Hello~ I'm PR, the security defender.
I've got an interesting article on the security news.
The article is as follows.
'Caution of large-scale virtual currency mining using NSA's hacking tools'
The content is called "Beapy," an attack that focuses on "cribtojacking" aimed at virtual currencies targeting Chinese companies.
Attackers try to infiltrate first through e-mail, plant virtual currency mining malware, and expand within the network.
What is Cryptojacking?
It is a compound word made by following Crypto from Crypto and Hijacking from Cryptocurgency and secretly mining virtual currency from other people's computers through malicious code.
According to KISA's 'Harm Code Hidden Site Detection Report', the ratio of malware for virtual currency deodorization and mining out of the total malicious code type ratio is increasing rapidly to 2% in the first half of 2017, 9% in the second half of 2017, and 14% in the first half of 2018.
Decrease in the number of virtual currency prices. What's the significance of the recent reappearance? The characteristics of the attack? What symptoms do you get when you get infected? What are the precautions? Let's find out together.
[ Features of this attack]
▶ Attacks first start with malicious Excel files
▶When someone in the company opens this attachment, a backdoor called DoublePulsar downloads it.
▶ Attempts to spread throughout the network
▶ Download and install the virtual currency mining code
▶ Faster mining (the principle of running the CPU directly) That may cause the infection system to stop completely
▶ Also, there are types of malicious codes that prevent users from being aware of by mining for a long time.
What's a double pulsar?
One of the exploits included in a file dump that a hacker group called Shadow Brokers leaked as "NSA's hacking tool," appeared in the 2017 WannaCry ransomware crisis.
[Infectious Symptoms]
The performance and speed of hardware resources can be reduced or corrupted, power usage can increase, and PC or server may experience difficulty in providing seamless service due to over-resource.
A typical cryptojacking malware is 32Kilances.exe. This malware mines virtual currency that can be mined by CPU. When infected, the CPU share rises to 99% as a process called systemgo.exe for mining virtual currency is launched, sending the mined virtual currency over the network to the attacker.
[domestic case]
As I looked for the data, there was news that was arrested in the same case in Korea.
6000 Zombie PCs for forced coin mining, per day caught spraying malware.
▶ It is the first time that a Cryptojacking crime has been detected that uses PCs as a tool for mining virtual currency.
▶ E-mailing corporate human resources managers on job search/job sites
▶ 'Send resume' Infection of PC and mining virtual currency
In fact, Monet earned only 2.23 coins (about 1 million won) from infecting 6,000 units with malicious codes.
Police investigated PCs with infected malicious codes and specified domestic IPs, and arrested Kim and others after about a year of tracking.
[Preparation]
Cryptojacking malware is also a type of malicious code, so most of them can be prevented by following the information protection rules to prevent malicious code such as installing a vaccine program, without visiting suspicious sites.
In addition, access to sites that mine virtual currency should be prohibited, but the problem is that it is not easy to identify in advance. Recently, Chrome browsers have a number of plug-ins that block the virtual currency miner, and another one, Opera beta-version browser, has a mining prohibition feature, which can help you to some extent.
Companies need prevention through malicious mail blocking solutions + web filtering or harmful site blocking solutions.
[General Review]
Cryptojacking is not a leak of personal information or industry secrets like an APT attack, but it undermines the CPU, power, and network availability of your system and damages your valuable hardware assets.
And in the form of spreading across the entire network, attackers are likely to transform the type of attack into an attack that steals data at any time.
It can be a zombie PC that generates DDoS through external C&C serverization communication, or a distribution site where malicious code is distributed, and in the case of a company, internal employees can use company assets to run mining programs to not only lose hardware, but also expose additional risks in the process.
If the price of the virtual currency goes up again... The number of attack emails targeting your PC will increase even more and more.
'Solutions(솔루션)' 카테고리의 다른 글
| Information Security Specialist's Annual Salary Disclosure!!! (0) | 2020.05.29 |
|---|---|
| How should a security officer at a small business set up a security plan? (0) | 2020.05.29 |
| What does a security expert do? (0) | 2020.05.29 |
| Do I have to use a security switch? What would be good to have? (0) | 2020.05.29 |
| (Section 2) What is the best way to respond to an Anti-DDoS attack? (0) | 2020.05.28 |
댓글