Almost a third of organisations say they’ve been hit by cryptojacking attacks in the last month, as cyber criminals continue their attempts to push malware designed to secretly use processing power to generate cryptocurrency.
Security researchers have unearthed a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users’ web traffic.
The campaign appears to have gotten off the ground this week and was, in its first stages, mainly active in Brazil, but later started targeting MikroTik routers all over the world.
Read more about the massive cryptojacking campaign targeting MikroTik routers on BleepingComputer.
As a CISO or cybersecurity pro, you could notice one day that “something is different” because your users’ computers are slowing down. Or — with a little sleuthing — you may discover that your organization’s power bill has suddenly soared by hundreds or even thousands of dollars.
At this point, it’s possible that cryptominers have compromised your enterprise network and/or web environment. On the surface, unauthorized cryptomining might seem like a “no harm/no foul” crime. However, the potential for risk is equivalent to that of any botnet, malware, ransomware, or other malicious threat.
Read about how you can prevent most of these attacks by simply maintaining good cyber hygiene, on DarkReading.
A new form of cryptocurrency-mining malware is targeting corporate networks across the world, employing a combination of PowerShell and EternalBlue to stealthily spread. Dubbed PowerGhost, the fileless malware can secretly embed itself on a single system on a network then spread to other PCs and servers across organisations.
The cryptojacker has been uncovered by researchers at security company Kaspersky Lab, who detected it on corporate networks across the globe, with the largest concentration of infections in India, Brazil, Columbia, and Turkey.
Read more about the newly uncovered cryptojacking campaign that looks to spread across infected networks on ZDNet.
After Apple’s recent ban on cryptocurrency-mining apps in the iOS App Store and Mac App Store, Google has now banned them from the Android Play Store too. Google’s policy is similar to Apple’s which still allows mining if the processing happens in the cloud, but on-device mining on Android hardware is now banned.
“We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency,” Google said in its updated Google Play policy center document.
Read more about Google’s decision to ban on-device cryptocurrency-mining apps from the Play Store, on ZDNet.
Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors.
Between January and June 2018, the number of organizations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017. Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.
Read more about the findings of the new research by Check Point on Help Net Security.
A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim’s system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency.
Researchers identified a new variant of the remote execution downloader that queries the victim’s system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before deciding which attack to launch.
Read more about the new variant of the Trojan-Ransom.Win32.Rakhni family on DarkReading.
Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one. But as 2017 went on the impact of ransomware dwindled and detections of long-standing ransomware families like Locky and Cerber massively declined.
A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to ‘cryptojacking’ as a simpler, less risky means of illicitly making money. So is it all over for ransomware? Perhaps not.
Read why, while there’s been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still a potent threat to businesses, on ZDNet.
WatchGuard threat intelligence from Q1 2018 revealed that 98.8 percent of seemingly common Linux/Downloader malware variants were actually designed to deliver a popular Linux-based cryptocurrency miner. This is just one of several signs that malicious crypto-mining malware is becoming a top tactic among cyber criminals.
“Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cyber criminals’ arsenals, and will continue to grow more dominant in Q2,” said Corey Nachreiner, CTO at WatchGuard Technologies.
Read more about the rise and rise of cryptocurrency miners as detailed by WatchGuard Technologies on Help Net Security.