Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cyptojacker tools.

What are Cryptomining and Cryptojackers?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when attackers install malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for cyberattackers, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptomining Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacking malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, attackers can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

 

Increase in Mining Popularity

Crypto-currency mining saw a massive increase in popularity in Q4 2017 due to spikes digital currency value. During this time, the value of the “Bitcoin” currency was at an all-time-high, at nearly $20 000 per coin. Other currencies such as Monero also saw increase in value. While their financial worth has since decreased, the recent spike has encouraged many cyberattackers to develop many dangerous cryptojacker tools.

What are Cryptomining and Cryptojacker Attacks?

Cryptomining is a method of earning digital currencies such as Bitcoin by using a computer’s physical resources to verify digital transactions. In other words, by dedicating their computer’s processing power to contribute to transaction calculations, a cryptominer is compensated with digital currency.

Cryptojacking is when a cryptojacker installs malware onto a computer to forcibly use its resources to cryptomine while gaining all the earned currency for themselves. While this malicious technology has been present ever since the advent of cryptocurrencies, their value has never been high enough to attract widespread attention of attackers until late last year. In their 2018 Cyberthreat report, Mcafee stressed the appeal of cryptojacking for a cryptojcaker, citing that it is a relatively simple and low-risk method of attack. Therefore, it is now imperative that organizations become aware of the risks and symptoms of cryptojacking attacks on their systems.

The Effects of Cryptojacker Malware

Because cryptojacking malware relies on remaining in the victims’ computer to continually use their resources for cryptomining, they are inherently designed to avoid detection. Therefore, it is difficult to immediately identify when a system is infected with this type of malware. However, due to the fact that it forcibly uses the computers’ resources, common symptoms include computer slowdowns, overheating leading to hardware damage, and decreased battery life.

Therefore, while the impacts of cryptojacking are not as immediate as data-stealing Trojans or Ransomware, their effects can be devastating in the long-term. If hardware damage or software corruption occurs due to overuse of the system’s resources, time and financial resources will need to be wasted to repair and restore the affected systems.

How is cryptojacker malware spread?

Like any other form of malware, cryptojacking software can be spread in a variety of ways. For instance, a computer can be infected via Social Engineering. This is the manipulation of victims to trick them into installing malware or giving away sensitive information. An instance of this is if an individual receives a fake advertisement for a career opportunity. By clicking on this malicious link, the malware is then allowed to infect the individual’s computer.

Another strategy is using websites with high traffic to distribute malware. In cryptomining, a specific malware called “Coinhive” infects victims’ computers and turns them into cryptomining tools.

Thirdly, attackers in recent times have abused an exploit called “EternalBlue” in order to install malware onto vulnerable systems. This was the case in May 2017 when the ransomware Wannacry infected thousands of computers due to organizations neglecting an essential Microsoft update in the prior month.

Attackers are also constantly in search of unprotected credentials to exploit. For instance, the cloud computing resources of Tesla and Aviva were both victims of cryptojacking due to unprotected sectors of their Kubernotes platforms.

Finally, a cryptojacker can infect computers into a botnet, and then use them as cryptominers for their own gain. For more information on the dangers and symptoms of Botnets, check out our previous blog titled “How to Protect Yourself Against Botnet Malware”.

At GigE, our experts can help your organization protect itself against cryptomining malware. Contact us today at +1 (888) 366-4443 to get started today.

 

The Importance of Software Updates for Protection

One of the simplest yet most critical steps in protecting your computers from cyber threats is ensuring that they are patching the latest updates from developers. Microsoft has reported that only 1/3 of Windows 10 computers have applied the update that they released on April 30^th 2018. This leaves 450 million systems still running an out-of-date version of the operating system.

Patches do not only contain bug fixes and performance improvements. Instead, they often provide fixes to newly discovered vulnerabilities in the software. Despite this, many organizations delay patching for months after they are released, exposing their data to potential attack.

Furthermore, oftentimes cyberattacks do not need to be targeted at specific organizations. Instead, attackers can automate a scan of the internet to locate all systems running older vulnerable versions of a particular software. After identifying these systems, they can then infect them with malicious software.

Therefore it is essential that you keep your organization’s computers up to date with the latest patches in order to protect them from cyberattack.

Major Incidents Caused by Neglected Updates

In April 2017 hacker group Shadow Brokers leaked a cyber vulnerability used by the U.S. National Security Agency which allowed attackers to lock-up files on hundreds of thousands of computers. The vulnerability, named “EternalBlue”, was able to be exploited by a malicious software called WannaCry. Microsoft reported that it had in fact released the patch protecting against this vulnerability a month prior to the event. However many organizations neglected to apply the update, and were therefore left vulnerable to the attack.

This incident was an example of an opportunistic, rather than targeted attack. Instead of focusing efforts on specific organizations, attackers instead scan for unprotected computers and target those vulnerable to their malware. Rendition researchers demonstrated this automation process during their efforts to find out how many computers had been impacted. By mass-distributing ‘pings’ that were sensitive to the DoublePulsar malware, they were able to echolocate systems impacted by this virus. However while Rendition used this strategy to identify infected computers, attackers can likewise use it to discover vulnerable PCs. This was the case in another incident involving the SamSam malware, which affected computers running outdated versions of Jexboss software.

In another incident in September 2017, Credit Reporting Agency Equifax reported that close to 150 million consumers located in the US, Canada, and UK had their data compromised because of the delayed update of a software they used called Apache Struts. The vulnerability allowed attackers to gain control of the affected computers.

Similarly to Microsoft, Apache released a statement noting that the vulnerabilities had been identified and patched March of that year. In fact, the U.S. Computer Emergency Readiness team (US-CERT) had also released an announcement that same month, urging users to update their Struts software to newer versions.

Learning from these incidents, it is clear that keeping up with patches is an essential step to protecting your computer against new cyber threats. This is not only the case for operating systems such as Windows, but also for many open-sourced software such as Apache. In fact, Black Duck found that 78% of open-source codebases contained cyber-vulnerabilities, which now often make up the majority of software.

At GigE, our experts can help your organization ensure that it is patching the latest patch software, to maximize protection of your sensitive data. Contact us at +1 (888) 366-4443 to get started today.