Despite Russia’s growing comfort with the crypto industry, they suffered large-scale attacks from cybercriminals attempting to install crypto mining malware this week. Nearly half a million computers experienced a persistent 12 hour attack.
The attack was easily foiled
On March 6, a large-scale attack on over 400 thousand PC’s took place. This attack was geared toward downloading the malware Dofoil, which is a cryptocurrency miner. Attacks were disproportionately targeted against users in Russia, with 73% of affected users residing there. Turkey, Ukraine, and other countries were also targeted. The attack lasted for 12 hours.
Luckily, for users, Windows Defender and other antivirus software were able to block the majority of the attacks. Windows defender stopped more than 80 thousand attempts. Hackers were using sophisticated Trojans, persistence mechanisms and evasion methods to gain control of computers. 400,000 users were affected by the attacks, which behavior-based and cloud-powered learning models common to many antiviruses were able to stop within minutes of detection.
The attack attempted to penetrate the explorer.exe process in Windows operating systems, and then inject malicious code which would lead machines to download Dafoil. The malicious code was supposed to dupe machines into believing that the malware was a legitimate windows binary, but the ploy was easily identified because it was attempting to run a local type process from an alternate location.
In instances where the malware was successfully downloaded, machines generated traffic that flagged security software. When the mining software attempted to contact its server located on the Namecoin network, it was quickly detected. The miner was geared to mine Electroneum. Electroneum claims to use app-based mobile mining.
According to Microsoft, Windows 10, 8.1 and 7 computers with the stock security programs Windows Defender or Microsoft Security Essentials are automatically protected from this kind of attack, especially since Dofoil has been known and active for a number of years.
Hackers have been attempting to secretly steal processing power to mine crypto via malicious scripts for a while now. Recently, hackers have attempted to use social media as a vector for spreading malware, specifically Facebook Messenger and Youtube. Hackers have even attempted to hack personal handheld devices like smartphones.
Kaspersky lab says that targets include individuals, as well as industrial targets. The industry is a lucrative target for this type of attack because there are usually large networks of machines that could be exploited. Tesla has even detected attempts to hack their system with malware. Big companies like that spend top dollar to protect their cyber ecosystems, so attackers seem obviously undeterred by good security. When it comes to making money, cybercriminals will try anything on the off chance that it works. Even a small percentage of successful hacks can be lucrative.