As the use of Bitcoin and other crypto currency continues to grow, cyber criminals are learning how to capture a portion of the transaction. Through continuous innovation, cyber criminals are accomplishing the revenue goals.
The goal is to hijack Blockchain and mine the bit coins. In many ways, it is replacing Adware. In many ways, crypto mining is more lucrative. In some versions, the mining can continue even after the window has been closed.
In the case of the methods used in crypto mining, they can be very similar to other malware. In many strains, the mining is similar to WannaCry. In others exploits are using malware laden spam email, junkware and tampered plugins. In Adylkuzz the leverage the process of Eternal Blue and Double Pulsar. In specific, they use a method for backdoors that those mentioned use as well as the SMB protocol. If you recall all 3 WannaCry, Eternal Blue and Double Pulsar have changed the Microsoft SMB. Protocol just enough so that it can be used for other criminal functions but not enough to set off alarms or be noticed. That is unless the sensor is very specific.
Barrier1 identifies, stops, learns and shares the just known attributes with the Barrier1 community within minutes. Here is how Barrier1 will stop it.
· Barrier1 is no longer using JavaScript on board. If we detect it we can correlate it from other known block sites including Adware sites.
· Barrier1 will detect a slow down in core processing. Crypto Mining Malware uses the CPU cycles of the now infected computer to extract hashes.
· The process is very similar to WannaCry, Eternal Blue and Double Pulsar. They all have infected or changed the Microsoft SMB protocol. The SMB protocol is just 1 of over 240+ protocols acting as sensor on board EVERY Barrier1.
· Through the use of Barrier1’s on board Learning Engine, if a specific Barrier1 customer identifies traffic that is going to xxx.xxx.01 which is a known Crypto Scraping Malware site B1 would block it. Then if xxx.xxx.08 shows up at the front door of Barrier1, one of our on board algorithms would accurate identify, block and notify within sub second time.
· Often times like all Malware there is a CnC, command and control. The CnC allows the master to send instructions to it slave and thus carry out the breach. Barrier1 with its extensive, 35,000+ on board sensors is looking for CnC in every method one can think of. That includes, CnC going through TOR, P2P, Rapidly changing IP Address and Port numbers or any other method used for CnC.