Guest post by Chas Clawson – Senior ArcSight Engineer at MicroFocus Government Solutions
Of all recent technologies being hyped, the one to have the greatest impact on the future of the world economy likely won’t be artificial intelligence or self-driving cars or 3-D printing, but rather something not as well understood: Blockchain! While the benefits of having a decentralized cloud-based ledger to record transactions will revolutionize currencies, fund transfers, trading, voting and contracts, there is some serious negative cyber security fall-out as well that shouldn’t be overlooked.
Prior to the rise of crypto-currency, malicious bad actors on the web seeking to monetize their malware had limited options. The challenge of anonymously collecting money after holding a computer system hostage was difficult. Providing your home address for a check to be mailed obviously wasn’t an option, and even foreign bank accounts can be tracked to the owners eventually. With the rise of crypto-currencies like bitcoin, everything changed. There is now an easy way to extort, store and use ill-gotten funds. Bitcoin was once the ransomware currency of choice, but it’s being displaced in the dark web marketplaces by Monero, Ethereum and others.
Still, as damaging as ransomware attacks are, the biggest change is now underway as attackers seek to silently commandeer the compute power of the machines under their control, enslaving them to become producers of coin unbeknownst to the system owners. Cryptojacking is a popular term for such practices.
This sea change is evident as new vulnerabilities and exploits seek to first and foremost get more machines producing currency and anonymously sending it to the malware authors’ wallet. Recently, Drupageddon 2.0 set corporate web teams scrambling to patch their content management systems before attackers could get in. Drupal estimated that over one million sites were vulnerable. Shortly after Drupal released the patch, tools were being weaponized. Unfortunately, many admins were too slow.
Now that this business model has been proven, we expect to see a rise in the malicious use of bots and malware variants to covertly start cryptojacking campaigns. With lower risk, and higher rewards, the revenue forecast of the dark side of the web has never looked better.
To find out what your organization can do to combat the latest cryptojacking and ransomware attacks, see our new whitepaper to get best practices for ransomware mitigation, detection, and response. Also take a look at our new web-based ArcSight Content Brain tool and identify SIEM packages that you can deploy within your SecOps environment at no cost, including packages for Threat Intelligence alerting to help you detect traffic to known malicious C2 ransomware sites.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.