• Blog
  • Partners
    • Overview
    • Partner Resource Center
  • Customer Login
    • North America
    • Europe
  • Support
Alert Logic
  • Why Alert Logic
    • Overview
    • Full Stack Security
    • Experts Included
    • Built For Cloud
    • Success Stories
    FEATURED CASE STUDY
    Wealth Wizards Featured Case Study - Customers Nav
    WealthWizards

    "We chose Alert Logic because we can be safe in the knowledge that we've got experts looking at our network activity 24/7 when we're not able to do it."

    Richard Marshall
    Head of Platform

  • Solutions
    • Solutions
    • Solutions Overview
      Security-as-a-Service Offerings
    • Cloud Defender
      Managed Cloud Security
    • Cloud Insight Essentials
      AWS Vulnerability Management
    • Log Manager & Log Review
      Log Correlation & Analysis
    • Web Security Manager
      Web Application Firewall
    • Threat Manager
      Network Intrusion Detection
    • ActiveWatch
      Managed Services
    • Use Cases
    • Assess
    • Detect
    • Block
    • Comply
    • Environments
    • Amazon Web Services
    • Microsoft Azure
    • Google Cloud Platform
    • Hybrid

    Full-Stack Security.
    Experts Included.
    Built For Cloud.

    Schedule Demo
  • Resources
    • Resource Library
    • Blog
    • Industry Reports
    • Cloud Security Report 2017
    • Case Studies
    • Security Checklists
    • Datasheets
    • ActiveIntegration API
    • Infographics
    • Webinars
    • Whitepapers
    • Videos
    • Help Center
    Alert Logic CLoud Security Report 2017 - Download Here
    Download Report
  • About Us
    • OVERVIEW:
    • About Us
    • Leadership
    • Board of Directors
    • Investors
    • Awards
    • Corporate Compliance
    • MEDIA & EVENTS:
    • Press Releases 
    • Media Coverage
    • Events
    • Cloud Security Summit
    • SUPPORT:
    • Community
    • Alert Logic Docs
    • Learn
    • Knowledge Base
    • CAREERS:
    • Alert Logic Careers
    • Alert Logic Jobs
Contact Sales

Close
  • Home
  • Why Alert Logic
    • Overview
    • Full Stack Security
    • Cyber Security Experts Included
    • Built For Cloud
  • Solutions
    • SOLUTIONS
    • Alert Logic® Cloud Defender®Managed Cloud Security Solution
    • Alert Logic® ActiveWatch™ActiveWatch Managed Detection & Response
    • Alert Logic® Web Security ManagerManaged Web Application Firewall (WAF)
    • Alert Logic® Threat Manager™Network Intrusion Detection System (IDS)
    • Alert Logic® Cloud InsightAWS Vulnerability Scanning
    • Alert Logic® Log Manager™Log Management Software
    • Compliance
    • USE CASES
    • Assess
    • Detect
    • Block
    • Security Compliance
    • ENVIRONMENTS
    • AWS Security
    • Microsoft Azure Security
    • Google Cloud Security
    • Hybrid Cloud Security
  • Partners
  • Resources
    • Resource Library
    • Blog
    • Industry Reports
    • Cloud Security Report 2017
    • Case Studies
    • Webinars
    • Whitepapers
    • Security Checklists
    • Datasheets
    • ActiveIntegration API
    • Infographics
    • Videos
    • New Economics of Cloud Security
    • Support
  • About Us
    • About Us
    • Leadership
    • Board of Directors
    • Investors
    • Awards
    • Corporate Compliance
    • Press Releases 
    • Media Coverage
    • Events
    • Alert Logic Careers
    • Alert Logic Jobs
    • Cloud Security Summit
    • LEARN
  • Support
  • Contact Us
  • Home
  • ShapeShift.io Breached by Former Employee

ShapeShift.io Breached by Former Employee

This week, we hear the latest on ShapeShift.io Breached by Former Employee and New Malware ‘GozNym’ Discovered by IBM Security Researchers.

Breach

ShapeShift.io Breached by Former Employee

ShapeShift.io, a Bitcoin exchange website, was hit by a security breach on April 7, which forced the website to suspend its operations indefinitely. The breach compromised the website’s server infrastructure which threatened the integrity of all transactions on the platform. ShapeShift decided to suspend all operations in order to replace the server infrastructure and to make sure nothing is amiss. ShapeShift has been working to fix vulnerabilities, patch possible attack vectors, and resolve customer refunds in a timely manner. As of April 19, ShapeShift’s website is still down for maintenance.

ShapeShift also launched an investigation with the help from Ledger Labs into who the actors behind this event were and how they managed to infiltrate ShapeShift’s systems. On April 13, ShapeShift CEO Erik Voorhees posted on Reddit “Since the investigation into the ShapeShift hack last week started, we had suspicion that someone previously on the team was involved, and that this person assisted an outside hacker. We are confident now that is indeed the case.” Voorhees has not released who this former employee is, but is currently in the midst of a civil suit related to this case. 

References: Digital Currency Exchange ShapeShift Claims Hack Was Inside Job | ShapeShift Bitcoin Trader Hack Was Inside Job, Says CEO | ShapeShift Update: Security Breach Could be an Inside Job

Mitigation Strategies:

  • Security Operations Center team provides around-the-clock security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log Management could detect any suspicious user account activity

Malware

New Malware ‘GozNym’ Discovered by IBM Security Researchers

The IBM X-Force research team has uncovered a new hybrid Trojan, dubbed ‘GozNym’, that is a combination of the known Nymaim dropper and Gozi financial Malware. The Malware has been used to attack 24 different banks, credit unions, e-commerce platforms and retail banks in the United States and Canada since the start of April, and purportedly has stolen over $4 million from its victims. This Malware is especially dangerous because it targets the actual customers, lying dormant on their computers until the user logs into their bank account, at which point the Trojan steals their sensitive information. The new hybrid Malware leverages the stealth and persistence of the Nymaim dropper and parts from the Gozi ISFB Malware enable the Trojan to commit fraud via infected Internet browsers.

According to IBM, the ‘GozNym’ sample they investigated can currently be detected by most major antivirus vendors based on its signature. Despite this, it is clear that bad actors are constantly searching for new zero-day exploits to leverage due to the increased number of modifications and variations being observed and the fact that security bypass and antivirus evasion mechanisms are constantly changing.

References:  New malware GozNym is stealing millions from U.S. bank account holders | New GozNym banking malware steals millions in just days | Hybrid Trojan “GozNym” Targets North American Banks

Mitigation Strategies:

  • IDS Signatures would detect the intrusion, network anomalies, and possible data leakage.
  • Network traffic analysis to detect data exfiltration.
  • Web Application Firewalls (WAFs) could detect malicious activity attempting to penetrate web apps.

Top 20 IP Addresses

69.195.129.72 208.100.26.231
188.118.2.26 46.109.168.179
118.170.130.207 81.183.56.217
114.44.192.128 5.9.96.162
37.237.138.30 189.80.70.97
89.36.212.162 200.103.54.26
77.93.108.32 188.227.235.22
185.25.151.159 177.133.190.8
31.184.195.114 177.193.242.148
222.186.31.188 46.119.112.23

*IP addresses provided by Recorded Future.

Contact Alert Logic
Contact Us

SCHEDULE A DEMO

Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.

Alert Logic
  • Solutions
  • Customers
  • Partners
  • Resources
  • About Us
  • Toll Free: +1.877.484.8383
  • Corporate: +1.713.484.8383
  • UK: +44 (0) 203 011 5533
  • Fax: +1.713.660.7988
  • Email: info@alertlogic.com
Alert Logic

Contact Us

United States:
844.816.1051

United Kingdom:
+44 (0) 203 011 55331

Or fill out the form below and an Alert Logic represetitive will contact you shortly.

Copyright © 2010-2018 Alert Logic, Inc.
All rights reserved. Terms of Use | Privacy Policy