two-factor authentication (2FA): Always enable two-factor authentication on your accounts. This adds an extra layer of security, ensuring that only you can access your funds.

4. Strong and unique passwords: Use strong, unique passwords for each platform. Avoid reusing passwords and consider using a password manager.

5. Beware of scams and phishing: Be careful of scams and phishing attempts. Don’t believe in the opportunities for very high returns; If something seems too good to be true, it probably isn’t.

6. Secure backups: Create backup copies of your private keys and other important information. Never store private keys on your computer or online without proper encryption.

7. Transaction verification: Check and double-check shipping and receiving addresses during transactions. A small mistake can result in loss of funds. Also very fashionable is a cyber attack in which, when a public address is copied, a different one is copied; Get into the habit of comparing at least the first and last 4 digits of the wallet they sent you before completing the shipment.

8. Conscious investment: Invest consciously: It is important to understand the risks associated with any platform or asset you invest in. Remember to look at who the founders are, the reason for the project, how it works, the contract and its functionality.

From Kaspersky, however, they add “regularly updating the operating systems, applications and antivirus software of all devices used to correct any known vulnerabilities”.

Something the average user doesn’t do: updates are typically postponed until a “later” time which, in practice, can mean weeks without protection.