blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

Ad Network Uses Advanced Malware Technique To Conceal Cryptojacking Ads

Ad Network Uses Advanced Malware Technique To Conceal Cryptojacking Ads

I blogged a few days ago about a method to embed a crypto-mining script in a Word doc. Turns out an ad network has done an even better job!

Arstechnica wrote: "Domain-name algorithms are a software-derived means for creating a nearly unlimited number of unique domain names on a regular basis. DGAs, as they're usually called, came to light in 2008 following the release of the highly viral Conficker worm.

Tennessee Hospital Hit With Cryptojacking Attack Sends Out Databreach Notification

Tennessee Hospital Hit With Cryptojacking Attack Sends Out Databreach Notification

Decatur County General Hospital is notifying 24,000 patients of cryptomining software on its EMR system.

In what may be the first report I’ve seen of a hospital having their EMR server hit with cryptomining malware, Decatur County General Hospital in Parsons, Tennessee started notifying 24,000 patients on January 26.  

Cisco:

Cisco: "Cybercrime Swaps Ransomware For Cryptomining, Generating Millions"

Cisco's Talos Threat Intelligence team has a good observation.

Cybercriminals can just steal CPU/GPU cycles and directly generate any cryptocurrency without infecting the system with ransomware.

It's called cryptomining and is exploding on the scene. More stealthy than ransomware, this malware infects the workstation or server and significantly slows performance down, damaging productivity in a hidden way.

The mining software in itself is not "malicious", but if it is used to steal your organization's resources I vote for calling it malware anyway. Cryptominers have several infection vectors:

What are “WannaMine” attacks, and how do I avoid them?

What are “WannaMine” attacks, and how do I avoid them?

It's suddenly all over the news. In hindsight, it was a matter of "not if, but when". 

Sophos just warned against a new hybrid worm that combines the ETERNALBLUE exploit and cryptomining.

ETERNALBLUE is the infamous escaped NSA code that was used in the WannaCry worm, so the combination of this method of breaking in, followed by a cryptomining payload, has been dubbed WannaMine.

Subscribe To Our Blog

Phish Your Users

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews