As the market is facing a bull rundown toward the end of the year hackers have stepped up their game to take advantage of the opportunities. They have started using an aggressive technique to mass internet scan!
bitBoin scans
Here are a few bitCoin scans that are trying to detect server paths for file names specific to your bitCoin wallets:
- wallet - Copy.dat
- wallet.dat
- wallet.dat.1
- wallet.dat.zip
- wallet.tar
- wallet.tar.gz
- wallet.zip
- wallet_backup.dat
- wallet_backup.dat.1
- wallet_backup.dat.zip
- wallet_backup.zip
These scans are not new and have been around, but the noticable thing about them is how many scans are going on right now, there have been an over scanning activity that has never been seeing before.
ethereum scans
Hackers are also scanning for file paths specific to ethereum vWallets as well. They are using blind requests to JSON-RPC interface of ethereum nodes.
This type of program activity happens on a clients local computer or device, the API for ethereum is only exposed locally. The activity of moving and exchanging funds is where the vulnerability lies.
If you are running ethereum nodes you need to disable the JSON-RPC interface's inbound queries or proxy requests via an intermediary server so that you can authorize only approved transactions between both parties.