With Hack of NiceHash Exchange, Bitcoin Security Concerns Grow

Today’s topics include a costly security breach of Bitcoin exchange site NiceHash; Microsoft and ESET working with law enforcement to disrupt the Gamarue botnet; Apple updating its macOS and iOS operating systems to fix security vulnerabilities; and IBM introducing its first Power9 servers designed for AI and deep learning.

Bitcoin exchange site NiceHash publicly revealed Dec. 7 that it was the victim of a security breach. Although NiceHash has not publicly disclosed the number of lost Bitcoins, Reuters reports 4,700 Bitcoins were stolen.

The value of Bitcoin has surged dramatically of late, with prices ranging from $15,000 to a high of $20,000 last week, putting the value of the theft in the range of $70.5 million to $94 million.

In a statement, NiceHash said, "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency." NiceHash has not publicly disclosed how its site was breached, but the firm has recommended that users change their online passwords to limit additional risk.

Microsoft and security firm ESET announced that they have been cooperating with international law enforcement agencies for more than a year to disrupt a sprawling botnet known as Gamarue.

Known on internet underground marketplaces as the Andromeda bot, Gamarue is a modular crimeware kit that comes with a tool for building malware binaries, or bots, that can then infect computers. Additional software can be purchased to add keylogging, grab Web form details and remotely take over compromised machines.

The software has mainly been used to steal login credentials and to install additional malware, and has infected, or attempted to infect, an average of over 1 million machines each month. Primarily targets include India, Indonesia, Turkey, the Philippines and Mexico.

Apple last week released macOS High Sierra 10.13.2, a security update that patches multiple issues in the desktop operating system, as well as provided details on its iOS 11.2 update.

According to Apple, the primary fix in the macOS 10.13.2 update was a Directory Utility issue, in which "[an] attacker may be able to bypass administrator authentication without supplying the administrator’s password. A logic error existed in the validation of credentials. This was addressed with improved credential validation," Apple said.

The flaw’s impact is quite severe, as any local user on a macOS system get root access without the need to enter a password. In addition to the macOS update, Apple also provided details on the security content of the iOS 11.2 update, which became generally available on Dec. 2.

IBM has introduced the first servers based on its Power9 processor and armed with an interconnect technology designed to accelerate the movement of data between the IBM processor and GPUs from Nvidia.

IBM has optimized the Power9 chip and the latest Power Systems Servers for the artificial intelligence and deep learning spaces, offering organizations the infrastructure foundation needed to run their data-intensive AI, data analytics and high-performance computing workloads.

Bob Picciano, senior vice president of IBM Cognitive Systems, said, “In addition to arming the world’s most powerful supercomputers, IBM Power9 Systems is designed to enable enterprises around the world to scale unprecedented insights, driving scientific discovery [and] enabling transformational business outcomes across every industry.”