The value of cryptocurrencies has fluctuated wildly, but the value is still high enough to garner a lot of attention, both legitimate and malicious. Most of the malicious activity we see is done for financial gain, and cryptocurrencies have provided attackers with a lucrative new avenue to pursue: cryptocurrency mining.
Over the past year, we have seen a seismic shift in the threat landscape with the explosive growth of malicious cryptocurrency mining. This threat is spreading across the internet like wildfire and is being delivered through multiple vectors including email, web, and active exploitation. That doesn’t include the quasi-legitimate in-browser mining that is becoming increasingly common.
Malware called “Crackonosh” has been found in 222,000 compromised computers that were used to download illegal, torrented versions of popular video games, including “NBA 2K19” and “Grand Theft Auto V”. The virus, which has been circulating since at least June 2018, installs cryptomining software that has yielded its authors over $2 million worth of Monero (XMR, -5.25%). Once installed, Crackonosh quietly uses the computer’s processing power to mine cryptocurrencies for the hackers.
The level of advanced sophistication in this malware is quite genious. Through automation and machine learning, Crackonosh takes several steps to try to protect itself once it has been installed including disabling Windows Updates and uninstalling security software.
Since these miners rely on both end systems and network traffic to operate, it creates many different avenues for automation and detection, which is a must to identify and stop this process-level, behavior-based activity. It cannot be detected with traditional or non-configured systems.
For those businesses who rely on Cloud-based DevOps, we continue to see machines spun up in the cloud and left running when not in use — overnight, over weekends. Imagine when these hackers find their way into your resources and take hold of your computing power and never getting these alerts.
This malware benefits targeting a large amount of systems for hacker profitability, but Sniper Watch is monitoring and anticipating the next evolution of Malware-as-a-Service in which script-kiddies, or novice hackers take this sophisticated software and apply it silently on small and medium businesses as well as home users to slowly mine and exfiltrate money over longer periods of time. Without the proper security controls, you’ll never know that it is there working in the background while your Internet usage is being hijacked and degraded for others to gain. (See: Stealthy Attackers and How They Get In: https://youtu.be/gxRgK61Rxjw)
Stop these breaches from materializing by contacting us right away to get started protecting your assets. Schedule a Call here: https://go.oncehub.com/sniperwatch-intro