Story image

Cryptomining malware a genuine threat to organizations, NTT Security says

12 Mar 2018

NTT’s Global Threat Intelligence Center suspects that cryptocurrency mining malware may set its sights on organisations as the demand for cryptocurrency swells to unprecedented heights.

Cryptocurrency investment is not a new phenomenon but it has peaked significantly since late 2017, NTT says. As cryptocurrency values fluctuate wildly, this has led to the development of cryptocurrency mining (cryptomining) malware designed to generate revenue for cyber threat actors.

NTT Security has visibility into 40% of global internet traffic and a variety of threat intelligence sources. It found that criminals are using phishing emails to target a system. An infected system is then used to mine XMR cryptocurrency using the victim’s resources.

According to an NTT Security white paper, the average Windows PC can run 50 or more processes at any one time, which puts strain on CPU use. However if shutting down some of those resources still results in high CPU usage, the problem count be related to cryptomining.

Cryptomining can increase electricity usage, slow down device performance, and may affect brand reputation.

There are more than 12,000 Monero mining malware samples, with the earliest dating back to 2015. However, 66% of those samples were submitted between November and December 2017.

NTT Security threat research analyst Terrance DeJesus says that as digital currencies are adopted as part of moneymaking ventures, cybercriminals are overcoming barriers and taking profits for themselves.

“Monero mining malware is installed on the victim’s computer or smartphone without their knowledge and, once installed, it uses the victim’s computing resources and electricity supply to mine cryptocurrencies. And the rewards go directly to the hacker, not the owner of the computer. Device owners might not suspect a thing,” DeJesus says.

While phishing emails are the most common ways or infecting systems, the discovery of coin miners in a network could suggest that there are other threats lurking. These threats could include backdoors and unpatched vulnerabilities.

“Organizations mustn’t ignore the threat of mining malware. The impact of an attack can go well beyond performance issues. Mining costs organizations money, impacts the environment and causes reputational damage. It could also be indicative of more problems in the network,” DeJesus explains.

“The use of coin miners will, without a doubt, grow and become more advanced in time, possibly being built into other malware types such as banking Trojans, as well as ransomware. There are serious business implications to ignoring this current threat. We are encouraging all organizations to be more vigilant of cybersecurity threats to their business. There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked.”

NTT Security suggests that organisations mitigate cryptomining malware risks by:

  • Conducting regular risk assessments to identify vulnerabilities in the organization.
  • Adopting a defense-in-depth approach to cybersecurity — i.e., have multiple layers of security in place to reduce exposure to threats.
  • Regularly updating systems and devices with the latest patches, and deploy intrusion, detection and prevention systems to stop attacks.
  • Educating employees on how to handle phishing attacks, suspicious email links, and unsolicited emails and file attachments.
  • Proactively monitoring network traffic to identify malware infection, and pay close attention to the security of mobile devices.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.