main

Attack MitigationAttack Types & VectorsSecurity

Top Cryptomining Malware. Top Ransomware.

August 21, 2018 — by Fabio Palozza2

cryptocurrencies_malware_cryptomining_ransomware-960x640.jpg

In 2018, cryptominers have emerged as the leading attack vector used by cybercriminals to gain access into others systems. Cryptominers are getting advanced makeovers by cybercriminals doing their best to develop innovative cryptominers with ground-breaking capabilities. The recently-discovered cryptominers are not only known for their advanced features, but also for their capabilities to attack a wide range of systems including cloud-based platforms, mobile devices, industrial IT-infrastructure, and servers.

It’s not surprising that cybercriminals have started targeting cloud infrastructures which are based on rich classes of strong computing resources and companies that use cloud platforms to store confidential information. Two of the most striking data breaches that we witnessed this past year were the Monero-miner attack on Tesla’s cloud servers and the data-leak incident that affected FedEx customers.

[You Might Also Like: Malicious Cryptocurrency Mining: The Road Ahead]

Top Cryptomining Malware That Is Dominating the Cybercrime Scene in 2018

The most popular web-based Monero currency miner, Coinhive, undoubtedly occupies the first spot regionally and globally with 25 percent of the companies being affected. With the introduction of Coinhive’s JavaScript mining code in September 2017, the code has been incorporated into thousands of websites allowing cybercriminals to capitalize on visitors’ computing resources. Additionally, the code can be used as substitutes for online advertisements that cybercriminals use to lure visitors to click malicious links. In 2018, threat actors have delivered Coinhive in innovative ways through Google’s DoubleClick service and Facebook Messenger, with code embedded in websites or by hiding code inside YouTube ads. Along with Coinhive, other miners, including Jesscoin and Cryptoloot, have been dominating the malicious cryptomining landscape this year, affecting almost 40 percent of businesses and consumers across the globe.

[You Might Also Like: Raising the Bar for Ethical Cryptocurrency Mining]

RIG Exploit Kit is increasingly being used by cybercriminals to capitalize on system vulnerabilities both regionally and globally. RIG Exploit kits typically work by redirecting people to a landing page that features an embedded JavaScript, the main purpose of which is to identify security flaws in the browser. Cybercriminals use RIG kits to deliver exploits for Internet Explorer, Java, Flash, and Silverlight.  RIG Exploit kits ruled the cybercrime scene in the first half of 2018, moving payloads such as cryptominers and Smoke Loader down the ranking.

XMRig, which is an open-source application for CPU-mining, occupies the third spot across all regions in the United States. The XMrig mining code, which gained popularity in early 2018, has been widely used by a number of crypto-strains, including RubyMiner which is specifically designed to target unpatched Linus servers and Windows. According to Check Point, cybercriminals targeted 30 percent of all business networks to utilize server capacities to support their mining operations.

When it comes to ransomware, Locky, which was first introduced in 2016, occupies the first spot in regional and global lists. Wannacry, which came into the scene in 2017 and made its way to thousands of systems continues to hold a high rank this year.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Attack Types & VectorsSecurity

Micropsia Malware

July 25, 2018 — by Yair Tsarfaty0

micropsia-malware-960x641.jpg

Since June 2018, the Radware Threat Research team has monitored an ongoing APT against the Palestinian authority, featuring an updated version of the Micropsia malware with an advanced surveillance toolkit. This advanced persistent threat began in March 2017 and was reported by Cisco Talos and Check Point Software Technologies, infecting hundreds of machines thus far.

Attack Types & VectorsSecurity

Accessing Your Crypto Wallet Through Android Devices?

July 10, 2018 — by Fabio Palozza0

crypto-wallet-960x320.jpg

Android platforms are commonly characterized by the presence of Trojan-infected apps that have built-in cryptocurrency mining codes, which means that mobile users are highly susceptible to malicious cryptocurrency mining attacks. It is quite alarming to note that cyber criminals deploy malicious APKs that are delivered through SMS spam and cryptocurrency miners into people’s mobile devices and the modus operandi is similar to that of Windows malware. In fact, attackers find it quite easy to add miners to apps that are already malicious. For example, cyber criminals could easily add miners on apps that were infected with the Loapi Trojan, an SMS Trojan that could deliver ads. Loapi caused a high degree of strain on the processor, which caused overheating of the batteries which, in turn, shortened the lifespan of the Androids.

Security

Personal Security Hygiene

June 27, 2018 — by Lior Rozen0

password-hygiene-960x640.jpg

If you are reading this post, chances are you are aware of internet hacks – you have heard of the company that got all its data stolen, or the CEO whose social media account was compromised. If you work at an enterprise, it’s likely that your enterprise bought and deployed some security products to protect its employees and its intellectual property. However, there are multiple ways to trick such security measures, whether you are at work or when you are browsing from the safety of your own home. In this post I collected four simple rules that can help you stay protected. In the continuous battle between security and usability, following these four rules gives away very little comfort, yet significantly increases the chance you will not be hacked. These rules are good practices and they are enough for most people, chances are they will save you from being hacked. You will not always know if they helped you, but if you make them a habit, they will do you good.

Security

Detecting Malware/APT Through Automatic Log Analysis

May 23, 2018 — by Fabio Palozza0

big-data-malware-960x679.jpg

Legacy perimeter security mechanisms can be evaded very easily. It’s disappointing, but it’s true. Innovatively-designed malware and APTs have the potential to evade even the strongest signature-based security solutions that are currently being deployed across industries. This has encouraged IT companies to think beyond prevention and to design effective detection strategies. In recent times, companies have started analyzing traffic logs through a deployment of technology as well as professional services to detect attacks that are under way. However, even though traffic log analysis can promote the identification of malware activity, companies may not benefit from it much as the on-premises approach is incomplete, inefficient, and expensive at the same time.

Security

Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data

May 10, 2018 — by Radware109

nigelthorn-malware-crypto-mining-1-960x641.jpg

Individual research contributed by Adi Raff and Yuval Shapira.

On May 3, 2018, Radware’s cloud malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more.

Attack Types & VectorsSecurity

Stresspaint Malware Campaign Targeting Facebook Credentials

April 18, 2018 — by Adi Raff1

stresspaint-malware-960x679.jpg

On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies. This rapid distribution and high infection rate indicates this malware was developed professionally. The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel. Radware will continue to analyze the campaign and monitor the group’s activity. Prior to publication of this alert, Radware has detected another variant of the malware and saw indication of this new version in the control panel.

Security

You Need a New Approach to Stop Evasive Malware

February 14, 2018 — by Eyal Arazi1

cloud-malware-960x551.jpg

Evasive malware has become a key threat to businesses’ sensitive data. Stealing and selling sensitive data on the Darknet is a lucrative business for hackers, who increasingly rely on evasive malware to penetrate corporate networks.

A study by Verizon found that over 50% of data breaches involve the usage of malware in some capacity. Indeed, some of the largest and best-known data breaches on record, such as Target, Anthem Health, The Home Depot and the U.S. Federal Office of Personnel Management (OPM) were the result of evasive malware running undetected in the network over long periods. These organizations all have large security teams, massive IT budgets and multi-layered anti-malware protections. And yet, in each of these cases these defenses were all circumvented by evasive malware.