Late last year, cybersecurity company Kaspersky discovered a new malware called “
NKAbuse
,” a type of threat that attacks the blockchain, the public record of transactions on which cryptocurrencies operate.
This malware allows attackers to gain unauthorized access to other people's information and,
among other things, can lead to the theft of assets.
This is an advanced threat that operates on NKN, a blockchain connectivity protocol, and was detected during the response to a recent incident by the Kaspersky Global Research and Analysis Team (GReAT).
It uses peer-to-peer communication to give criminals
control of the infected computer.
During the response to a recent incident, Kaspersky experts discovered new malware that exploits NKN technology, a peer-to-peer (blockchain-oriented) network protocol known for its decentralization and privacy.
The malware was detected in Vietnam first, but then in
Colombia
and
Mexico
, which is why it is already circulating in Latin America and could be seen in
Argentina
.
Here, what this attack is about, how it abuses the blockchain and what precautions to take to avoid falling into the clutches of attackers.
What is the NKN protocol and how does NKAbuse attack?
The philosophy with which the blockchain was created, by its nature, tends to promote greater financial inclusion
NKN stands for New Kind of Network, or New Type of Network. It is “a decentralized, open source and anonymous peer-to-peer connectivity protocol.
It aspires to be the protocol equivalent to
TCP/IP but in blockchain
, acting as an independent layer of any underlying communication protocol,” Alfonso Martel Seward, Head of Compliance of the Argentine virtual wallet Lemon, explains to Clarín.
That is, what this protocol does is connect different devices through the Internet, using the blockchain, which is a kind of digital ledger that records all the transactions and operations that are carried out on the network, where what is sought is “ incentivize the sharing of network resources by
tokenizing network connectivity
and data transmission capacity to motivate internet users to share their connections and unused bandwidth,” adds the crypto specialist.
The problem, Kaspersky warns, is that this protocol can also be abused, beyond the security it offers.
"
The implant's use of the NKN protocol
underscores its advanced communication strategy, enabling decentralized and anonymous operations, as well as leveraging the NKN blockchain features for efficient and stealthy communication between infected nodes and C2 servers. This approach complicates detection and mitigation efforts," says Lisandro Ubiedo, security researcher on the Russian company's Global Analysis and Research Team.
“NKAbuse is a hybrid implant that serves as a backdoor/RAT and
flooder
, making it a versatile dual threat that provides attackers with unauthorized access to victims' systems and allows them to covertly execute commands, steal data and monitor activities,” they explained from Kaspersky.
A
flooder
is, as its word indicates, “a tool that is used to send many messages on a certain channel and thus cause, for example, a Distributed Denial of Service (DDoS) attack,” he clarifies. Martel Seward.
“This can congest the network, causing transactions to queue up and fees to increase if you want to give it priority.
In turn, if this
hits a smart contract
that needs information from an oracle, if the search for that data is not continuous, it can cause transactions to appear with lower prices and this can have some impact with a flash
attack loan
also [see here],” he adds.
“This capability is especially valuable for espionage and data exfiltration.
At the same time, as
a flooder
, it is capable of launching destructive DDoS attacks, overwhelming and interrupting specific servers or networks, significantly impacting the operations of organizations,” Kaspersky adds.
What this malware does and how it can steal assets
Remote control of the equipment.
/Shutterstock
According to the research, once this malware is installed on the victim's computer, the attacker can take screenshots, manage files, retrieve system and network information,
as well as execute system commands
.
“All the collected data is sent to its botmaster (the attacker who controls the malware) through the NKN network, using decentralized communication to achieve a stealthy and efficient attack,” they explain.
As for how it enters a computer, “the NKAbuse infiltration process begins by exploiting an old remote code execution vulnerability [that is, “remote” access by an attacker to another computer], allowing attackers to obtain the control of affected systems.
Once they have it,
the malware downloads an implant to the victim's host
, which is initially placed in the temporary directory for execution."
The malware is written in the Go language in part because this allows cross-platform compatibility, “making it easier for NKAbuse to target various operating systems and architectures,
including desktop Linux and IoT devices
.”
“This programming language improves implant performance, particularly in network applications, ensuring efficient and concurrent processing.
In addition, Go's ability to produce autonomous binaries simplifies implementation and improves robustness, making NKAbuse a formidable tool
in the field of cybersecurity threats
,” they say from the cybersecurity company.
How to avoid these attacks
"Do your own research", crypto maxim.
AFP Photo
Although there are various security issues to take into account when operating in the blockchain, a starting point is to understand that there is no absolute security, but rather relative to each scenario.
In this sense, in the crypto and blockchain world there is a maxim: “Do Your Own Research” (DYOR), or “do your own research.”
This refers “not only to investment research, but also to understanding and applying sound security practices.
Just as the ethos of blockchain tends to enhance the freedom of the person,
it is also their responsibility to take care of themselves
,” they explain from Lemon.
Here, they shared with Clarín some tips to take into account when operating in the blockchain, a technology that is famous for being “very secure” but that, at the end of the day, can have the user and their carelessness as the weakest link. .
1.
Continuing education:
The first step in blockchain security is to constantly educate yourself.
Understanding how cryptocurrencies and blockchain technology work allows you to identify potential risks.
2.
Use of secure wallets and/or secure platforms
: I chose secure wallets.
There are two main types: cold (offline) and hot (online).
Cold wallets offer greater security for long-term storage but also require certain security care by the user, while hot wallets are useful for daily transactions and security depends on the company's mechanisms.
In turn, investigate which exchange you are going to operate on, who its founders are, what the objective of the project is, what they have done in terms of security, if they were hacked, etc.
3.
Two-Factor Authentication (2FA)
: Always have two-factor authentication activated in your accounts.
This adds an additional layer of security, ensuring that only you can access your funds.
4.
Strong and unique passwords
: Use strong and unique passwords for each platform.
Avoid reusing passwords and consider using a password manager.
5.
Beware of scams and phishing
: Be aware of scams and phishing attempts.
Don't believe in opportunities for sky-high returns;
If something sounds too good to be true, it probably isn't.
6.
Secure backups:
Make backup copies of your private keys and other important information.
Never store private keys on your computer or online without proper encryption.
7. Transaction Verification:
Check and re-verify sending and receiving addresses during transactions.
A small mistake can result in the loss of funds.
A cyber attack is also very fashionable in which, when you copy a public address, a different one is copied;
Make it a habit to at least compare the first and last 4 digits of the wallet they sent you before completing the shipment.
8. Conscious investment:
Invest consciously. It is important that you understand the risks associated with any platform or asset in which you invest.
Remember to look at who the founders are, the reason for the project, how it works, the contract and its functionality.
From Kaspersky, on the other hand, they add "regularly updating the operating systems, applications and antivirus software of all devices used to correct any known vulnerabilities."
Something that the average user does not do: in general, updates are pushed to a “later” time that, in practice, can mean weeks of being unprotected.
SL