Cryptojacking Attacks Are Seriously Underestimated, Says BlackBerry VP

Published at: Aug. 1, 2020

Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry.

Lemos told Cointelegraph that a crypto mining software is not necessarily malicious but rather opportunistic utilizing compute resources for monetary gain, "although you often find it paired with malicious software,” and it’s also a fact not well-enough observed by some organizations when it comes to protecting their networks.

Any Cryptojacking malware can be dangerous

Lemos further elaborated on crypto mining apps getting sophisticated nowadays, saying that crypto miners don’t need to be sophisticated and can be deliver in various ways: "from JavaScript running on a website as a watering hole attack or embedded in a spear-phishing email to supply chain attacks with miners embedded in docker hub images and malicious browser extensions.” He went on to add that: “Distribution is the primary goal and with detection does not carry a meaningful risk, TAs can spread their miners far and wide."

Recent cryptojacking cases, like Lucifer, show a pattern — the common usage of XMRig crypto-miner app in the attacks. BlackBerry executive explained why Monero (XMR) is often used in the attacks, rather than other currencies:

“Monero is pitched as more lucrative to the average user due to the nature of the mining algorithm. Anytime you have uneducated users looking for a quick buck, you will have more opportunities for exploitation. The old adage still holds true: the best way to get rich in a gold rush is to sell shovels. In this case, the shovels also contain malware.”

Pandemic driving cryptojacking attacks?

Lemos believes that the fact of hackers using full malware suites with capabilities that leverage numerous vulnerabilities to establish persistence shows a growing trend in such kind of cryptojacking attacks, and Lucifer is “a continuation or evolution of that trend.”

As the COVID-19 pandemic is still active in several countries, Lamos claims that as long as cryptocurrencies are being considered as a “valuable alternative investment,” the rising trend of the cryptojacking attacks “is here to stay,” as it’s not about blaming the coronavirus-related jump specifically.

Tags
Related Posts
Malware Shellbot is Now Capable of Shutting Down Other Miners
The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …
Blockchain / May 1, 2019
Consumer-Targeted Cryptojacking Is ‘Essentially Extinct’: Research
Illicit crypto mining — or cryptojacking — against consumers “is essentially extinct,” declares a report released by cybersecurity company MalwareBytes on April 23. Per the report, after in-browser mining service CoinHive shut down in early March — when the team claimed that the project had become economically inviable — cryptojacking against consumers has sharply decreased. At the same time, the number of such attacks targeting businesses increased from the last quarter. Furthermore, MalwareBytes also notes that bitcoin (BTC) holders who use Electrum wallets on a Mac have lost over $2.3 million in stolen coins to a Trojanized version of the …
Bitcoin / April 27, 2019
BlackBerry Partners With Intel to Launch a Cryptojacking Detection System
Software company and former smartphone manufacturer, BlackBerry, has partnered with Intel to launch a crypto mining and cryptojacking detection system for Intel-based commercial computers. According to the announcement, BlackBerry released “BlackBerry Optics v2.5.1100”, which relies on the BlackBerry Optics Context Analysis Engine, or CAE, to leverage CPU telemetry from Intel Threat Detection Technology to provide enterprises with advanced malware software. This software’s main purpose is to detect cryptojacking attempts. On how the system works, representatives from BlackBerry sent the following comment to Cointelegraph: “BlackBerry and Intel have teamed up to provide a robust defense against cryptojackers in a way unique …
Technology / June 17, 2020
Law Enforcement’s Guide to Policing Crypto Cybercrimes
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Blockchain / Feb. 19, 2020
Researchers Detect Ambitious Bitcoin Mining Malware Campaign Targeting 1,000s Daily
Cybersecurity researchers have identified a persistent and ambitious campaign that targets thousands of Docker servers daily with a Bitcoin (BTC) miner. In a report published on April 3, Aqua Security issued a threat alert over the attack, which has ostensibly “been going on for months, with thousands of attempts taking place nearly on a daily basis.” The researchers warn: “These are the highest numbers we’ve seen in some time, far exceeding what we have witnessed to date.” Such scope and ambition indicate that the illicit Bitcoin mining campaign is unlikely to be “an improvised endeavor,” as the actors behind it …
Technology / April 6, 2020