In the last year or so, we have seen a massive increase in the value of cryptocurrencies and the emergence of hundreds of new coins and ICOs, getting millions of people into an investment frenzy. A lot of them being non-technical regular consumers that rushed to create new accounts in the most popular crypto exchanges like Coinbase or Bitstamp. Crypto exchanges are naturally appealing for attackers and have been targeted since as long as we can remember. However, since last year, they are also being targeted by Man-in-the-Browser (MITB) attacks. Malware families such as Zeus Panda, Ramnit and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. In this talk, we will detail how these attacks work, from account takeover to moving out the coins to attacker-controlled wallets. We’ll discuss current defenses e.g. multi-factor authentication or strong SSL encryption and why they are failing to mitigate this type of attacks.
Дата: 15.11.2018. Категории: