Cyber News Roundup: Crypto-mining malware expands its reach
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
Concerns about crypto-mining and the role of malware continues to grow. As noted in a recent Alien Vault blog post authored by David Bisson, “Crypto-mining isn’t itself malicious in nature. But bad actors are abusing it for nefarious purposes. They’re doing so by illegally accessing important business assets such as servers used for electronic medical record (EMR) systems or the back-ends for corporate websites and installing cryptocurrency miners on them.”
The reason for the uptick in crypto-mining malware, as one might expect, is that there is money to by made. As reported in a post by Michael Peters on the Security Boulevard blog, a crypto-mining malware variant called Adylkuzz took advantage of the same Windows exploit as WannaCry. However, “it proved to be far more lucrative than WannaCry; it’s estimated that Adylkuzz raked in 10 times more money for its users than WannaCry,” Peters reports.
Malicious crypto-miners will likely continue to increase in number in 2018. Fortunately, folks involved in crypto-mining can take steps to protect themselves against this growing threat, according to Alien Vault’s researchers. They can begin by installing a browser extension that targets popular crypto-miners. Two of the more popular solutions are minerBlock and No Coin. They work like an ad-blocker by allowing users to block offending domains and add them to a blacklist. Users can also target a wider variety of JavaScript-based threats including Coinhive by installing an extension like NoScript or ScriptSafe.
Task force assignment: combat cyberthreats
In other news, Attorney General Jeff Sessions last week announced the formation of a special task force designed to combat global cyberthreats, with an emphasis on how these threats target elections and critical infrastructure.
According to a report by Dustin Volz on Reuters, “The task force, composed of representatives from different branches of the Justice Department, including the FBI, will examine use of the internet to spread violent ideologies and recruit followers, how hackers breach private corporate and government data, and law enforcement challenges posed by strong encryption.”
The announcement of the task force comes on the heels of special counsel Robert Mueller’s announcement that a federal grand jury has indicted 13 Russians in connection with the attack on the 2016 presidential election.
The economic impact of cybercrime continues to rise
The U.S. economy loses between $57 billion and $109 billion per year to malicious cyber activity, according to a study by the White House Council of Economic Advisors. Based on an analysis by NextGov.com, “that’s between 0.3 and 0.6 percent of the value of all the country’s goods and services.”
And that’s only an estimate, and most likely a low one. Pinpointing the cost of cybercrimes is nearly impossible since, most of the time, companies aren’t required by law to report data breaches as long as they don’t impact personal information about customers or employees. The Council also mentioned that private companies don’t have to report these cybercrimes, that smaller companies may not be equipped to properly protect themselves, and that companies aren’t given incentives to protect themselves.
To learn more about Cyber Security in Oregon visit our homepage.