37pc of Organizations Impacted by Cryptomining over Past Year

Check Point Software Technologies Ltd has published the first instalment of its 2019 Security Report.  The report highlights the main tactics cyber-criminals are using to attack organizations worldwide across all industries, and gives cyber security professionals and C-Level executives the information they need to protect their organizations from today’s fifth-generation cyber-attacks and threats.

The first instalment of the 2019 Security Report reveals the key malware trends and techniques observed by Check Point researchers during the past year. Highlights include:

* Cryptominers dominated the malware landscape:  Cryptominers occupied the top four most prevalent malware types and impacted 37 percent of organizations globally in 2018. Despite a fall in the value of all cryptocurrencies, 20 percent of companies continue to be hit by cryptomining attacks every week.  Cryptominers have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.

* Mobiles are a moving target:  33 percent of organizations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS. 2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise.

* Multi-purpose botnets launch range of attacks:  Bots were the third most common malware type, with 18 percent of organizations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 percent) of organizations experiencing a DDoS attack in 2018.

* Ransomware attacks in decline: 2018 saw ransomware usage fall sharply, impacting just 4 percent of organizations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organizations over the past year. Threat actors have a wide range of options available to target and extract revenues from organizations in any sector, and the first instalment of the 2019 Security Report highlights the increasingly stealthy approaches they are currently using,” said Peter Alexander, chief marketing officer of Check Point Software Technologies.  

“These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organizations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.  The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks.”

via bwcio

Read more »

Android security: Cryptocurrency mining-malware hidden in VPNs, games, and streaming apps, dowloaded 100,000 times

Cybercriminals keen to exploit the cryptocurrency boom are increasingly attempting to infect mobile devices with cryptocurrency-mining malware -- and they're even using the official Android app store to do so.

Researchers at Kaspersky Lab have uncovered multiple malicious cryptocurrency-mining applications being distributed via the Google Play store, with the miners posing as games, sports streaming apps, and VPNs. Some of these have been downloaded more than 100,000 times.

While the applications appear to provide legitimate functions, their real purpose is to secretly use the CPU power of the device to mine the cryptocurrency Monero.

Illicit cryptocurrency-mining has grown in popularity this year and, while mobile devices have far less power than a PC for illicit mining, there are billions of smartphones around the world and they're an easy target for attackers. That's especially the case given how easily users can install apps.

"Cybercriminals are banking on compensating for smartphones' poor performance and mobile miners' easy detection through the sheer number of handheld devices out there and their high infectibility," said Roman Unuchek, security researcher at Kaspersky Lab.

Download now: Comparison chart: VPN service providers

Researchers found the most common mining apps to be connected with soccer, with a Portuguese-language match-streaming app being one of the most commonly downloaded. The app fulfils its advertised function of allowing users to watch broadcast football matches, while also discreetly mining in the background.

A common tactic applied by the attackers is to hide a Coinhive JavaScript miner within the malicious apps. When the users launch a broadcast, the app opens an HTML file with an embedded JavaScript miner, which converts the streamer's CPU power into a tool for mining Monero.

Researchers say the soccer-streaming miner was distributed via Google Play and downloaded by over 100,000 thousand users, mostly based in Brazil.

Another popular means of distributing miners via seemingly legitimate apps is to embed it within applications used to provide VPN connections.

See also: What is malware? Everything you need to know about viruses, trojans and malicious software

Researchers found that a cryptocurrency mining app called Vilny.net has been downloaded over 50,000 times, mostly in Ukraine and Russia.

Those behind Vilny have tailored the app to monitor the battery charge and temperature of the device, allowing the attackers to control the CPU usage to avoid the high temperature associated with extensive battery use -- in order to ensure the user doesn't notice any suspicious activity and connect it with the app.

Other apps weren't as advanced, simply posing as games and other popular programs while secretly mining cryptocurrency. Some also duped the users twice, by also showing the users ads which don't go away until they're clicked -- providing the attackers with another source of revenue.

The majority of these simple cryptocurrency miners were distributed via third-party sites, although one called Zombie Fun was found in the Play Store.

It all points to how the threat actors behind malicious mining apps are upping their game in order to deceive people into acquiring cryptocurrency for them.

"Authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective cryptocurrency mining," said Unuchek.

"They are now using legitimate thematic applications with mining capacities to feed their greed. As such, they are able to capitalise on each user twice -- firstly via an ad display, and secondly via discreet cryptomining."

See also: How to build a successful career in cybersecurity (free PDF)

Kaspersky Lab informed Google of the malicious apps, which have now been removed from the Play Store. ZDNet has attempted to contact Google for comment, but hasn't received a response at the time of publication.

In order to ensure their smartphone doesn't become infected with a cryptocurrency miner, users should only install trusted apps and keep their device up to date in order to reduce the risk of an attack.

Nonetheless, the sheer number of mobile devices available for criminals to potentially target means they'll remain a popular outlet for cryptocurrency mining for the time being.

Indeed, miners have recently become as lucrative for criminals as ransomware is -- but with the added bonus of being much subtler and potentially providing attackers with income for a long period of time.

RECENT AND RELATED COVERAGE

Google to crack down on cryptojacking on Chrome 
After seeing a rise in cryptojacking extensions, Google will delist all cryptocurrency mining extensions on Chrome Web Store.

Windows 10 warning: Beware staff planting cryptominers on work systems, says Microsoft 
Microsoft now sees over 600,000 PCs exposed to coin-mining malware each month.

Cybercriminals spotted hiding cryptocurrency mining malware in forked projects on GitHub 
Those behind the campaign are tailoring the Monero cryptojacking malware to use a limited amount of CPU power in order to evade infections being detected.

via zdnet

Read more »

Cryptocurrency miner hits 60 million Android users

This cryptocurrency mining is reportedly one of the biggest operations, which is only attacking mobile users.

A malware that allows mining of cryptocurrencies using Android phones has been discovered and the number of phones affected can be as high as 60 million. This number has been quoted from the visits to the malicious domains for mining of cryptocurrencies. There are 5 such websites overall and it is reported that around 800,000 visits are recorded in these sites every day in total. The blog reporting these details claims that this has been going on for over 3 months now.

There are possibly only two explanations for such a large-scale hacking of mobile phones; one is the increasing access of the internet via the handheld devices as opposed to the traditional systems; and the other is that most mobile users may not care to install any anti-malware programs, which can block or warn of such malware, in their devices. The hackers take full advantage of these factors. Another observation in the blog is that the vehicles used by the hackers are the free apps on the Android Play Store. Incidentally, Google has acknowledged the issue and has reported that the offending apps have since been removed.

It has been revealed that these domain issue a common CAPTCHA code for verifying the visitors and the mining operation has been spreading and expanding over the past months ever since it started. Cryptocurrencies are seen as a new avenue to make money as far as the cyber criminals are concerned.

“The threat landscape has changed dramatically over the past few months, with many actors jumping on the cryptocurrency bandwagon. Malware-based miners, as well as their web-based counterparts, are booming and offering online criminals new revenue sources,” the researchers said in the blog.

The best way the mobile users can protect themselves from being exploited in any manner is to download and install the best anti-malware they can find.

via thenewsminute

Read more »

Millions of Android devices forced to mine Monero for crooks

No device is safe from criminals looking to make it stealthily mine cryptocurrency for them. However weak its processing power is, it still costs them nothing.

With that in mind, forced crypto mining attacks have also begun hitting mobile phones and tablets en masse, either via Trojanized apps or redirects and pop-unders.

An example of the latter approach has been recently documented by Malwarebytes’ researchers.

The attack

“In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices are targeted) have been redirected to a specifically designed page performing in-browser crypto mining,” the researchers shared.

The number might be even higher than that, as they believe that some of the browser-hijacking domains remain undetected for now.

The attack goes like this: users are redirected via malvertising chains to malicious websites. In this particular campaign, Internet Explorer and Chrome users were directed to sites serving tech support scams, but Android users were delivered to a crypto mining page:

Interestingly enough, the page says that the browser will mine cryptocurrency until the user proves that he or she is human by solving a CAPTCHA. But the warning and the test are bogus – they are just a way to make the forced mining acquire a whiff of legitimacy.

How widespread and effective is this scheme?

The researchers identified several identical domains all using the same CAPTCHA code but using different Coinhive site keys in the mining script.

Two of these domains have received over 66 millions of visitors since November 2017, and they estimate that the traffic combined from the five domains they identified so far equals to about 800,000 visits per day, with an average time of four minutes spent on the mining page.

How much Monero could this operation yield, you wonder? It’s difficult to say, exactly.

“Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month. However, as cryptocurrencies continue to gain value, this amount could easily be multiplied a few times over,” the researchers noted.

They also pointed out that, while these devices are less powerful than desktop computers, there is also a much greater number of them out there. Add to this the fact that many users don’t bother installing security apps on their smartphones and tablets, and you have a recipe for low-effort, long-term and widespread stealthy crypto-mining.

Advice for users

“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this crypto mining page. It’s possible that this particular campaign is going after low-quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner,” the researchers said.

If you’re an Android user and you’ve started seeing these bogus pages on the regular, chances are one of the apps you recently downloaded is the culprit. Uninstalling it should fix the problem unless it has some kind of persistence mechanism.

In general, it is a good idea to install a reputed security solution on your device to check for malicious code and behavior each and every app you download and install.

Read more »