Late last week, St. Francis Xavier University in Canada was the victim of a cryptojacking attack. A hacker (or hackers) targeted the university’s computer system to mine for the world’s number one cryptocurrency. The attack forced the university to shut down their network completely to safeguard personal data for students and staff.
Needless to say, quite a few services were impacted by this. Online courses, email, debit card transactions, Wi-Fi, and drives on the St. F.X. network were all completely offline. Since then, services have been increasingly restored. St. Francis Xavier University notes that all passwords have been reset due to security concerns.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service. North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo. Cryptocurrency has emerged as an alternative source of money for the cash-strapped North Korean regime amid tightening international sanctions.
Read more about the North Korean cryptojacking campaigns on UPI.
NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018. Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all crypto mining activities detected by NSFOCUS.
Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources. China, the USA, and Russia are home to the most “recidivists.”
Check Point has published its latest Global Threat Index for September 2018, revealing a near-400% increase in cryptomining malware attacks against Apple iPhones. These attacks are using the Coinhive mining malware, which continues to occupy the top position in the Index that it has held since December 2017.
Coinhive now impacts 19% of organizations worldwide. Check Point’s researchers also observed a significant increase in Coinhive attacks against PCs and devices using the Safari browser, which is the primary browser used by Apple devices.
While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.
To the average user, the newly discovered samples, which have been active as early as August, seem legitimate. The samples act as Flash updates, borrowing pop-up notifications from the official Adobe installer, and even actually updating a victim’s Flash Player to the latest version. Unbeknownst to the victims, while the legitimate Flash update has occurred, a tricky XMRig cryptocurrency miner is quietly downloaded and runs in the background of the infected Windows computers.
Read more about the stealthy new cryptojacking campaign on Threatpost.
Based on trends in the first half of 2018, Webroot found that cybercriminals are shifting to increasingly sophisticated and targeted means of attack while also expanding their money making endeavors, as shown by the uptick in cryptojacking and cryptomining.
Malware in general, including ransomware and cryptomining, accounted for 52 percent of threats in the first half of 2018. Phishing attempts increased by more than 60 percent from January to June 2018. Dropbox overtook Google in the first half of 2018 as the most impersonated company for phishing attacks, accounting for 17 percent of phishing emails.
McAfee released its McAfee Labs Threats Report September 2018, examining the growth and trends of new cyber threats in Q2 2018. In the second quarter, they saw the surge in cryptomining malware growth that began in Q4 2017 continue through the first half of 2018. McAfee also saw the continued adaptation of the type of malware vulnerability exploits used in the WannaCry and NotPetya outbreaks of 2017.
Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape and this threat continues to rise. McAfee Labs has even identified what appear to be older malware such as ransomware newly retooled with mining capabilities.
Despite the volatility that is characterizing cryptocurrencies, mining is still a lucrative business for cyber criminals. Recent academic research has shown that only the embedded cryptocurrency miner CoinHive is generating $250,000 worth of Monero every month, most of it (80%) going to just 10 individuals.
The Kodi media player has emerged as a malware distribution platform for cybercriminals, recently becoming the target for a cryptomining campaign that compromised about 5,000 machines before being thwarted. Those victims are still at risk, researchers warned.
Kodi is free and open-source, and can be used to play videos, music and other digital media files from local and network storage media and the internet / streaming sources. Users can extend the software’s functionality by installing add-ons. By targeting the various add-ons and relying on Kodi’s auto-update feature, it’s possible to stealthily spread bad code throughout the ecosystem.
Read more about how Kodi is used to distribute malware on Threatpost.