50% of the workstations at an international airport in Europe have been infected by a cryptomining malware. The breach was discovered by researchers from cybersecurity company Cyberbit. The researchers stated that they detected the malware due to abnormal activity of the PAExec tool and Reflective DLL Loading on the infected computers.

What is cryptojacking?

Cryptojacking malware is a strain of malware that uses the computing resources of infected PCs to generate cryptocurrency for the attacker.

Cryptocurrencies are digital currencies such as bitcoin and ethereum. By dedicating computer resources for cryptomining, individuals can generate these digital currencies. Cryptojacking involves maliciously using a victim’s computer to cryptomine digital currencies for the cyberattacker without the consent of the victim.

There are many symptoms associated with cryptojacking including computer slowdowns and overheating issues. You can read more about cryptojacking in our article here.

What is PAExec?

PAExec is a program that allows a Windows computer to remotely connect to another Windows computer and execute a program without having to install it on the remote computer. The cybersecurity researchers at Cyberbit stated that PAExec was used to execute a malicious file called “player.exe” which stole the infected computers’ resources to mine a cryptocurrency called “Monero” for the cyberattacker. The cybervirus was able to avoid detection because it used a highly modified version of a previously known malware – CryptoMiner Variant #2.

Significantly, PAExec allowed for administrative code execution on the infected computers, which means that it was allowed to bypass antivirus protocols for detection.

How was the airport impacted?

It was discovered that the cryptomining malware gave the malicious program priority to use system resources. That means that infected computers would suffer from slowdowns and increases to power consumption. Both of these reduced the service quality of the airport and negatively impacted the businesses’ bottom line.

How does cryptojacking malware infect PCs?

It is not known how the computers became infected with the malware in this incident. Historically, there have been several known methods of infecting computers with cryptomining malware. Negligent employees can mistakenly install malware onto company computers by clicking malicious links in emails or visiting malicious websites. In another vein, malicious insiders can install malware deliberately. Outside attacks can involve strategies like fake emails or exploiting security vulnerabilities.

Don’t fall victim to cryptojacking. We can help you design and deploy network security solutions. Call us at +1 888 366 4443 or email us at info@gige.ca to get started today.

A cryptojacking attack has forced St. Francis Xavier University to temporarily shut down its computer network systems. The university reports that the cyberattackers attempted to use the school’s computers resources to collect digital currency.

What are cryptomining and cryptojacking?

Cryptomining is the use of computer resources to collect cryptocurrencies such as bitcoin. The act of doing this is entirely legal, and many people voluntarily use their computers to do so.

However, cryptojacking is the illegal act of installing malicious software on unsuspecting victims and using their computers’ resources to cryptomine without their consent. In cryptojacking attacks, the currency earned is then sent back to the attacker.

Risks and consequences of cryptojacking attacks include the following:

• Slow-down of normal computer functioning
• Overheating of computer graphics, processor, or memory due to overuse

There are many ways that a computer can become infected with cryptojacking malware. For instance, they can be transmitted through malicious email attachments. The DDE Exploit is an example of this, and this malware is passed through an infected Microsoft Word document.

Next, cryptojacking malware can also attach itself to your computer through malicious websites. For instance, Coinhive is a cryptomalware that can enter your computer through unprotected websites. Once it infects a pc, it then uses its resources to collect the cryptocurrency called Monero.

Finally, cryptomining malware can enter your computer though compromised cloud services. A recent incident involved numerous large organizations such as Aviva and Gemalto being infected with mining software due to cloud accounts lacking password protection.

How to protect yourself:

There are any steps that you can take to protect your organization’s network against cryptomining attacks. Firstly, you can ensure that your employees are educated in spotting malicious links and files in suspicious emails. By minimizing the human error in the equation, you will be able to reduce the risk of infection. Next, ensure that your email service has antivirus and antispam installed. These software use databases of known malicious websites and automatically block potentially harmful emails.

Ensure that your organization’s computers are running up-to-date antivirus software that blocks cryptomining programs. Finally, ensure that you constantly monitor network activity in your organization. This allows for anomalies to be spotted quicker.

Don’t fall victim to cryptomining attacks. Contact GigE at 888 366 4443 to ensure that your sensitive data is backed-up and protected.

A server is a computer that is connected to other systems in a company through either the internet or a local network, and that dedicates its resources to ‘serving’ these computers. Because of this, servers are in constant communication with all company systems, storing, processing, and communicating data. Due to the fact that they are the central nodes of an organization’s network, they are often the targets of malware attacks. This is because servers are connected to most, if not all company systems, and therefore give easy avenues for the attackers to spread their malicious software to all computers on the network. In light of this, protecting your server should be viewed as critically important when it comes to company cybersecurity.

Recent Malware Attacks that Ravaged Company Servers

On July 16^th, Algonquin College reported that its servers were affected by a malware attack on May 16^th. The infected server, they stated, contained sensitive information belonging to students, employees, and alumni. It is believed that data such as date-of-birth and home addresses of 4,568 individuals was leaked, and that the non-sensitive data of another 106,931 individuals could also have been compromised.

Another recent case of malware infecting server systems was the “Wannacry” malicious software. In 2017, this ransomware was able to lock the files of hundreds of thousands of systems behind ransom-walls. The widespread reach of the malware was attributed to the fact that it has “worm capability”, allowing it to spread to computers connected to a server without any input from the user. In other words, once this malware attached itself onto the central server of an organization, all connected systems became at-risk of infection.

Finally, the “Adylkuzz” malware also demonstrates the importance of protecting your server. This malware is categorized as “cryptomining malware”, which transforms the infected system into a cryptomining slave that wastes its resources making digital currency for the attacker.

How to protect your servers against Malware Attacks

In many of the above instances, malware was able to infiltrate an organizations’ servers due to the fact that the companies neglected to keep their systems up-to-date with current patches. Servers, like any other system, use operating systems such as Windows. Therefore, they need to be constantly updated to receive the latest security measures developed by vendors such as Microsoft.

Following the Wannacry outbreak, Microsoft released a statement noting that “EternalBlue”, the security vulnerability that was exploited by the attackers, had in fact been patched two months prior to the incident. However, many companies failed to install the fix, leaving their systems open to infection. Similarly, the vulnerability used by “Adylkuzz” called CVE-2017-7269 was also repaired prior to the event by Microsoft in an update released on June 13^th, 2017. The severity of both of these incidents could have been drastically mitigated if organizations had been more diligent in keeping their servers’ operating systems up-to-date.

Therefore, it is clear that protecting your company’s server is critical to the safety of all systems on your network. Because they are connected to many of an organization’s systems, malware-infected servers become extreme threats to the security of all computers connected to it.

At GigE, our experts have years of experience in ensuring that your organization’s servers and computers are up-to-date with current software. Do not fall victim to malware and contact us today at +1 (888) 366-4443.

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cyptojacker tools.

What are Cryptomining and Cryptojackers?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when attackers install malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for cyberattackers, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptomining Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacking malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, attackers can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cryptojacker tools.

What are Cryptomining and Cryptojacker Attacks?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when a cryptojacker installs malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for a cryptojcaker, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptojacker Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacker malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, a cryptojacker can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.