Protect Your Assets
cancel

Cyberattackers’ New Tools: Ransomware and Cryptojacking

Cyberattackers’ New Tools: Ransomware and Cryptojacking

Security_Guest

Guest post by Chas Clawson – Senior ArcSight Engineer at MicroFocus Government Solutions

Of all recent technologies being hyped, the one to have the greatest impact on the future of the world economy likely won’t be artificial intelligence or self-driving cars or 3-D printing, but rather something not as well understood: Blockchain! While the benefits of having a decentralized cloud-based ledger to record transactions will revolutionize currencies, fund transfers, trading, voting and contracts, there is some serious negative cyber security fall-out as well that shouldn’t be overlooked.

Ransomware and Cryptojacking.PNGPrior to the rise of crypto-currency, malicious bad actors on the web seeking to monetize their malware had limited options. The challenge of anonymously collecting money after holding a computer system hostage was difficult. Providing your home address for a check to be mailed obviously wasn’t an option, and even foreign bank accounts can be tracked to the owners eventually. With the rise of crypto-currencies like bitcoin, everything changed. There is now an easy way to extort, store and use ill-gotten funds. Bitcoin was once the ransomware currency of choice, but it’s being displaced in the dark web marketplaces by Monero, Ethereum and others.

Still, as damaging as ransomware attacks are, the biggest change is now underway as attackers seek to silently commandeer the compute power of the machines under their control, enslaving them to become producers of coin unbeknownst to the system owners. Cryptojacking is a popular term for such practices.

This sea change is evident as new vulnerabilities and exploits seek to first and foremost get more machines producing currency and anonymously sending it to the malware authors’ wallet. Recently, Drupageddon 2.0 set corporate web teams scrambling to patch their content management systems before attackers could get in. Drupal estimated that over one million sites were vulnerable. Shortly after Drupal released the patch, tools were being weaponized. Unfortunately, many admins were too slow.

For example, the latest version of the Kitty malware family uses not only the infected Drupal server and website itself to mine cryptocurrency, but it also seeks to mine on the machines of anyone that visits the site through a JavaScript cutely named me0w.js. Who would want to kill a process named "meow"? Of course, your organization may never know you’re doing their bidding, as they no longer lock the screen demanding payment. In fact, they are incentivized now to suck only as much processing power as they can without raising alarms, thereby increasing their dwell time.

Now that this business model has been proven, we expect to see a rise in the malicious use of bots and malware variants to covertly start cryptojacking campaigns. With lower risk, and higher rewards, the revenue forecast of the dark side of the web has never looked better.

To find out what your organization can do to combat the latest cryptojacking and ransomware attacks, see our new whitepaper to get best practices for ransomware mitigation, detection, and response. Also take a look at our new web-based ArcSight Content Brain tool and identify SIEM packages that you can deploy within your SecOps environment at no cost, including packages for Threat Intelligence alerting to help you detect traffic to known malicious C2 ransomware sites.

0 Kudos
About the Author

Security_Guest