Comparing profitability of browser-based and file-based coin-mining botnets
Recently, Symantec released new research on a cryptojacking campaign impacting enterprises. The campaign, dubbed Beapy, uses the EternalBlue exploit and stolen and hardcoded credentials to spread rapidly across networks – including patched machines – to collect credentials from infected computers. Beapy is most heavily affecting enterprises in Asia, with more than 80 percent of its victims located in China, with other victims in South Korea, Japan, and Vietnam. It is a file-based coinminer that uses email as an initial infection vector – activity was first seen in Symantec telemetry in January 2019 and has increased since March.
File-based coinminers have an advantage over browser-based coinminers because they can mine cryptocurrency faster. The Monero cryptocurrency, the cryptocurrency most commonly mined during cryptojacking attacks, dropped in value by 90 percent in 2018, so it may make sense that miners that create cryptocurrency faster are now more popular with cyber criminals.
While enterprises might think they don’t need to worry about cryptojacking as much as more disruptive threats such as ransomware, it could still have a major impact on the company’s operations.
Potential impacts of cryptojacking for businesses include:
• A slowdown in devices’ performance, potentially leading to employee frustration and a reduction in productivity
• Overheating batteries
• Devices becoming degraded and unusable, leading to higher IT costs
• Increased costs due to increased electricity usage, and for businesses operating in the cloud that are billed based on CPU usage
To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/beapy-cryptojacking-worm-china