A growing threat to the safety, security and value of cryptocurrencies has emerged—in-browser cryptojacking that hackers use to target the newer less-well known currencies such as Monero, Coinhive and Zcash—low-profile cryptocurrencies, that ironically are the currencies-of-choice among threat actors. A recent cryptojacking campaign infected over half-a-million victims in just three days.
According to Jeremy Samide, CEO of Stealthcare, an international cybersecurity and threat assessment firm based in the US and Canada, “In-browser cryptojacking works off JavaScripts, which are installed on the most popular websites and readily available to anyone with criminal intent. With JavaScript the hacker uses the victim’s own browser to mine, or rather ‘cryptomine,’ for transactions, secretly diverting small amounts of currency at a time to his own account where it can be turned into cash.”
Stealthcare is changing cybersecurity from defense to a more aggressive posture that relies on early warning, threat assessment, AI and human intelligence. Early on, Stealthcare’s proprietary platform Zero Day Live, detected a significant upward trend in cryptomining and cryptojacking, warned its clients of the threat and provided countermeasures.
“This is criminal behavior plain and simple. Wrongdoers directly attack the weakest link—the consumers who rely on cryptocurrency exchanges and their digital wallets for their transactions. They lure their victims in through elaborate phishing campaigns, drive-by downloads, and other subterfuges,” says Samide, adding, “The explosion of initial coin offerings (ICO) and cryptocurrency exchanges proliferating without adequate security, gave hackers the opening they needed to attack wallets and apps, siphoning off cryptocurrency from these exchanges.”
Newer cryptocurrencies are more likely targets
Bitcoin and Ethereum were targets when they first emerged. But as they become more mainstream, they are also being scrutinized by sovereign governments looking to apply transparency requirements on their transactions. “These legacy cryptocurrencies now appear to be less attractive as hackers target emerging and more privately-focused currencies such as Coinhive along with Monero and Zcash,” according to Samide.
In addition to the in-browser JavaScript threat, cyber criminals are still transforming older malware to include cryptomining and cryptojacking capabilities. In doing so they are creating polymorphic strains of new attacks. Explains Samide, “Some of these cryptojacking campaigns are still using older EternalBlue exploits, which were stolen by Shadow Brokers and used to create the ransomwareWannaCry that wreaked havoc on the National Health Services hospitals in England and Scotland as well as Nissan Motor Manufacturing UK, FedEx, Spain’s Telefonica and the Deutsche Bahn.”
Cryptomining malware threats today are becoming three dimensional, having the ability to circumvent antivirus applications by dropping in and launching malicious payloads that can shut down antivirus processes to evade further detection. As their malware proliferates through various attack vectors, their illicit mining capabilities continue to grow exponentially, stealing hundreds and thousands of dollars over time.
How to fight back
Samide insists, “Playing defense is no longer adequate. When we developed Zero Day Live, it became the world’s first complete cyber threat intelligence aggregation platform to spot emerging trends, uncover actionable information, and report on high-value intelligence that allows companies to respond quickly to impending threats.” Stealthcare researchers and technical staff also provide ongoing assistance that includes human threat assessment and, if need be, disaster recovery and new tactics to thwart future attacks.
The Gartner Research Report for Security Leaders, recognized Stealthcare’s Threat Intelligence platform, and stated that many vendors can provide access to information; fewer provide truly anticipatory content based on customized intelligence.
“Looking to the future,” Samide says, “Initial Coin Offerings (ICOs) will continue to pop up. But to maintain their legitimacy, cryptocurrencies will have to conform to government regulations, which will transform many of them into more widely accepted digital currencies to be used routinely in everyday commerce.”
In addition to cryptocurrency warnings and defenses, as well as alerting its clients of the Atlanta ransomware attack, Stealthcare predicted the evolution and growing sophistication of malware or Evoware, which became a reality in 2016 and includes new self-propagating ransomware mutations. For details visit: Stealthcare News.
Recent Comments