It is one of the most critical of digital infrastructures – update servers – thus vendors need to be EXTREEEEMELY careful how they run their update servers.
  • they could get hacked and their downloads and updates get virus and backdoor infected (it happened many times before)
  • users: always check your md5sum and sha256sum and pgp verify prior to running anything you downloaded
    • if an attacker has access to the server, md5sums and sha256sums won’t help, because they (probably) will be changed too
  • the update process itself, also needs to be made as secure as possible
    • only allow properly signed updates?
    • transfers ONLY over encrypted channels such as SSL
  • DDoS protection
  • DNS redirection attacks?
    • only use fixed ips for your update servers, do not rely on DNS! (yes it sounds terrible, but i think it could help)
… or otherwise hackers can attack the original update server and present the world with their own update server – maybe even triggering an automatic or semiautomatic update process – with catastrophic consequences for it’s users.
in times of „Let’s Encrypt“ i REALLY DO NOT UNDERSTAND why even the official debian update servers are not reachable with a proper SSL certificate, it is rather tricky to work around this.

3x deadly mistakes with crypto currencies, leadingtrader.com’s free advice

… also you get un unique look at Teheran (Iran)

  • never put any money in cryptocurrency than you can stand to lose
  • move away bitcoins from exchange to wallet (exchange could get hacked, but as you see here wallets also can get evil updates)
  • always have an exit strategy (stop loss?)
„Electrum is a lightweight digital Bitcoin wallet for Windows, Mac, Android, and Linux.  It is Crypto Connection’s preferred wallet next to the Ledger Nano S.   It is estimated that around 10% of total bitcoin transactions are made using Electrum“ (src: cryptocoinconnection.com)

Public servers for the community Electrum, for several days, with interruptions due to a DDoS attack. Apparently, the attackers took this action to force users to download infected version of bitcoin wallet, hosted on a specially crafted sites.

According to reports, the current attack is using a botnet, which was built on the basis of custom malware that simulates a connection Electrum client. In creating the DDoS traffic at the application level participate 150-300 thousand unique hosts (IP-addresses). Some of the attacked servers, the intensity of the garbage stream was 25 Gbit/s.

The ultimate goal of attackers is to steal the cryptocurrency. They raised their own Electrum server, which placed tabakwaren version of the wallet.

  • When you connect to this node
  • the user is prompted to update the client
  • but after installing „updates“ the victim’s wallet instantly becomes empty

According to estimates, the attackers have managed to steal millions of dollars in cryptocurrency; one of the victims lost almost $140 thousand

A similar campaign against Electrum attackers held at the end of last year, but at the time they posted your update on GitHub, and the source was quickly blocked. Prevent clicks on malicious links helped specialized Google SafeBrowsing service. The developers of Electrum also took measures of protection, in particular, created a patch that allows the blockchain to the server will display an outdated, vulnerable clients offline. For proper functioning of the Electrum wallet takes 8-10 compounds, and the high probability that one of these servers comes with a new feature.

It seems that the initiators of this campaign took into account the changes on the service and the mistakes of their predecessors (unless it is the same person). Instead of a GitHub repository they use dummy Electrum-server — defenders were more than 200 domains distributing the malware. Slowly updating blacklists SafeBrowsing this time proved to be ineffective. In addition, the criminals try to limit the number of legitimate Electrum servers through DDoS attack. The more they fail, the higher the probability of the client to a malicious node.

It is noteworthy that the threat of infection is relevant only for users of older versions of Electrum (below 3.3). Unfortunately, the service there is no auto-update mechanism, and vulnerable clients on the network much that only at the hands of cyber criminals.

Owners of the newest versions of the wallet is currently only care about problems connecting to the service. Administrators shall make every effort to reduce the damage from a DDoS attack and hope to recover in the coming days. The Electrum developers also prepared a patch, limiting the consumption of resources to IP addresses.

Users are advised to deactivate the automatic connection and limit attempts to open a session with one server better than your own. At the moment, bearable the next available TLS-nodes:

  • electrum.hodlister.co:50002
  • electrum.hsmiths.com:50002
  • ecdsa.net:110
  • dxm.no-ip.biz:50002
  • btc.jochen-hoenicke.de:50002

Those who have not upgrade Electrum client should not rely on unsolicited tips: updates should always be downloaded only from official sources — in this case from the website of Electrum (electrum.org) or from the GitHub repository spesmilo/electrum.

Source: https://threatpost.ru/electrum-servers-hit-by-a-ddos-attack/32195/

admin