main

Attack MitigationAttack Types & VectorsSecurity

Top Cryptomining Malware. Top Ransomware.

August 21, 2018 — by Fabio Palozza3

cryptocurrencies_malware_cryptomining_ransomware-960x640.jpg

In 2018, cryptominers have emerged as the leading attack vector used by cybercriminals to gain access into others systems. Cryptominers are getting advanced makeovers by cybercriminals doing their best to develop innovative cryptominers with ground-breaking capabilities. The recently-discovered cryptominers are not only known for their advanced features, but also for their capabilities to attack a wide range of systems including cloud-based platforms, mobile devices, industrial IT-infrastructure, and servers.

It’s not surprising that cybercriminals have started targeting cloud infrastructures which are based on rich classes of strong computing resources and companies that use cloud platforms to store confidential information. Two of the most striking data breaches that we witnessed this past year were the Monero-miner attack on Tesla’s cloud servers and the data-leak incident that affected FedEx customers.

[You Might Also Like: Malicious Cryptocurrency Mining: The Road Ahead]

Top Cryptomining Malware That Is Dominating the Cybercrime Scene in 2018

The most popular web-based Monero currency miner, Coinhive, undoubtedly occupies the first spot regionally and globally with 25 percent of the companies being affected. With the introduction of Coinhive’s JavaScript mining code in September 2017, the code has been incorporated into thousands of websites allowing cybercriminals to capitalize on visitors’ computing resources. Additionally, the code can be used as substitutes for online advertisements that cybercriminals use to lure visitors to click malicious links. In 2018, threat actors have delivered Coinhive in innovative ways through Google’s DoubleClick service and Facebook Messenger, with code embedded in websites or by hiding code inside YouTube ads. Along with Coinhive, other miners, including Jesscoin and Cryptoloot, have been dominating the malicious cryptomining landscape this year, affecting almost 40 percent of businesses and consumers across the globe.

[You Might Also Like: Raising the Bar for Ethical Cryptocurrency Mining]

RIG Exploit Kit is increasingly being used by cybercriminals to capitalize on system vulnerabilities both regionally and globally. RIG Exploit kits typically work by redirecting people to a landing page that features an embedded JavaScript, the main purpose of which is to identify security flaws in the browser. Cybercriminals use RIG kits to deliver exploits for Internet Explorer, Java, Flash, and Silverlight.  RIG Exploit kits ruled the cybercrime scene in the first half of 2018, moving payloads such as cryptominers and Smoke Loader down the ranking.

XMRig, which is an open-source application for CPU-mining, occupies the third spot across all regions in the United States. The XMrig mining code, which gained popularity in early 2018, has been widely used by a number of crypto-strains, including RubyMiner which is specifically designed to target unpatched Linus servers and Windows. According to Check Point, cybercriminals targeted 30 percent of all business networks to utilize server capacities to support their mining operations.

When it comes to ransomware, Locky, which was first introduced in 2016, occupies the first spot in regional and global lists. Wannacry, which came into the scene in 2017 and made its way to thousands of systems continues to hold a high rank this year.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Attack Types & VectorsSecurity

Malicious Cryptocurrency Mining: The Road Ahead

August 14, 2018 — by Fabio Palozza1

crypto-part-6-960x640.jpg

As cryptomining continues to rule the cybercrime scenario, cybercriminals are designing innovative ways to drain people’s cryptowallets. Scammers are still doing their best to make the most out of their resources to launch leading-edge scam attempts. The increase in scams is mainly attributed to the failure in implementing appropriate fraud protection measures and unfortunately, popular cryptomining platforms including Coinbase and Bitcoin lack the necessary security features that they need to prevent fraudulent cryptomining activities.

Security

Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection

August 1, 2018 — by Fabio Palozza1

drive-by-cryptomining-960x640.jpg

By the end of the last year, we saw a drastic rise in drive-by cryptocurrency mining activities and it is quite alarming to note that cyber-criminals are getting smarter and smarter day-by-day at avoiding detection. Interestingly, cyber-criminals can deploy drive-by cryptocurrency mining to target a much wider audience compared to what they would typically achieve by delivering malware-based miners to machines.

Attack Types & VectorsSecurity

Accessing Your Crypto Wallet Through Android Devices?

July 10, 2018 — by Fabio Palozza0

crypto-wallet-960x320.jpg

Android platforms are commonly characterized by the presence of Trojan-infected apps that have built-in cryptocurrency mining codes, which means that mobile users are highly susceptible to malicious cryptocurrency mining attacks. It is quite alarming to note that cyber criminals deploy malicious APKs that are delivered through SMS spam and cryptocurrency miners into people’s mobile devices and the modus operandi is similar to that of Windows malware. In fact, attackers find it quite easy to add miners to apps that are already malicious. For example, cyber criminals could easily add miners on apps that were infected with the Loapi Trojan, an SMS Trojan that could deliver ads. Loapi caused a high degree of strain on the processor, which caused overheating of the batteries which, in turn, shortened the lifespan of the Androids.

Security

Malicious Cryptocurrency Mining: The “Shooting Star” in the Cybercrime Domain

June 6, 2018 — by Fabio Palozza0

cryptocurrency-mining-960x640.jpg

It’s quite evident how these days, attacks assume new forms along with transformations in the types of services that are widely used by consumers in a given period of time. Needless to mention, malware or malicious activities will find their presence in new applications and services as they evolve to occupy a prominent position in people’s lives.

Security

Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data

May 10, 2018 — by Radware112

nigelthorn-malware-crypto-mining-1-960x641.jpg

Individual research contributed by Adi Raff and Yuval Shapira.

On May 3, 2018, Radware’s cloud malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more.

Security

The Legitimacy of Cryptocurrency Has Made It Harder for Hackers

March 22, 2018 — by David Hobbs1

cryptocurrency-960x640.jpg

Last year a few noteworthy things happened in terms of cryptocurrencies. The IRS won their case against Coinbase and over 14,000 people who traded over $20,000 USD in 2015 now have to face the IRS.   Exchanges in Asia started forcing KYC (Know Your Customer) requirements on customers as did most of the rest of the world. Bitfinex decided to block all U.S. customers in November of 2017 due to regulatory issues and uncertainty. What this means is that Bitcoin and cryptocurrency is becoming harder to trade anonymously and without paying taxes. This is what happens because of legitimacy from regulation, lawful trade and taxation. I am not saying there isn’t much debate still regarding the legality, legitimacy or utility of cryptocurrencies; I’m saying 2017 had a significant change in how it is viewed.  Today, the SEC in the U.S. has been discussing forcing cryptocurrency exchanges to register with the SEC and there is no definitive answer to what this is going to mean or if it is going to happen.

Attack Types & VectorsDDoSSecurity

Has Cyber Security Reached Its Limits?

January 16, 2018 — by Ben Zilberman0

Hackermanstealinformation-1-960x576.jpg

Thoughts from Radware’s Global Application and Network Security Report

  • Rise of cryptocurrency trade and value boosts attacks;
  • Notorious attacks of the year point at the human factor to blame;
  • Machine-learning technologies are not fully mature nor broadly adopted;
  • Despite a notion of tolerance, in one of four cases customers will take action against a targeted organization;
  • IoT devices power more effective DDoS attacks, but nobody takes responsibility to patch the known holes;
  • Data Leakage is the number one concern of organizations today.

These are just a handful of insights from Radware’s 2017-2018 Global Application and Network Security Report, providing a comprehensive view of the industry trends and evolutions. 2017 was an eventful year, with global cyber-attack campaigns that grabbed headlines in mainstream media and affected the lives of many, in particular the WannaCry, NotPetya and BadRabbit ransom sprees, as well as Equifax and Forever 21 data leaks. Let’s take a closer look at 2017 trends and 2018 predictions:

Older Posts