Blog

cryptomining

You thought ransomware was bad? Cybercriminals are embracing a new scourge, in the form of cryptomining. The latest bug, dubbed the FacexWorm, is an example of just how dangerous it can be.

Cryptomining is a type of malware that hijacks the CPU system resources of victim machines, slowing down performance and stealing power. It uses these resources to mine for virtual currency, especially Monero, which takes fewer resources to uncover than the more well-known Bitcoin.

It can be delivered as a standalone malware, but there are also drive-by versions, where online mining of Monero cryptocurrency starts when a user visits a web page. A product called Coinhive is offered as a legitimate service for webmasters looking for a monetization alternative to advertising, but criminals often embed it into websites without the site knowing, and unscrupulous websites use it without letting site visitors know.

Unlike ransomware, which usually results in only a small percentage of infected users actually paying the ransom and requires time and effort to interact with the victims, cryptomining is a “set it and forget it” proposition for attackers. It also tends to fly under the radar, and it can take weeks before a victim uncovers the infection. In other words, it requires minimal effort, but maximum reward. Perfect.

It’s lucrative too, with cryptocurrencies now reaching dizzying heights of valuation. To put the financial gains for the bad guys into perspective, an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims could generate $500 per day or $182,500 per year.

Thus, it’s no wonder that it’s spreading rapidly. More than 4,000 government agencies in the US and the UK alone were recently found to be infected with it – and that’s just one section of one vertical. Various industry estimates postulate that as much as a quarter of all desktops are compromised.

A good example of the danger is that the FacexWorm is spreading via Facebook. Once it infiltrates a user’s account, it sends out faked Messenger video links to the victim’s contacts which, when clicked, replicate the malware onto those contacts’ machines. It has an impressive set of capabilities: It steals Google, MyMonero and Coinhive credentials when a victim logs in, injects a cryptocurrency miner that exploits the victim’s CPU, hijacks the user’s cryptocurrency-related transactions, detects when a user’s accessed a cryptocurrency trading platform, and thwarts removal and detection. It also communicates with a remote command-and-control server, from which it can download additional malware.

Further, FacexWorm has created the potential for building a large-scale malicious botnet. Facebook has an estimated 2.2 billion active users, so putting together a botnet consisting of hundreds of millions of devices would not be a difficult task. That botnet could be used for different kinds of attacks, including distributed denial of service.

So, FacexWorm presents a danger in and of itself, but it also acts as just the latest example of why organizations should be proactively protecting themselves from DDoS attacks.

The cyber landscape is a wild and wooly place, where financially motivated bad actors are always looking for the next big attack vector. Ransomware was the “it” malware last year. This year, cryptomining is catching fire. And there’s sure to be something else coming along the pike before not too long.

That’s why it’s important for companies to adopt comprehensive, real-time unified threat management (UTM), which can keep systems protected from malware, DDoS attacks and other concerns. A UTM appliance consolidates network security – including firewalls with anti-virus and anti-spyware protection, intrusion detection, web filtering and more – into a comprehensive and dynamic threat prevention solution.

TPx offers a managed UTM solution that’s always up-to-date on the latest threats, backed by the constant vigilance afforded by our Security Operations Center (SOC). With our SOC, you have access to dedicated certified security analysts with deep security expertise. They include ex-military, defense, and cyber security specialists with over 50 years of combined cyber security experience. We proactively monitor and manage the threats – before they hit you.

Contact your TPx representative today for details on how TPx can protect your valuable infrastructure, safeguarding your employees and business from ransomware, cryptomining and whatever the next major threat will be.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Managed Endpoint, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.

Another day, another massive – and preventable – cyberattack on a major target. Late last week the city of Atlanta was hit by a costly ransomware attack, causing a complete shutdown of the Georgia capital’s online systems that support the police department, city courts, parts of the airport (the world’s busiest) and more. That shutdown is ongoing.

The cybercriminals – believed to be the notorious “SamSam” gang – are requesting a payment of $6,800 to unlock each computer, which translates into $51,000 for all of the needed keys – with absolutely no guarantee that the systems will be restored. Atlanta is working with law enforcement and security firms to lift the wall of encryption that has brought it to its knees, but time is running out. SamSam said it would wipe the city’s files if the ransom wasn’t paid this week.

The fact that government departments within a major metropolitan area can be taken down so easily is yet another wake-up call that managed security should be on the to-do list for every under-resourced, overly worked IT department out there, regardless of what industry vertical it happens to occupy.

Ransomware is a quick and easy win for the bad guys, especially given that email phishing attempts – the primary way in for most malware – can never be fully thwarted. We are only human after all, and it just takes one employee to fall for a fraudulent email to give criminals, who often have no hacking experience at all, access to the kingdom.

Backup alone is not a protection against ransomware, because backup files themselves can be afflicted, even if they’re in the cloud. What’s needed is a sophisticated, multilayered defense. More specifically, Unified Threat Management (UTM) is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion detection/prevention (IDS/IPS), gateway anti-spam, content filtering, load balancing, data loss prevention and on-appliance reporting. In a ransomware scenario, potentially fraudulent emails are flagged, malicious phishing websites are blocked and, if a bad actor does get through, the organization knows quickly and can address it before the worst-case scenario that Atlanta is living through ever plays out.

Of course, maintaining this kind of system is tough for many organizations that lack a deep well of in-house security expertise. Fortunately, managed security can step in to fill the gap.

TPx offers a managed UTM solution that’s always up-to-date with the latest threats, backed by the constant vigilance afforded by our Security Operations Center (SOC). Leave the monitoring and the defenses to us, and sleep a little sounder at night.

Don’t end up like the Peachtree City. Contact your TPx representative today for details on how TPx can protect your valuable infrastructure and protect you from the ransomware scourge.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Endpoints Management, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.