Cryptojacking: Hackers Mining Bitcoin on Your Dime!

InfoGoTo

When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Phishing attacks can also open the door to these exploits. Illicit cryptominers seize a computer’s or device’s processor to mine the cryptocurrency.

MY TAKE: Knowing these 5 concepts will protect you from illicit cryptocurrency mining

The Last Watchdog

The cryptocurrency craze rages on, and one unintended consequence is the dramatic rise of illicit cryptocurrency mining. So, quite naturally, malicious hackers are busying themselves inventing clever ways to leech computing power from unwitting victims — and directing these stolen computing cycles towards lining their pockets with freshly mined crypto cash. So naturally, cryptocurrency mining services have cropped up.

Mining 121

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly podcast: Browsealoud cryptojacking, Bee Token phishing and Olympic attacks

IT Governance

This week, we discuss the use of cryptocurrency mining software on numerous government websites, a phishing scam that robbed Bee Token investors of $1 million and cyber attacks on the Pyeongchang Winter Olympics.

Cryptocurrency Theft: Hackers Repurpose Old Tricks

Data Breach Today

Web Injects, Malware, Phishing and Fake Advertising Used in Attack Arsenal Criminals continue their quest for acquiring cryptocurrencies without having to buy and manage their own mining equipment.

Ransomware attacks drop as organizations raise defenses

Information Management Resources

Cybersecurity professionals reporting that cryptocurrency mining is on the rise. Ransomware Cyber security Phishing Malware

Help Me Stop HubAdverts Dot Com!

John Battelle's Searchblog

But at “hubadverts.com/on-data/” for example, you will see a recent post of mine, scraped in its entirety. It’s phishing and blackhat SEO all rolled into one! Of Note in Search Biz Random, But Interesting Site Related black hat phishing scam scraping SEO WordPress

Cybersecurity Awareness Month Blog Series: Alright boys, it’s time we have “The Talk”

Thales eSecurity

With a little more investigation, I found two browser extensions that were crypto mining, which fortunately uninstalled without a problem. My high schooler fessed up immediately that he installed the crypto mining extensions just to see what would happen (and to make some money).

List of data breaches and cyber attacks in August 2019 – 114.6 million records leaked

IT Governance

Australian education provider TAFE NSW hit by phishing scam (30). Air New Zealand warns Airpoints members after employee falls for phishing email (100,000). Florida’s NCH Healthcare System is investigating the damage of phishing scam (unknown).

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

Armed with a single link to a First American document, BEC scammers would have an endless supply of very convincing phishing templates to use. The Web site for Fortune 500 real estate title insurance giant First American Financial Corp.

“Stole $24 Million But Still Can’t Keep a Friend”

Krebs on Security

” David said Truglia initially explained his wealth by saying he’d made the money by mining cryptocurrencies , but that Truglia later would admit he stole the funds.

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. And be on the look out for email and text messages that appear to be a phishing ruse.

PayPal's Beautiful Demonstration of Extended Validation FUD

Troy Hunt

If someone stands up a PayPal phishing site, for example, EV is relying on people to say "ah, I was going to enter my PayPal credentials but I don't see EV therefore I won't". Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse.

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites. ” Avast researchers also observed crooks using DNS hijacking to deliver crypto mining scripts to users’ browsers.

The Long Run of Shade Ransomware

Security Affairs

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. However, the mining pool dashboard provides a clue of the current number of infected machines.

Flaws in Social Warfare plugin actively exploited in the wild

Security Affairs

Experts pointed out that attackers can exploit the vulnerabilities to take complete control over websites and servers and use them for malicious purposed, such as mining cryptocurrency or deliver malware.

Mining 107

VASCO rebrands as OneSpan, makes acquisition, to support emerging mobile banking services

The Last Watchdog

What we’re seeing is they’re going in and taking a bank’s good application and wrapping a crypto currency mining app around it. LW: It’s the actual banking app, wrapped up with a crypto mining functionality on it? But right now, crypto mining is where the money is. Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller.

Mining 139

Security Affairs newsletter Round 228

Security Affairs

5 Common Phishing Attacks and How to Avoid Them? Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs.

Weekly podcast: Reports galore and more cryptojacking

IT Governance

This week, we discuss new reports from Cisco, McAfee and the CSIS, and Big Brother Watch, and hear more about malicious Monero mining. I neglected to reveal the sum the criminals managed to mine in the few hours before they were detected.

List of data breaches and cyber attacks in February 2018

IT Governance

One Plugin, Over 4,200 Victims – When Thousands of Government Websites Were Hijacked to Mine Monero. A phishing attack scored credentials for more than 50,000 Snapchat users. Aperio Group client account data breached by successful phishing attack.

Attacks against machine learning — an overview

Elie

A very recent example of such behavior is the rise of abusing cloud services such as Google Cloud to mine cryptocurrencies in response to the surge of bitcoin price late 2017. Obviously, we couldn’t anticipate that abusive mining would become such a huge issue.

Mining 113

How To Protect Yourself From Hackers

Cyber Info Veritas

These Trojans have the ability to steal your web browser history and inputs even as they use your computing power to mine cryptocurrencies—this type of Trojans are very recent and run covertly in the background; the only thing you will note is your computer lagging.

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

To infiltrate critical infrastructure networks hackers will continue to use phishing as one of their main tools, but the focus of attacks might shift to vulnerable network equipment connecting the network to the Internet. Spear phishing remains the major vector of attack: approximately 56% of all money siphoned off from ICO were stolen using phishing. In 2018 Group-IB detected five successful “51% attacks”, when attackers take control over at least 51% of mining power.

State Attackers Moving from Stealing Data to Social Meddling

Ascent Innovations

The new cyber intelligence report expects the monetary benefits will allure the use of crypto-mining malware and cryptocurrencies by cyber attackers this year. Phishing. Email phishing remains the top malware delivery mechanism. State Attackers Moving from Stealing Data to Social Meddling. The cyber state attacker force is growing at an alarming rate. New bad actors.

Attacks against machine learning — an overview

Elie

A very recent example of such behavior is the rise of abusing cloud services such as Google Cloud to mine cryptocurrencies in response to the surge of bitcoin price late 2017. Obviously, we couldn’t anticipate that abusive mining would become such a huge issue.

The Decreasing Usefulness of Positive Visual Security Indicators (and the Importance of Negative Ones)

Troy Hunt

Last year, I wrote a long piece on certs and phishing which I'll come back to and talk about more a little later on. I saw another perfect example of this just the other day, this time by way of a Spotify phish: Ouch, can think of a lot of people who would fall for this.

Email Is the Biggest Threat to Business, So Why Is Everyone Using It?

Adam Levin

Email is the preferred tool hackers use to access their targets’ networks: 83% of organizations reported phishing attacks in 2018, up from 76% in 2017. Microsoft’s Outlook.com service suffered a major breach earlier this year.

Information Literacy and Records Management

Brandeis Records Manager

Also, as I’ve suggested , fact denial and fake news—land mines under the librarian’s definition of info literacy—should be serious concerns for the RIM and IG professional communities as well, given our core principles of integrity and transparency. George Despres, CRM.

Ukraine’s SBU: Russia carried out a cyberattack on Judiciary Systems

Security Affairs

Attackers launched a spear phishing attack using messages purporting to deliver accounting documents. BlackEnergy is considered the key element in the attack aimed at Ukrainian power grid in 2015 and 2016 , it was also involved in attacks against mining and railway systems in the country. Ukraine is accusing Russian intelligence services of carrying out cyberattacks against one of its government organizations.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

Those wearing electronic Jason masks have recently stalked other avenues of enterprise torture such as crypto-mining. The most common vectors or cracks through which evil hands come groping through your oaken enterprise doors are: Email phishing & malware links.

Too Much Holiday Cheer? Here’s Something to Fear: Cybersecurity Predictions for 2020

Adam Levin

As long as humans are well……human, phishing attacks will lead to ransomware infecting more and more networks, and businesses, municipalities and other organizations will continue to pay whatever they must in order to regain control of their data and systems. Related to the botnet craze, we will see an increase in computing power theft used to mine cryptocurrency.

Weekly podcast: ICO GDPR campaign, Gwent Police, Binance and MediaGet

IT Governance

The phishing attacks relied on a malicious site that masqueraded as binance.com but used Unicode homographs in its domain name – such as the character for the Cyrillic small letter ‘?’

GDPR 67

The Quest for Optimal Security

The Falcon's View

A few years ago I came up with an approach that looks like this: More recently, I learned of the OWASP Cyber Defense Matrix , which takes a similar approach to mine above, but mixing it with the NIST Cybersecurity Framework.

Measure Security Performance, Not Policy Compliance

The Falcon's View

Examples of security policies-become-KPIs might include metrics around vulnerability and patch management, code defect reduction and remediation, and possibly even phishing-related metrics that are rolled up to the department or enterprise level. A lot of the focus has been on using data lakes, mining, and analytics in lieu of traditional SIEM and log management, but I think there's also a potentially interesting confluence with security KPIs, too.

The Trouble with Politicians Sharing Passwords

Troy Hunt

I often hear an anecdote from a friend of mine in the industry where a manager he once knew demanded the same access rights as his subordinates because "I can tell them what to do anyway" That all unravelled in spectacular style when his teenage son jumped onto his machine one day and nuked a bunch of resources totally outside the scope of what the manager ever actually needed. Yesterday I had a bunch of people point me at a tweet from a politician in the UK named Nadine Dorries.