Serviceteam IT Security News

Crypto-mining malware attacks against iPhones went up 400% in the last two weeks of September, security firm Check Point notes in a new report.

Crypto-mining attacks have intensified over the past couple of years, fueled by a massive surge in the price of crypto-currencies. Threats range from botnets to fileless malware and malicious programs that abuse NSA-linked exploits for propagation. Industrial systems are frequently hit as well.

Mobile users are being targeted as well, either with Trojans that can steal crypto-currencies or with various types of miners.

While most of these attacks target Android, iPhone users weren’t spared either, as Check Point reveals. Amid a four-fold increase in crypto-mining malware assaults on iPhones, attacks on Safari users also intensified, the security firm reveals.

The attacks used the Coinhive mining malware, which emerged as the leading threat in December 2017 and has remained the top malware ever since. At the moment, Coinhive impacts 19% of organizations worldwide.

“Crypto-mining continues to be the dominant threat facing organizations across the world. The attacks on Apple devices are not using any new functionalities. The reason behind the increase is not yet known, but serves to remind us that mobile devices are an often-overlooked element of an organization’s attack surface,” Check Point says.

While the Coinhive mining code was at the top of the most active malware list, it wasn’t the only crypto-currency related malware there. Cryptoloot (Coinhive competitor), with Jsecoin (JavaScript miner), and XMRig (open-source CPU mining software) are also present on the list, on the third, fifth and eighth position, respectively.

Other malware families present on the list are Dorkbot, a worm that supports remote code execution, the Andromeda bot, Roughted malvertising campaign, Ramnit banking Trojan, Conficker worm, and the Emotet Trojan.

The top 3 most exploited vulnerabilities in September, were in Microsoft IIS WebDAV, OpenSSL, and PHPMyAdmin.

“CVE-2017-7269 is the most popular exploited vulnerability for the 7th consecutive with global impact of 48% of organizations. In second place [is] CVE-2016-6309 with a global impact of 43%, closely followed by Web servers PHPMyAdmin Misconfiguration Code Injection impacting 42% of organizations,” Check Point notes.

Related: Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

Related: Crypto-Miners Slip Into Google Play

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!