I blogged a few days ago about a method to embed a crypto-mining script in a Word doc. Turns out an ad network has done an even better job!
Arstechnica wrote: "Domain-name algorithms are a software-derived means for creating a nearly unlimited number of unique domain names on a regular basis. DGAs, as they're usually called, came to light in 2008 following the release of the highly viral Conficker worm.
Decatur County General Hospital is notifying 24,000 patients of cryptomining software on its EMR system.
In what may be the first report I’ve seen of a hospital having their EMR server hit with cryptomining malware, Decatur County General Hospital in Parsons, Tennessee started notifying 24,000 patients on January 26.
Cisco's Talos Threat Intelligence team has a good observation.
Cybercriminals can just steal CPU/GPU cycles and directly generate any cryptocurrency without infecting the system with ransomware.
It's called cryptomining and is exploding on the scene. More stealthy than ransomware, this malware infects the workstation or server and significantly slows performance down, damaging productivity in a hidden way.
The mining software in itself is not "malicious", but if it is used to steal your organization's resources I vote for calling it malware anyway. Cryptominers have several infection vectors:
It's suddenly all over the news. In hindsight, it was a matter of "not if, but when".
Sophos just warned against a new hybrid worm that combines the ETERNALBLUE exploit and cryptomining.
ETERNALBLUE is the infamous escaped NSA code that was used in the WannaCry worm, so the combination of this method of breaking in, followed by a cryptomining payload, has been dubbed WannaMine.
