Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023
Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Intelligence Report 2018
August 3, 2018Rewterz Threat Advisory – CVE-2018-8373 Scripting Engine Memory Corruption Vulnerability
August 14, 2018
CRYPTOJACKING DETHRONES RANSOMWARE
Crypto jacking seems to be dethroning ransomware as the top malware in cyberattacks. Crypto jacking is being adopted as the most common means of attacking in cyberspace ever since the crypto currency values went up.
Meanwhile, the number of attacks occurring with the usage of ransomware has gone down by more than half, with an exponential increase in crypto jacking. Therefore, crypto jacking crowns itself as the new top mode of cyber-attacks.
Symantec reports that ever since the cryptocurrency values went up, there has been an 8,500% increase in coin mining detections between August 2017 to December 2017, with an overall increase of 600% in the overall IoT attacks.
AN INSIGHT TO CRYPTOJACKING
Crypto-mining is the act of mining cryptocurrencies, such as bitcoin, ether (from Ethereum), Ripple, Litecoin, Monero, and one (or more) of over 1,600 other cryptocurrencies currently in use.
Cryptojacking involves stealing digital currency by using the computer and graphics processing power. It is usually done from unsuspecting users’ devices to mine crypto, without their permission or knowledge.
It can also involve stealing already mined cryptocurrency from another’s crypto wallet. There are countless ways for attackers to mine cryptocurrency. There are about 98 million attack sensors installed in 157 countries for the detection of crypto-mining attempts, says Symantec.
TRENDS
Kaspersky reports from Moscow that cryptojacking has replaced ransomware as the new attack mechanism. Ransomware is in serious decline dropping by nearly half, which was reported to be 1,152,299 in 2016-17 and is now reduced to 751,606 in 2017-2018.
On the contrary, Crypto jacking incidents in these two years rose from 1.9 million to 2.7 million.
Crypto miners invade business computers and devices in a hidden mechanism like the ransomware but produce far more profitable results for attackers than ransomware.
Last year average ransom demand dropped to $522.
CRYPTOJACKING vs RANSOMWARE
Cryptojacking is by far the easiest way to generate money. Comparing it to ransomware, we evaluate that the ransomware requires encryption of files on the victim’s computer, following which comes a demand of ransom from the attacker, for decrypting the files.
On the other hand, cryptojacking only requires an attacker to infect a system once, which results in money generation without the knowledge of the victim.
Crypto-mining is called cryptojacking when the attack proceeds on a system without authorization.
Cryptojacking is thus the usage of machine power to acquire possession of cryptocurrency without obtaining authorization from the users.
Browser cryptojacking is more readily adopted by cybercriminals as compared to ransomware since the in-browser cryptojacking requires no installation to run, allowing easy infection of machines.
CRYPTOJACKING MECHANISMS
It works by two mechanisms:
- Social Engineering
- In-browser cryptojacking
In the first method, a user is manipulated through social engineering tactics into clicking a link or downloading a malicious file. When this happens, the malicious script contained in the link or file runs in the background without notifying the victim.
In the second method, in-browser cryptojacking is involved, which means running a code in the browser whenever a particular site is accessed. The cryptojacking scripts are executed by Java Scripts usually hidden in some advertisement on the site. The cryptojacking is thus the silent killer of your digital wealth.
MAJOR CRYPTOJACKING INCIDENTS 2018
- In January 2018, about half million computers were infected in Russia, India and Taiwan by a crypto-mining botnet infection. The total mined cryptocurrency is reported to be worth $ 3.6 million.
- A Spain-based cybersecurity firm reported in February 2018 that it fell victim to cyberjacking. The cryptocurrency mined in the attack was Monero and the script used to infect the systems was WannaMine.
- In February 2018, the U.S. and U.K. Government websites were involved in in-browser cryptojacking. The cryptojacking scripts were run on U.K.’s Information Commissioner’s office website which also infected any visitors of the website. The American court system website was reported to have fallen victim to the same cryptojacking attack.
- February 2018: The Amazon Web Services software container of Tesla Inc. was reported to have been compromised. The firm fell victim to crypto-jacking, just like some other firms did back in October 2017.
INDICATORS OF INFECTED DEVICE
- The first indicator of a compromised device is that the system works abnormally slower than its processing ability. If any machine is suddenly performing low, it might be a victim of cryptojacking.
- Excessive usage of CPU power may lead to overheating of system. This high usage can also be an indicator of cryptojacking, unleashing its malicious plans in the background without your knowledge. Users should also check for CPU high usage spikes on PCs or mainframes.
- Specific network monitoring tools also help companies detect cryptojacking, and many agree that this is the best detection method for large corporates.
PREVENTION METHODS
- Two browser extensions for chrome, minerBlock and No Coin, are designed to block popular crypto miners from using your computing power.
- Users should be given awareness sessions to equip them with knowledge of social engineering. That way, they can be more vigilant towards malicious sites.
- Use a strong anti-virus and make sure it’s always updated to detect all unsecure websites and can block anything malicious, including crypto-mining.
- Make sure that your Windows software is always updated to prevent against vulnerabilities like EternalBlue as they may be used in crypto mining attacks.
HOW TO MITIGATE A DETECTED CRYPTOJACKING INCIDENT
- Disable network privileges for any detected crypto-jacking websites/scripts.
- If machine performance is under compromise, identify the most memory-consuming process to verify any connection with mining processes.
- If such process is detected, immediately stop it and blacklist the process so it fails to execute any further.
- You may use common anti-malware detection methods or trusted internet security products that are known for detecting cryptojacking script files.
CONCLUSION
Crypto mining is a new technique used for generating money, that operates silently in the background of your device. Awareness of this malicious method is important to ensure maximum security of your device against crypto mining attempts.
Some individuals argue that it’s a legal and harmless procedure of making money online, whereas others call it a heinous crime. In some cases, it may even damage a device physically due to excessive use of power.
It’s important to apply the above-mentioned techniques to ensure protection of your digital wallet. Therefore, users need to be vigilant about the activities taking place on their device.