Tag: Cryptojacking

Cryptojacking attacks: One in three organisations say they’ve been hit with mining malware

Almost a third of organisations say they’ve been hit by cryptojacking attacks in the last month, as cyber criminals continue their attempts to push malware designed to secretly use processing power to generate cryptocurrency.

Cryptojacking attacks have become increasingly popular with attackers because users often won’t know they’ve been infected as the malware simply steals processing power to mine for cryptocurrency. All the average user might notice is that their computer is running a bit slower than usual or the fans is working harder.

Read more about the findings of a new Citrix survey detailing how organizations are being affected by the cryptojacking boom, on ZDNet.

Massive Coinhive Cryptojacking Campaign Touches Over 200,000 MikroTik Routers

Security researchers have unearthed a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users’ web traffic.

The campaign appears to have gotten off the ground this week and was, in its first stages, mainly active in Brazil, but later started targeting MikroTik routers all over the world.

Read more about the massive cryptojacking campaign targeting MikroTik routers on BleepingComputer.

5 Steps to Fight Unauthorized Cryptomining

As a CISO or cybersecurity pro, you could notice one day that “something is different” because your users’ computers are slowing down. Or — with a little sleuthing — you may discover that your organization’s power bill has suddenly soared by hundreds or even thousands of dollars.

At this point, it’s possible that cryptominers have compromised your enterprise network and/or web environment. On the surface, unauthorized cryptomining might seem like a “no harm/no foul” crime. However, the potential for risk is equivalent to that of any botnet, malware, ransomware, or other malicious threat.

Read about how you can prevent most of these attacks by simply maintaining good cyber hygiene, on DarkReading.

This new cryptomining malware targets business PCs and servers

A new form of cryptocurrency-mining malware is targeting corporate networks across the world, employing a combination of PowerShell and EternalBlue to stealthily spread. Dubbed PowerGhost, the fileless malware can secretly embed itself on a single system on a network then spread to other PCs and servers across organisations.

The cryptojacker has been uncovered by researchers at security company Kaspersky Lab, who detected it on corporate networks across the globe, with the largest concentration of infections in India, Brazil, Columbia, and Turkey.

Read more about the newly uncovered cryptojacking campaign that looks to spread across infected networks on ZDNet.

Android apps: Google bans cryptocurrency miners from Play Store

After Apple’s recent ban on cryptocurrency-mining apps in the iOS App Store and Mac App Store, Google has now banned them from the Android Play Store too. Google’s policy is similar to Apple’s which still allows mining if the processing happens in the cloud, but on-device mining on Android hardware is now banned.

“We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency,” Google said in its updated Google Play policy center document.

Read more about Google’s decision to ban on-device cryptocurrency-mining apps from the Play Store, on ZDNet.

 

Cryptojacking: Has cryptocurrency-mining malware already reached its peak?

Cryptocurrency-mining malware is deployed to infect machines including PCs, serverssmartphones and even Internet of Things connected devices, in order to secretly use their processing power to mine for cryptocurrency. The stealthy nature of cryptojacking makes it highly appealing for cyber criminals, who can maintain a presence on an infected machine over a long period of time without much risk,

However, a little over eight months since the boom in cryptojacking malware began, this particular form of cyber crime now appears to be losing its appeal, because despite remaining one of the most common forms of malware, detections have sharply declined in recent months.

Read more about the apparent decline in coinmining attacks, and why it could lead to a rise in more dangerous attacks, on ZDNet.

42% of organizations globally hit by cryptomining attacks

Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors.

Between January and June 2018, the number of organizations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017. Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.

Read more about the findings of the new research by Check Point on Help Net Security.

New Malware Variant Hits With Ransomware or Cryptomining

A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim’s system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency.

Researchers identified a new variant of the remote execution downloader that queries the victim’s system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before deciding which attack to launch.

Read more about the new variant of the Trojan-Ransom.Win32.Rakhni family on DarkReading.

Ransomware: Not dead, just getting a lot sneakier

Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one. But as 2017 went on the impact of ransomware dwindled and detections of long-standing ransomware families like Locky and Cerber massively declined.

A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to ‘cryptojacking’ as a simpler, less risky means of illicitly making money. So is it all over for ransomware? Perhaps not.

Read why, while there’s been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still a potent threat to businesses, on ZDNet.

Cryptocurrency miners poised for continued growth

WatchGuard threat intelligence from Q1 2018 revealed that 98.8 percent of seemingly common Linux/Downloader malware variants were actually designed to deliver a popular Linux-based cryptocurrency miner. This is just one of several signs that malicious crypto-mining malware is becoming a top tactic among cyber criminals.

“Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cyber criminals’ arsenals, and will continue to grow more dominant in Q2,” said Corey Nachreiner, CTO at WatchGuard Technologies.

Read more about the rise and rise of cryptocurrency miners as detailed by WatchGuard Technologies on Help Net Security.