Stealthy new malware is making its mark in Africa
By Doros Hadjizenonos Country manager – SADC at Check Point
There’s a new cyber threat on the block, and it’s sneakier than anything we’ve seen before – undoubtedly the reason why it’s the malware of choice for hackers across Africa right now.
In fact, though crypto-mining malware is relatively new on the cybercrime scene, it’s remained the top malware in key markets in Africa for several months. In April, Check Point’s Global Threat Index showed that Coinhive, Cryptoloot and XMRig were in the top six malware throughout South Africa, Kenya and Nigeria. Again in May, Coinhive ranked as the number one malware family in all three countries.
All three are prolific crypto-mining malware, which - unlike other malware - hijack your system instead of holding it to ransom. While Coinhive leeches your machine’s computational resources to mine Monero cryptocurrency when an unsuspecting user visits a web page, Cryptoloot uses your central processing unit (CPU) or graphics processing unit (GPU) power to add new transactions to the blockchain, thereby releasing new currency. Similarly, XMRig is an open-source CPU mining software used to mine Monero cryptocurrency.
Cryptominers will seize your systems
At the end of the day, this might affect your business in one of two ways. Either the hacker’s mining operation will consume large volumes of power and leave a horrible surprise in your electricity bill, or the operation will overload the CPU of the infected machines, slowing down your hardware performance dramatically. This is because the malware will defer your machine’s critical tasks to keep the mining operation in progress.
And because cryptominers are created to generate as much profit as possible, most will disrupt the day-to-day operations of your business considerably.
The malware sneaks inside your servers
The worst part about crypto-mining malware - and what makes it so sneaky - is that it doesn’t need your consent nor rely on you to perform an action in order to make a profit.
Take ransomware for example – ransomware relies on the victim to pay a ransom for the attack to be profitable. Similarly, banking Trojans, which steal bank account credentials, need you to first access your account so that they can harvest your user name and password.
But cryptominers don’t need you at all. In fact, all they need is your browser to be up and running, and they’re in business – literally.
Machines will shut down slowly
In extreme cases, a cryptomining attack can consume the entire combined CPU power of your company’s servers. This not only increases your hosting and electricity costs dramatically, but it also drastically lowers your systems’ service ability. Basically, your machines will gradually slow down and heat up, causing a significant reduction in user productivity.
Make sure your servers are patched
The most baffling part about the crypto-mining scourge is that the malware often succeeds because of poor server patching. In fact, Check Point’s researchers discovered that an astounding 46% of the world’s organisations have been targeted because of their Microsoft Windows Server 2003 vulnerability. Another 40% have been attacked because of Oracle Web Logic vulnerability.
But, the part that will really leave you bewildered is that both of these patches have been available to the public for at least six months.
It means that companies need to be really careful about not neglecting security basics – like the patching of servers – to make sure their networks remain secure.
Any device is a potential target
And because cryptominers can infect any device – browsers, servers, desktops and mobile phones – the only way you can protect against the exploitation of your servers is by filtering out mining components within websites and removing miners from mobile devices. Basically, you need a multi-layered security approach.
And the reality for today’s businesses is that end-to-end security is needed to guard against both established threats like fifth generation cyber-attacks, as well as emerging threats. Siloed security solutions are simply not enough to protect your business – in fact this approach to cybersecurity has been out of date for a while.
And end-to-end solutions like Check Point’s Gen V Protection against Mega Attacks have been in existence for some time already. Basically, the technology consolidates all of the isolated security solutions which businesses already have in place and covers those touch points which are lacking.
As we start to see new types of malware emerge - bigger, badder and stealthier - this holistic approach to cybersecurity is going to prove more important than ever before.