GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Usually just a minor annoyance, the Flash Player update can now result in a major ordeal

cryptojacking

By Richard Arneson

It’s one (1) of the most common speed bumps on the Internet highway—the Adobe Flash Player update message. It’s unexpected and never welcome—a little like a tornado, but not quite that bad. It may not trump some of the other digital speed bumps, like the Windows update you have to sit through after you’ve hit “Shut Down” on your computer (you know, the one that usually occurs at 5:30 on Friday afternoon), but it still serves as one (1) of computing’s many figurative mosquitoes. But while the Flash update has only proven to be a minor annoyance, you can now place it in another category―crippling.
Palo Alto Networks, the Santa Clara, CA-based cybersecurity firm, discovered earlier this month that a fake Flash updater has been loading malware on networks since early August. Here’s the interesting part—it actually installs a legitimate Flash update. But before you think cyber attackers have going soft, they’re downloading Flash for distraction purposes only. And while the update is taking place, another upload is occurring—the installation of a bot named XMRig, which mines a cryptocurrency named Monero. Once the install(s) are complete, the user, unbeknownst to them, begins mining Monero. And there you have it—cryptojacking.

Cryptojacking with XMRig

Once the phony Flash update is launched, the user is directed to a fake URL that, of course, isn’t connected to an Adobe server. After the Flash update is installed, XMRig accesses a Monero mining pool—and the fun begins. XMRig begins mining Monero from infected, networked computers as unknowing users merrily work along, completing their day-to-day tasks. Keep in mind that Monero is a legitimate form of cryptocurrency. Like Bitcoin for ransomware, Monero is the cryptocurrency of choice for cryptojacking. Monero’s website claims it is “the leading cryptocurrency with a focus on private and censorship-resistant transactions.” (Unlike Bitcoin, Monero doesn’t require the recipient to disclose their wallet address to receive payment(s)).

Let’s back up a bit—here’s how crypto mining works

It can be argued that cryptojacking has replaced ransomware as cyberattackers’ malevolent deed of choice. It’s important to remember, though, that cryptocurrency mining is legal—it’s how cryptocurrency works. Mining is the process of finding, then adding transactions to, currencies’ public ledger. The chain of transactions is called the block—hence the name blockchain.
A blockchain’s ledger isn’t housed in one (1) centralized location. Instead, it is simultaneously managed through duplicate databases across a network of computers—millions of them. Encryption controls and protects the creation of new coins and the transfer of funds, without disclosing ownership. The transactions enter circulation through mining, which basically turns computing resources into coins. Anybody can mine cryptocurrency by downloading open-source mining software, which allows their computer to mine, or account for, the currency. Mining solves a mathematical problem associated with each transaction, which verifies that the sender’s account can cover the payment, determines to which wallet the payment should be made, and updates the all-important ledger. The first one to solve the problem gets paid a commission in the particular currency it’s mining.
In cryptocurrency’s nascency, the computing power needed was minimal. Basically, anybody could do it. Now the computing power needed to mine cryptocurrency is considerable, with miners requiring expensive, purpose-built, super powerful computers to do so. If they don’t have that, they can forget making decent miner money. But building enough computing resources needed to profitably mine cryptocurrency today is expensive, often cost prohibitive. In cryptojacking, however, the cyber attackers network together infected computers and utilize their computing power without spending a dime. In turn, the victim’s infected computer is busy surreptitiously mining cryptocurrency and slowing to a crawl. The bad guys enjoy pure net revenue.

Got question? Call on the Security experts

To find out more about cryptojacking, ransomware, malware, Trojans, and the host of security-related issues your organization needs to consider and fend off, contact GDT’s tenured and talented security analysts at SOC@GDT.com. From their Security- and Network Operations Centers, they manage, monitor and protect the networks of some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you
Get more information about network security here:
Gen V
Sexy, yes, but potentially dangerous
Tetration—do you know its meaning?
Rx for IT departments—a security check-up
How to protect against Ransomware
 

Author

Share this article

You might also like:

AI and Data Security

The advent of artificial intelligence (AI) brings transformative potential across industries while also introducing significant data security challenges. As AI systems become integral to operational and decision-making processes, safeguarding sensitive information against sophisticated threats is paramount. This exploration sheds light on the complexities of AI and data security and proposes

Transport layer security (TLS)

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,

jeanne-malone

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion