Develop Skillz

  • Facebook
  • RSS
  • Twitter
  • YouTube

A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks

Email, RSS Follow
Pin It

Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons.

Security researchers at Symantec say they’ve seen a recent spike in a new malware, dubbed Beapy, which uses the leaked hacking tools to spread like wildfire across corporate networks to enslave computers into running mining code to generate cryptocurrency.

Beapy was first spotted in January but rocketed to more than 12,000 unique infection across 732 organizations since March, said Alan Neville, Symantec’s lead researcher on Beapy, in an email to TechCrunch. The malware almost exclusively targets enterprises, host to large numbers of computers, which when infected with cryptocurrency mining malware can generate sizable sums of money.

The malware relies on someone in the company opening a malicious email. Once opened, the malware drops the NSA-developed DoublePulsar malware to create a persistent backdoor on the infected computer, and uses the NSA’s EternalBlue exploit to spread laterally throughout the network. These are the same exploits that helped spread the WannaCry ransomware in 2017. Once the computers on the network are backdoored, the Beapy malware is pulled from the hacker’s command and control server to infect each computer with the mining software.

Not only does Beapy use the NSA’s exploits to spread, it also uses Mimikatz, an open-source credential stealer, to collect and use passwords from infected computers to navigate its way across the network.

According to the researchers, more than 80 percent of Beapy’s infections are in China.

Hijacking computers to mine for cryptocurrency — known as cryptojacking — has been on the decline in recent months, partially following the shutdown of Coinhive, a popular mining tool. Hackers are finding the rewards fluctuate greatly depending on the value of the cryptocurrency. But cryptojacking remains a more stable source of revenue than the hit-and-miss results of ransomware.

In September, some 919,000 computers were vulnerable to EternalBlue attacks — many of which were exploited for mining cryptocurrency. Today, that figure has risen to more than a million.

Typically cryptojackers exploit vulnerabilities in websites, which, when opened on a user’s browser, uses the computer’s processing power to generate cryptocurrency. But file-based cryptojacking is far more efficient and faster, allowing the hackers to make more money.

In a single month, file-based mining can generate up to $750,000, Symantec researchers estimate, compared to just $30,000 from a browser-based mining operation.

Cryptojacking might seem like a victimless crime — no data is stolen and files aren’t encrypted, but Symantec says the mining campaigns can slow down computers and cause device degradation.

Cryptocurrency mining attacks using leaked NSA hacking tools are still highly active a year later

Email, RSS Follow
Pin It

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Articles

artificial-intelligence

SalesLoft nabs $70M at $500M valuation for its sales engagement platform

April 25, 2019 By itadmin

Cryptocurrency

A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks

April 25, 2019 By itadmin

fake-video

The startup behind that deep-fake David Beckham video just raised $3M

April 25, 2019 By itadmin

virtual-reality-school

Labster scores $21M Series B to bring VR to STEM education

April 25, 2019 By itadmin

Internet connectivity projects unite as Alphabet spinout Loon grabs $125M from SoftBank’s HAPSMobile

April 25, 2019 By itadmin

computer-programming

How to source hard-to-fill programming positions

April 24, 2019 By itadmin

tesla

Elon Musk on taking Tesla private: ‘That ship has sailed’

April 24, 2019 By itadmin

tesla-car insurance

Tesla plans to launch an insurance product ‘in about a month’

April 24, 2019 By itadmin

Scientists pull speech directly from the brain

April 24, 2019 By itadmin

Apply to participate in the Hackathon at Disrupt San Francisco 2019

April 24, 2019 By itadmin

Latest green stuff

[instagram-feed]

Related Articles

  • artificial-intelligence

    SalesLoft nabs $70M at $500M valuation for its sales engagement platform

    Apr 25, 2019
  • fake-video

    The startup behind that deep-fake David Beckham video just raised $3M

    Apr 25, 2019
  • virtual-reality-school

    Labster scores $21M Series B to bring VR to STEM education

    Apr 25, 2019
  • Internet connectivity projects unite as Alphabet spinout Loon grabs $125M from SoftBank’s HAPSMobile

    Apr 25, 2019
  • computer-programming

    How to source hard-to-fill programming positions

    Apr 24, 2019
  • tesla

    Elon Musk on taking Tesla private: ‘That ship has sailed’

    Apr 24, 2019
  • tesla-car insurance

    Tesla plans to launch an insurance product ‘in about a month’

    Apr 24, 2019
  • Scientists pull speech directly from the brain

    Apr 24, 2019
  • Apply to participate in the Hackathon at Disrupt San Francisco 2019

    Apr 24, 2019
  • Streaming-oscars

    The Oscars won’t change their rules to exclude streaming

    Apr 24, 2019

Copyright © 2021 DevelopSkillz.com

Privacy Policy · Terms of Use · Sitemap · Contact

This website uses cookies to ensure you get the best experience on our website. Learn more.