Cryptocurrency mining malware, Ransomware, and who is at risk

By: Chase Alexander

9/11/2018

It is no secret that hackers are trying to gain something when they carry out an attack on a target, usually money. However the way that they do this can vary. It does not always mean that they are stealing credit card information, or bank account logins. Another way to exploit hacked targets is through cryptocurrency mining malware. There is also malware that takes over a system until a ransom is paid. Today I would like to look at three things. Ransomware, cryptocurrency mining malware, and who is at the greatest risk for these kinds of attacks.

First I am going to examine ransomware. This is an interesting case, as it has been around for quite some time now. The attack method dates all the way back to 2016. You would think that they would have been stopped by now, and you would be somewhat correct. Gone are the days of spreading ransomware through spam emails and outbreaks, where the philosophy was to cast a net as wide as possible and see what we catch. Today ransomware exists as a targeted attack on an individual or specific group. The goal of doing ransomware attacks this way is to carry out one strong attack, which will yield more reward then many weaker attacks. So how do they work? You gain entry into a system via weak Remote desktop protocol passwords. Escalate your privileges up to administrator. Use your new privileges to overcome security software. Spread your ransomware to encrypt files on the system. Finally leave a message with the ultimatum,” If you want your files to be decrypted, contact via email or dark web website.” And then you wait. If they pay the ransom, then mission success for the hacker. If they do not pay the ransom then it is almost inconsequential to the hacker. They will just move onto the next target and try again.

The other form of attack that is of interest is a cryptocurrency mining malware. What this attack does is take over a machine and use it to mine cryptocurrency for a hacker. This attack is very different because it requires no interaction between the hacker and the hacked. Unlike the previous method, this one allows the hacker to try and remain undetected. For ransomware, the hacked has the choice to either give up their machine and data, or give into the hacker. This method though gives no choice to the hacked. If they don’t hear their computer fan operating louder, then they will have no idea that they have been hacked. In addition to these facts, cryptocurrency is effectively an unregulated currency. This means that once the hacker has it, they are in the clear. If a hacker were to steal bank account credentials, there are still difficulties with actually attaining the currency inside of those bank accounts. A problem with this method however is that the profits are not immediate, they take time to incur. If ransomware is successful, then profits are made instantly.

So who is at risk for these attacks? Ransomware attacks are targeted attacks. They go after one group or individual. That group or individual will have to give up money in order to secure themselves. It is as simple as this; if you do not have money or credit, you are at a very low risk of this attack. The goal of ransomware is to get ransom. A hacker will go after someone who they know will be able to pay ransom. They are not going to go after the poor because they have very little to offer. A cryptomining attack however can happen to anybody. You don’t need any money or credit, if you have a computer it can be used for mining cryptocurrency. In terms of large targets we can look at Vietnam. Last year malware cost Vietnam 12.3 trillion VND or the equivalent of 540 million USD.

 

Sources:

  1. https://e.vnexpress.net/news/news/vietnam-vulnerable-as-new-cyber-security-threat-emerges-3804240.html
  2. https://nakedsecurity.sophos.com/2018/09/11/the-rise-of-targeted-ransomware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
  3. https://www.zdnet.com/article/cryptocurrency-mining-malware-why-it-is-such-a-menace-and-where-its-going-next/

Breach in Equifax

Equifax is one of three credit report agency who keeps financial data on many individuals throughout the United States. Between May and July of last year, hackers stole nearly half the U.S populations’ Social Security numbers, birthdays, driver’s licence numbers, and addresses from Equifax. The Wall Street Journal, now reports that stolen data also included tax identification numbers and driver’s license states and issuance dates, as well as some email addresses. The severity of the damage is enormous considering that hackers can use this information to open bank accounts, lines of credit, a home in their name, take car loans, and even take your tax refund without the victim’s knowledge. Furthermore, it makes it easier from them to impersonate you due to the fact that most of the information leaked is nearly impossible to change for all 145 million people.

Equifax was notified by Homeland security before the breach, alerting them that there was a critical vulnerability in their web application software, named Apache Struts, that was used to breach the system. However the person who received this information “forgot” to let the company that the software needed to be patched and updated. It is quite interesting that they still don’t know who hacked Equifax and, even more interesting that barely anyone is even asking the question anymore.

Till today Equifax is still investigating the breach with government officials. However, Sen. Elizabeth Warren released a report this week on the breach, calling on Congress to crack down on credit reporting agencies. “[The breach] showed how a lack of oversight and accountability from credit reporting companies played a key role in the largest credit consumer data breach in history,” Warner said in a statement to The Hill. Despite the damage caused by the cyber-security attack, not much has changed in Congress towards breaking down on credit agencies or improving data security systems.

Sources:

https://www.msn.com/en-us/news/technology/the-equifax-hack-exposed-more-data-than-previously-reported/ar-BBIZAbV?OCID=ansmsnnews11

http://thehill.com/policy/technology/373198-dem-call-for-more-action-on-equifax-hack

https://www.vox.com/policy-and-politics/2018/2/7/16984522/elizabeth-warren-equifax-data-breach-cfpb

-Noor Mohammad

The Obama Administration and Cyber Security

Up until I entered the classroom for Cyber Self Defense I was never very aware of cyber security and its importance on a scale any larger than that of the average user at his or her home computer. In a blog called Cyber Security News I found out just how important it is in today’s world, as i read about the Obama Administration putting forward the Cybersecurity Legislative Proposal and then the US National Strategy for Cyberspace.

The proposal calls for several IT advancements with the express purposes of protecting “the nation’s critical infrastructure, Federal Government computers and networks, as well as the American people.”  An example of one of these advancements is the Department of Homeland Security putting in place new cybersecurity programs as well as hiring more IT security professionals in order to better understand any of the issues at hand. The US National Strategy for Cyberspace is meant to work on an even larger scale where they intend to work with “like-minded states” to create a standard for securities needed to protect the country while at the same time promoting freedom on the Internet.

I think it might be safe to say, there are wars being waged out there in cyberspace and of course protection is necessary, so these policies are needed as well. Cyber security is of great importance in the present day and now, I am aware.

blog article: http://cybersecuritynews.org/2011/05/17/obama-administration-pushes-for-more-national-international-cyber-oversight/