With more than three million hits globally in the first five months of this year, cryptojacking, a form of cyber-attack in which hackers hijack the infected system’s processing power to mine cryptocurrency, is fast emerging as an alternative to ransomware, according to IT security firm Quick Heal.
The number of mobile cryptojacking malware variants has also grown from eight in 2017 to 25 by May 2018, marking a three-fold increase, Quick Heal said in a statement on Monday.
“Cryptojacking is emerging as a more cost-effective and efficient alternative to ransomware. With a ransomware attack, there is no guarantee that hackers will be paid a ransom,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies.
“Cryptojacking, on the other hand, is empowering hackers to make use of infected endpoints for swifter and more assured financial gains,” Katkar said.
As more cybercriminals leverage cryptojacking as a lucrative channel of generating illicit revenues, Quick Heal Security Labs researchers expect these numbers to grow even further.
As opposed to ransomware, cryptojacking attacks remain almost undetected, enabling attackers to use the compromised systems to mine cryptocurrencies for as long as they want.
They are also easier to deploy than ransomware attacks. All a hacker needs to do is to drop a cryptomining code on your system without your knowledge through an infected link or file.
In such instances, attackers do not even need to install a code; just opening the infected link is enough to turn your system into a cryptomining machine and generate instant returns on investment for the hacker, Quick Heal said.
System owners to deploy a robust security solution as a means of combating cryptojacking attacks, it added. (IANS)
Report unveils platform data and trends from targeted intrusion activity and attack techniques from both nation-state adversaries and cyber criminals
BANGALORE, India. – March 5, 2020 – CrowdStrike® Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint protection, today announced the release of the 2020 CrowdStrike Global Threat Report. Findings from the report indicate that during 2019, financially motivated cybercrime activity occurred on a nearly continuous basis. CrowdStrike observed an increase in incidents of ransomware, maturation of the tactics used, and increasing ransom demands from eCrime actors. Increasingly these actors have begun conducting data exfiltration, enabling the weaponization of sensitive data through threats of leaking embarrassing or proprietary information.
Moving beyond eCrime, nation-state adversaries continued unabated throughout 2019, targeting a wide range of industries. Another key trend in this year’s report is the telecommunications industry being targeted with increased frequency by threat actors, such as China and DPRK. CrowdStrike Intelligence assesses that various nations, particularly China, have interest in targeting this sector to steal intellectual property and competitive intelligence.
Combatting threats from sophisticated nation-state and eCrime adversaries requires a mature process that can prevent, detect and respond to threats with speed and agility. CrowdStrike recommends organizations to pursue the “1-10-60 rule” in order to effectively thwart cyberthreats. 1-10-60 guidelines are the following: detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes. Organizations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, ultimately minimizing organizational impact.
“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands. As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said Adam Meyers, vice president of Intelligence at CrowdStrike.
Other notable highlights from the 2020 Global Threat Report include:
The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks. In 2019, 51% of attacks used malware-free techniques compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.
China continues to focus many operations on supply chain compromises, demonstrating the nation-state’s continued use of this tactic to identify and infect multiple victims. Other targeting of key U.S. industries deemed vital to China’s strategic interests — including clean energy, healthcare, biotechnology, and pharmaceuticals — is also likely to continue.
The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.
In addition to supporting currency generation, DPRK’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. In addition, CrowdStrike Intelligence suspects that DPRK has also been developing its own cryptocurrency to further circumvent sanctions.
“This year’s report indicates a massive increase in eCrime behavior can easily disrupt business operations, with criminals employing tactics to leave organizations inoperable for large periods of time. It’s imperative that modern organizations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks,” said Jennifer Ayers, vice president of OverWatch at CrowdStrike. “CrowdStrike’s comprehensive technology, coupled with our visibility into actor motivations and proactive hunting, protects our customers with the critical components needed to stop modern attacks.”
The Global Threat Report analyzes comprehensive threat data from CrowdStrike Falcon® Intelligence, CrowdStrike Falcon OverWatch™, the company’s industry-leading managed hunting team, the CrowdStrike Threat Graph®, a massively scalable, cloud-based graph database technology processingover 3 trillion events per week across 176 countries and CrowdStrike Services, providing readers with deep insights on modern adversaries and their tactics, techniques and procedures (TTPs).
For additional information, read a blog on report findings from George Kurtz, CrowdStrike’s co-founder and chief executive officer.
CrowdStrike® Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over 3 trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.
With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.
There’s only one thing to remember about CrowdStrike: We stop breaches.
Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.
Mike Sentonas is the Global CTO of CrowdStrike. Reporting to the Co-Founder, Mike’s focus is on driving CrowdStrike’s technology strategy. With over 20 years’ experience in cybersecurity, Mike’s most recent roles prior to joining CrowdStrike were Chief Technology Officer – Security Connected and Chief Technology and Strategy Officer APAC, both at McAfee (formerly Intel Security). Mike is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats. He is highly-sought after to provide insights into security issues and solutions by the media including television, technology trade publications and technology centric websites.
Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor’s degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.
Researchers at cybersecurity firm Kaspersky have uncovered new encryption ransomware named Sodin which exploits a recently discovered Windows vulnerability to get elevated privileges in an infected system. The ransomware takes advantage of the architecture of the central processing unit (CPU) to avoid detection – functionality that is not often seen in ransomware.
“Ransomware is a very popular type of malware, yet it’s not often that we see such an elaborate and sophisticated version: using the CPU architecture to fly under the radar is not a common practice for encryptors,” said Fedor Sinitsyn, a security researcher at Kaspersky.
“We expect a rise in the number of attacks involving the Sodin encryptor, since the amount of resources that are required to build such malware is significant. Those who invested in the malware’s development definitely expect if to pay off handsomely,” Sinitsyn added.
The researchers found that most targets of Sodin ransomware were found in the Asian region: 17.6 per cent of attacks have been detected in Taiwan, 9.8 per cent in Hong Kong and 8.8 per cent in the Republic of Korea.
However, attacks have also been observed in Europe, North America and Latin America, Kaspersky said, adding that the note left on infected PCs demands $2500 worth of Bitcoin from each victim. The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group. The vulnerability was patched on October 10, 2018, Kaspersky said.
To avoid falling victim to Sodin threats, make sure that the software used in your company is regularly updated to the most recent versions, said Kaspersky researchers. Security products with vulnerability assessment and patch management capabilities may help to automate these processes, they added. (IANS)
Pune-based Quick Heal Technologies has become the first Indian company granted a patent for its ground-breaking anti-ransomware technology by the US Patent and Trademark Office (USPTO).
Designed and developed by Quick Heal’s state-of-the-art R&D and innovation centre in Pune, the Artificial Intelligence (AI) and Machine Learning (ML)-powered technology detects and blocks known and unknown ransomware on a real-time basis, the company said in a statement on Friday.
“The cutting-edge anti-ransomware technology is capable of providing advanced protection against the rising threat of ransomware to consumers’ digital devices and enterprise endpoints,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies.
Ransomware attacks accounted for 23 per cent of over 973 million malware attacks on end-user devices across the country in 2018.
Ransomware threats far surpass the preventive capacities of traditional security solutions and human-only teams.
The anti-ransomware technology uses signature-less behavioural detection to proactively block new and unknown ransomware attacks in real-time, said the company.
Its unique and advanced algorithms conduct focused activity-based detection, while also empowering users to recover their critical data in case of a breach.
Seqrite, the enterprise arm of Quick Heal Technologies, has also launched a proprietary, AI-led threat hunting engine called “GoDeep.AI” to proactively hunt down existing and emerging threats.
“The US patent grant underscores our advanced cybersecurity capabilities and motivates us to develop more innovative solutions that can deliver the most effective and robust digital security to all of our customers,” said Katkar.
Incorporated in 1995, Quick Heal has a network of over 25,000 channel partners. (IANS)