New Cryptojacking Campaign Infects Asia Using More Profitable Tactics

New Cryptojacking Campaign Infects Asia Using More Profitable Tactics
ôîòî ïîêàçàíî ñ : bitcoinmagazine.com

2019-4-27 22:07


Cryptojacking — the process of infecting computers with malware to mine cryptocurrency — has declined alongside prices during cryptowinter. But like any dextrous organism facing extinction, the virus and its propagators are adapting.

According to a report by cybersecurity analytics firm Symantec, cryptojacking incidents have plummeted 52 percent since January 2018, but the method of delivery, the execution and the targeting schemes have grown more sophisticated.

Specifically, Symantec’s latest report focused on Beapy, a cryptojacking campaign sweeping through Asia by taking specific aim at business and enterprise. Using a software exploit called EternalBlue, which was developed by the United States’ own NSA, the virus is spread via email. Symantec first tuned into the growing threat in January of this year.

With infection rates spiking in March and continuing an exponential upward trajectory since, the firm has concluded that, based on the virus’s infection route, “it was probably always intended to spread throughout enterprise networks.” Described as a “worm” by the report, the virus effectively infiltrated vulnerable devices and, using a matrix of cyber tunnels, bored its way into devices connected to the same server or network.

“This campaign demonstrates that while cryptojacking has declined in popularity with cyber criminals since its peak at the start of 2018, it is still a focus for some of them, with enterprises now their primary target,” the introduction to the report asserts.

Graph courtesy of Symantec

Some 98 percent of infected parties are enterprise related, the report continues, mirroring 2018 trends in ransomware attacks wherein a drop in overall threats corresponded with an increase in enterprise-focused infections. These attacks, Symantec Threat Intelligence Analyst Allan Neville told Bitcoin Magazine, can “[render] some devices unusable due to high CPU usage.”

China has become the main target of this particular attack, dwarfing all other affected countries with a staggering 83 percent share of all infections. Other afflicted countries include Japan, Vietnam, South Korea, Hong Kong, Taiwan, Bangladesh, Philippines and — the only two outside of the Eastern Hemisphere — Jamaica and Japan.

Virus Infection Strategy

The virus was initially spread through Windows devices via an infected Excel spreadsheet. Once opened, the spreadsheet would create a backdoor into the computer’s OS, making use of the DoublePulse exploit that was leaked in the same batch of cyber tools that gave the attackers the EternalBlue vector for their operations.

Exploiting a weak point in Windows’ Server Message Block protocol, the files containing the virus could then be spread “laterally across networks.”

The mining malware also commandeered credentials, such as passwords and usernames, from infected devices to spread to other computers in a network. Moreover, the firm found versions of Beapy on a public-facing web server, using a list of IP addresses connected to this server to create a hit list of potential victims.

More Upside Than Before

One of the study’s most interesting findings is that Beapy is unlike the run-of-the-mill cryptojacking malware most often employed when infections were at their zenith in early 2018.

Most of these campaigns employed browser-based miners. These viruses largely leveraged the Coinhive protocol, a non-malicious software implementation that was employed by such sites as UNICEF, allowing its website visitors to voluntarily mine Monero for charity through their browsers upon visiting the site. Coinhive shuttered operations in March of 2019, and this, coupled with Monero’s steep depreciation in the bear market, likely led to a steady decline in cryptojacking, the report surmises.

Beapy, however, doesn’t rely on browser mining, opting instead for a much more lucrative and complex file mining approach. Unlike browser mining, file mining is more resource efficient and makes for a greater haul: the average 30-day return for this technique, for instance, could net the virus’s blackhats $750,000, making the browser mining alternative’s return seem paltry at $30,000.

Image courtesy of Symantec

Despite it being on the rise, “file-based coinmining isn’t new,” Neville told Bitcoin Magazine; it’s just “taken a back seat to browser-based coinmining the past couple of years” due to the fact that browser-based mining cryptojacking takes less technical skill.

“The launch of Coinhive — with its ready made scripts — lowered this barrier even further,” he added.

Furthermore, even if a computer is patched against the virus, they will still execute browser mining if they visit a site “that has coin-mining code injected into it.”

Neville clarified that it’s “too early to tell if we’ll see a resurgence in file-based mining compared to browser-based mining.” Still, as detection and protection against Coinminers improves, cyber criminals will look toward “alternative revenue sources.”

“As cyber criminals hone their tactics, we’ve also seen that their approach becomes more targeted.”

Defending Against the Threat

The report ends by listing the side effects of such cryptojacking infections, including device overheating and excessive battery consumption, which can lead to device degradation and spikes in electricity costs.

It also details the precautions that companies can take to insulate against such attacks. On the hardware and software side, companies can employ security solutions “to guard against single-point failures in any specific technology or protection method,” including firewalls and vulnerability assessments; robust passwords and multi-factor authentication are also a bonus.

On the employee side, education is key. In addition to basic cyber hygiene, the report prescribes lessons on what cryptojacking is and how to spot it, like watching for spikes in CPU usage and a battery drain. Neville reiterated many of these points at the end of our correspondence.

“Beyond ensuring that employees receive regular training to recognize and report phishing emails used to deliver malware, businesses should implement overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This includes deployment of endpoint, email and web gateway protection technologies, as well as firewalls and vulnerability assessment solutions. It’s also crucial to keep these security solutions up to date with the latest protections and ensure systems are protected against exploits such as EternalBlue.

This article originally appeared on Bitcoin Magazine.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Global Cryptocurrency (GCC) íà Currencies.ru

$ 0 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: 0.00 %
Cåãîäíÿ L: $0 - H: $0
Êàïèòàëèçàöèÿ $0 Rank 99999
Öåíà â ÷àñ íîâîñòè $ 0.0024692 (-100%)

mining cryptojacking virus report against symantec cyber

mining cryptojacking → Ðåçóëüòàòîâ: 90


Ôîòî:

Cryptojacking: Malicious Cryptocurrency Mining Is not a Crime, Japanese Court Rules

A court in Japan has acquitted an individual accused of embedding a cryptojacking malware in his website to surreptitiously mine cryptocurrency using the computing power of the visitors to the site. Local Japanese media platform, The Mainichi reports that the court ruled that such activity wasn’t a criminal offense. Meanwhile, Internet security experts continue toRead More

2019-3-29 20:00


Ôîòî:

The Rise of Cryptojacking: Prevent it, Detect it and Recover from the Malware

As cryptocurrencies grew in acceptance as well as value and cryptocurrency mining became a lucrative business, cryptojacking has become the latest jackpot for cybercriminals. Thousands of websites globally that are operated by government agencies and the most recognized organizations are compromised by malicious con artists who harvest their victims’ CPU power for covert mining operations.

2019-3-16 12:00


Amid Massive CoinHive Cryptojacking on Microsoft Platform, Company Removes Eight Free Apps

Most of the stories in the media about cryptojacking and hacking are due to a vulnerability in a crypto exchange or simply highly advanced hackers. However, in a new report by Symantec, Microsoft has been the victim of the presence of a surreptitious Monero mining code on multiple applications. As such, Microsoft has since removed […]

2019-2-16 00:12


Ôîòî:

Cryptocurrency mining malware has become self-aware (kinda)

A common form of cryptocurrency mining malware has evolved and is now able to switch off security services to continue mining without being detected. Security researchers at Palo Alto Networks’ Unit 42 discovered that the malware used by cryptojacking group “Rocke” is able to gain administrative privileges to Linux-based cloud servers and uninstall vital security programs.

2019-1-17 18:18


Cryptojacking Outpaces RansomWare As The Biggest International Cyber Security Threat Per Kaspersky Lab

Move Over RansomWare – The Biggest International Cyber Threat Is Rapidly Becoming Illegal Cryptocurrency Mining Is Fast Taking Over The Number One Spot With the increasing growth of literacy in using computers, this means that over a billion people every year are learning to get online. But with that comes an increasing number of people […]

2018-12-15 22:56


Ôîòî:

Hackers Recycle old Ransomware for new Crypto Malware

Cybersecurity experts at Fortinet and Kaspersky have discovered new cryptocurrency malware that has been developed using updated versions of known ransomware according to September 5, 2018, reports. Cryptojacking Malware If you have been following blockchain media, you will be aware of the aggressive surge in cryptocurrency mining malware that allows hackers to implement code into a website that mines cryptocurrency...The post %%POSTLINK%% appeared first on %%BLOGLINK%%.

2018-9-10 19:00


Ôîòî:

Mozilla to Roll out New Features in a Bid to Tackle Illicit Cryptomining and Third-Party Trackers

According to a press release published on August 30th, Mozilla Firefox revealed it will making some forward-thinking changes over the course of next three months, including blocking unconsented crypto mining activities, countering data breaches and preventing threat actors from performing conducting nefarious activities.

2018-9-2 10:00


Report: Fraudulent Monero Mining Generates $100K Per Month for Hackers

A German university released a cryptocurrency mining-centric report, Aug. 14, noting a rise in revenue generated by illegal mining software, despite the fall in “cryptojacking.” Coinhive Faces the Heat Again As reported by Digital Trends, RWTH University in Aachen, Germany, has presented a detailed account of the infamous, browser-based miner Coinhive being used to produce over $250,000 […] The post Report: Fraudulent Monero Mining Generates $100K Per Month for Hackers appeared first on CryptoSlate.

2018-8-17 12:00