Cryptojacking Apocalypse: Defeating the Four Horsemen of Cryptomining

Despite price fluctuations of bitcoin and other cryptocurrencies, cryptojacking remains a serious — and often hidden — threat to businesses, SMBs and everyday consumers.

And the most covert of these threats is cryptomining via the browser, where popular forms of malware attempt to turn your device into a full-time cryptocurrency mining bot called a cryptojacker.

To help you creatively understand this trend, let me summon my classical training and be a little hyperbolic. If you see the cryptojacking wave as an apocalypse like some of their victims do, the Four Horsemen would be the four threats to your endpoint or business:

  • The White Horse: The energy it consumes or wastes
  • The Red Horse: The loss to productivity due to limited resources
  • The Black Horse: The damage it can do to a system
  • The Pale Horse: Security implications due to created vulnerabilities

Unlike ransomware that wants to be found (to ask for payment), a cryptojacker’s job is to run invisibly in the background (although your CPU performance graph or device’s fan may indicate something is not normal).

Ransomware authors have switched gears over the past two years to use cryptojacking more, because a ransomware strain’s effectiveness and ROI diminish as soon as it ends up on public feeds like VirusTotal.

Like anyone else running a highly profitable business, cybercriminals need to constantly find new ways to fulfill their financial targets. Cryptojacking is being used to solve that challenge.

In April 2018, SonicWall started tracking cryptojacking trends, namely the use of Coinhive in malware. Over the course of the year, we saw cryptojacking ebb and flow. In that time, SonicWall recorded nearly 60 million cryptojacking attacks, with as many as 13.1 million in September 2018. As published in the 2019 SonicWall Cyber Threat Report, volume dipped across the final quarter of 2018.

Global Cryptojacking Attacks | April-September 2018

The lure of cryptomining

Cryptomining operations have become increasingly popular, now consuming almost half a percent of the world’s electricity consumption. Despite the wild swings in price, roughly 60% of the cost of legitimately mining bitcoin is the energy consumption. In fact, at the time of writing, the price of a bitcoin is worth less than the cost of mining it legitimately.

With such costs and zero risk as compared to buying and maintaining equipment, cybercriminals have strong incentives to generate cryptocurrency with someone else’s resources. Infecting 10 machines with a cryptominer could net up to $100/day, so the challenge for cryptojackers is three-fold:

  1. Find targets, namely organizations with a lot of devices on the same network, especially schools or universities.
  2. Infect as many machines as possible.
  3. Stay hidden for as long as possible (unlike ransomware and more akin to traditional malware).

Cryptojackers use similar techniques as malware to sneak on to an endpoint: drive-by downloads, phishing campaigns, in-browser vulnerabilities and browser plugins, to name a few. And, of course, they rely on the weakest link — the people — via social engineering techniques.

Am I infected by cryptominers?

Cryptominers are interested in your processing power and cryptojackers have to trade stealth against profit. How much of your CPU resources they take depends on their objectives.

Siphoning less power makes it harder for unsuspecting users to notice. Stealing more increases their profits. In either case, there will be a performance impact, but if the threshold is low enough it could be a challenge to distinguish the miner from legitimate software.

Enterprise administrators may look for unknown processes in their environment, and end users on Windows should spawn a Sysinternals Process Explorer to see what they are running. Linux and macOS users should investigate using System Monitor and Activity Monitor, respectively, for the same reason.

How to defend against cryptominers

The first step in defending against cryptominers is to stop this type of malware at the gateway, either through firewalls or email security (perimeter security), which is one of the best ways to scrub out known file-based threats.

Since people like to reuse old code, catching cryptojackers like Coinhive was also a simple first step. But in February 2019, Coinhive publicly announced it was ceasing operations March 8. The service stated that it wasn’t “economically viable anymore” and that the “crash” impacted the business severely.

Despite this news, SonicWall predicts there will still be a surge in new cryptojacking variants and techniques to fill the void. Cryptojacking could still become a favorite method for malicious actors because of its concealment; low and indirect damage to victims reduces chances of exposure and extends the valuable lifespan of a successful attack.

If the malware strain is unknown (new or updated), then it will bypass static filters in perimeter security. If a file is unknown, it will be routed to a sandbox to inspect the nature of the file.

The multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox environment is designed to identify and stop evasive malware that may evade one engine but not the others.

If you have an endpoint not behind this typical set up (e.g., it’s roaming at the airport or hotel), you need to deploy an endpoint security product that includes behavioral detection.

Cryptominers can operate in the browser or be delivered through a fileless attack, so the legacy solutions you get free with a computer are blind to it.

A behavioral-based antivirus like SonicWall Capture Client would detect that the system wants to mine coins and then shut down the operation. An administrator can easily quarantine and delete the malware or, in the case of something that does damage to system files, roll the system back to the last known good state before the malware executed.

By combining a mixture of perimeter defenses and behavioral analysis, organizations can fight the newest forms of malware no matter what the trend or intent is.

On-Demand Webinar: The State of the Cyber Arms Race

There are two kinds of cybersecurity enthusiasts in this world.

Person 1: I anxiously set my alarm to be the first one to download the new 2019 SonicWall Cyber Threat Report. I await its glorious arrival every spring and have already read it cover-to-cover 34 times. What else can I learn?

Person 2: I, too, value the actionable cyberattack intelligence and research from SonicWall Capture Labs threat researchers. I downloaded it (hopefully), but just haven’t had a chance to absorb all it has to offer. I need more.

SonicWall obviously supports both approaches, but we know different types of people digest content in different ways.

For this reason, we hosted an exclusive webinar that explored the key findings, discussed intricacies of the data, provided updates and answered many questions.

Watch the on-demand replay to learn about the findings, intelligence, analysis and research from the 2019 SonicWall Cyber Threat Report.

The exclusive session, The State of Cyber Arms Race: Unmasking the Threats Coming in 2019,” will help you improve your security preparations and posture through 2019 and beyond. Pro tip: Download the full report now so you’re primed for the webinar.

Hosted by SonicWall’s John Gordineer, the convenient 60-minute webinar explored the complete report, which covers key trends and findings from 2018, such as:

  • Global Malware Volume
  • UK, India Harden Against Ransomware
  • Dangerous Memory Threats & Side-Channel Attacks
  • Malicious PDF & Office Files Beating Legacy Security Controls
  • Attacks Against Non-Standard Ports
  • IoT Attacks Escalating
  • Encrypted Attacks Growing Steady
  • Rise & Fall of Cryptojacking
  • Global Phishing Volume Down, Attacks More Targeted

About the Presenter

John Gordineer
Director, Product Marketing

John is responsible for technical messaging, positioning and evangelization of SonicWall network security, email security, and secure remote access solutions to customers, partners, the press and industry analysts. John has more than 20 years of experience in product marketing, product management, product development and manufacturing engineering. He earned a bachelor’s degree in Industrial Engineering from Montana State University.

Cyber Security News & Trends

This week, SonicWall releases the 2019 Cyber Threat Report and hosts a live Twitter Chat!

SonicWall Spotlight

Annual SonicWall Cyber Threat Report Details Rise in Worldwide, Targeted Attacks – SonicWall Press Release

  • SonicWall releases the highly anticipated 2019 SonicWall Cyber Threat Report, delivering an in-depth look at threat intelligence obtained from more than 1 million sensors around the world.

The SonicWall Cyber Threat Report Infographic – SonicWall website

  • If you want to know the highlights of the 2019 Cyber Threat Report then look no further than our handy Infographic which breaks down the major findings.

#SonicWallChat – Twitter Chat

  • To celebrate the release of the 2019 Cyber Threat Report we hosted our first live Twitter Chat! SonicWall Threat Researchers took over our Twitter handle and fielded questions about the Threat Report from our Twitter followers.

Perpetual ‘Meltdown’: Security in the Post-Spectre Era – Data Breach Today

  • The growing frequency and complexity of side-channel attacks, including Meltdown, Spectre and most recently Spoiler, is proving a growing threat to security. SonicWall CEO addresses this specific challenge in a video interview with Data Breach Today at the recent RSA Conference in San Francisco.

SonicWall Report Paints Sobering Picture of Cyberthreat Trends – Silicon Angle

  • Silicon Angle review the 2019 SonicWall Cyber Threat Report, stating that the results “don’t make happy reading for security personnel.”

SonicWall 2019 Cyber Threat Report Says Canadian Malware up More Than 100 per Cent – Channel Buzz (Canada)

Cyber Security News

Virus Attacks Spain’s Defense Intranet, Foreign State Suspected: Paper – Reuters

  • An undetected virus infecting the Spanish Defence Ministry’s intranet may have been active for months. Sources suspect a foreign state is behind the cyberattack.

Toyota Announces Second Security Breach in the Last Five Weeks – ZDNet

  • Toyota announced that it has been hit by a data breach for the second time in five weeks with servers storing information on up to 3.1 million customers affected. Experts suggested that APT32 hackers might have targeted Toyota’s Australia branch as a way to get into Toyota’s more secure central network in Japan.

Ransomware Behind Norsk Hydro Attack Takes on Wiper-Like Capabilities  – Threat Post

  • LockerGoga is the ransomware that has cost Norsk Hydro millions but researchers are still unsure who has created it and, since many of those infected cannot even view the ransom note, what their intent is.

Digital Footprint, Age, Position Determining Factors in Email Attacks – SC Magazine

  • A recent study found that it is possible to determine whether a person may be targeted by a fraudulent email by checking factors such as if they were caught in previous data breach, or even their age – older people who have been online longer than younger people are more likely to have been affected by a previous cyber incident.


In Case You Missed It

Cyber Security News & Trends

This week, SonicWall protects against the newest Intel chip vulnerability, millions more records are found unprotected online and Google Chrome has a serious security flaw.

SonicWall Spotlight

SonicWall Extends SMB Cybersecurity Ambitions – Security Boulevard

  • SonicWall’s Dmitriy Ayrapetov provides insight into SonicWall’s newest product releases, where SonicWall is heading and the benefits of unifying cybersecurity systems.

SonicWall Aims at Evasive Cyber Threats Targeting Wireless Networks, Cloud Apps, Endpoints – CRN (India)

  • CRN India review the new SonicWall releases in detail and Jeff Wilson, Senior Research Director at IHS Markit, highlights the need for cloud protection as provided by SonicWall Cloud App Security 2.0.

Cyber Security News

‘Spoiler’ Flaw in Intel CPUs is Similar to Spectre – Yet Dangerously Different – Tech Radar

  • A new Intel chip vulnerability dubbed ‘Spoiler’ is similar to the Spectre flaw that allows an attacker to exploit the way PC memory works. Attackers using the flaw can, amongst other things, view data from running programs which should otherwise not be accessible. SonicWall RTDMI identifies and blocks this threat.

Google Confirms Serious Chrome Security Problem – Here’s How to Fix It – Forbes

  • Google issues an urgent update warning for all Chrome users after a zero-day vulnerability was discovered being exploited in the wild.

An Email Marketing Company Left 809 Million Records Exposed Online – Wired (UK)

  • Researchers found over 150 gigabytes of detailed private data, including hundreds of millions of unique email addresses and personal social media accounts, easily accessible online after an “email verification” company left the records exposed.

Project Zero Discloses High-Severity Apple macOS Flaw – Threat Post

  • Google Project Zero researchers detail a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

A CEO Cheat Sheet for the Cybersecurity Big One – Forbes

  • Warren Buffet calls it “The Big One” – it’s the worst-case cybersecurity scenario for a company. Forbes provide a CEO cheat sheet with tips on how to prepare for it.

Cyberattack Planning Is Still Depressingly Poor, Even in Big Businesses – ZDNet (UK)

  • A report by the British government has found that while most companies have some kind of cybersecurity strategy in place, many have not tested it, or fail to fully understand the threats faced.

After the Breach: Six Key Actions to Take – IT Pro Portal

  • Contain, Identify, Determine, Announce, Offer, and Make Sure it doesn’t happen again – IT Pro Portal detail six steps a company must follow if they suffer a data breach.

Ransomware Warning: The Gang Behind This Virulent Malware Just Changed Tactics Again – ZDNet (UK)

  • The gang behind the GandCrab ransomware, who sell it through a Ransomware “as-a-service” model, are under constant cybersecurity scrutiny and continue to change tactics. Instead of targeting small networks they are now advertising to those who want to go after larger targets for a bigger payday.

In Case You Missed It

Cyber Security News & Trends

This week, ATM hacking is so easy cybercriminals turn it into a game, the flaws in blockchain are investigated, and the British Labour Party lockdown their data.

SonicWall Spotlight

January 2019 Cyber Threat Data: New Year, New Malware Attack Variants – SonicWall Blog

  • SonicWall’s threat blog for January 2019 finds that while overall malware attacks are dropping, the variants of malware are growing with twice as many new threats diagnosed compared to the same time last year.

Cyber Security News

Once Hailed as Unhackable, Blockchains Are Now Getting Hacked – MIT Technology Review

  • MIT Technology review traces how all blockchain technology payments like Bitcoin are vulnerable to “51% Attacks” due to the inherent structure of blockchain. Renting enough mining power to attack bitcoin would cost more than $260,000 per hour but, with lesser-known blockchain currencies, this figure drops dramatically.

Russian Hackers Targeted European Research Groups, Microsoft Says – New York Times

  • Microsoft reports that the hacker group Fancy Bear, often associated with Russian intelligence, are targeting European think tanks and NGOs in the lead up to the 2019 European Parliament election. Russian officials deny any links to the group.

Data-Spewing Spectre Chip Flaws Can’t Be Killed by Software Alone, Google Boffins Conclude – The Register (UK)

  • Although Intel announced hardware fixes for some of the Spectre vulnerabilities in 2018, Google researchers have concluded that the proposed solution of simply fixing the remaining issues with software is not a viable option.

ATM Hacking Has Gotten so Easy, the Malware’s a Game – Wired

  • ATM hacking is usually seen as easily preventable if basic cybersecurity protocols are followed. However, many ATMs worldwide simply never receive updates. As a result, theft from ATMs has become so easy that some hackers have turned their hacking malware into a game.

Ransomware Attacks Classified as a Felony Under Proposed Maryland Bill – Health IT Security

  • Proposed legislation in Maryland wants to lower the financial threshold for a ransomware attack to be considered as a felony from $10,000 to $1,000 USD.

POS Firm Says Hackers Planted Malware on Customer Networks – ZDNet

  • A Point of Sale (POS) company based in Minnesota announced that a security breach in January 2019 led to almost 140 of its customers being affected by malware. Full details are not available, but it is likely that any card details used on the POS systems while the malware was active were compromised.

When Cyberattacks Pack a Physical Punch – Threat Post

  • “Physical” cyberattacks, where hardware is compromised or physical infrastructure like a burglar alarm is attacked, now count for more than one in ten data breaches. Threat Post investigates the shrinking gap between cyber and physical security.

Data Breach Rumours Abound as UK Labour Party Locks Down Access to Member Databases – The Register (UK)

  • The UK Labour Party announced this week that its databases would be unavailable after confirmed access by “individuals who are not, or are no longer, authorised to do so.” It is likely this refers to the recently launched Independent Group of breakaway MPs who made headlines leaving the party this past week.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall highlights how the UK is taking malware seriously, there is an investigation into new vehicles that are vulnerable to cyberattacks, and an update on the average price paid for ransomware.

SonicWall Spotlight

Bill Conner: How the UK Is Taking Malware Seriously – Information Age

  • SonicWall CEO Bill Conner was interviewed by Information Age editor Nick Ismail on the changing cybersecurity landscape, how malware can be region specific, the possibilities of cross-border collaboration, and more.

DCC Inks Distribution Deal With SonicWall

  • IT products distributor Drive Control Corporation (DCC) has been appointed as an official distributor for SonicWall in South Africa.

SMBs Need Layered Security to Defend Their Businesses – Forbes

  • Bill Conner, CEO of SonicWall, talks as part of the Forbes Technology Council on why small and medium businesses (SMBs) need layered cybersecurity. He argues that if you’re running an SMB online cybercriminals see you as an easy target and, without adequate investment in cyberdefenses, they might just be correct.

Cyber Security News

Is Your Car Hackable? Cybersecurity Experts Say It Might Be – USA Today

  • A modern car is full of small computers, but in a new survey of 15,900 IT security practitioners and engineers in the automotive industry, many acknowledged a huge number of flaws in the cybersecurity makeup of the vehicles. 62 percent of those surveyed say a malicious attack against automotive technologies is likely or very likely to occur in the next 12 months.

Trojan Malware: The Hidden Cyber Threat to Your PC – ZDNet

  • While Ransomware and cryptocurrency mining have been making the headlines recently, ZDNet investigates the quiet growth of Trojan malware – made possible by the huge number of recent breaches leading to targeted phishing emails.

Ransomware Victims Who Pay Cough up $6,733 (on Average) – BankInfoSecurity

  • A new report has found that in the fourth quarter of 2018 ransomware victims who paid the ransom spent, on average, $6.73; an increase of 13 percent from the previous quarter. Unsurprisingly Bitcoin is the preferred method of payment.

Two Hacker Groups Responsible for 60 Percent of All Publicly Reported Hacks – ZDNet

  • Blockchain analysis firm Chainalysis investigated publicly reported cryptocurrency exchange hacks and concluded that 60 percent could be traced back to two hacking groups.

True Crime: SamSam Ransomware I Am – SC Magazine

  • SamSam may not be the worst malware out there but its impact on enterprise cybersecurity became difficult to ignore in 2018. SC Magazine traces the history of the malware throughout the year.

Report: Nation-State Malware Attack Could Cripple US – BankInfoSecurity

  • A new report has concluded that without improved private and public data co-operation, the US is at risk of being crippled by well-made malware. The report recommends closer technical data sharing and action taken to improve communication between public and private entities.

A Hacker’s Take on Blockchain Security – Forbes

  • With Blockchain seen by some as the solution to cybersecurity problems, Forbes asks a black hat hacker to investigate with them just how true that is. They come across some less obvious stumbling blocks in blockchain security.

In Case You Missed It

Cyber Security News & Trends

This week, Collections #2-5 drop over 2 billion stolen logins, Bangladesh is suing a Philippines bank over cybertheft and SonicWall CEO Bill Conner discusses keeping up with the cybersecurity market.

SonicWall Spotlight

Could Cash-Rich Facebook Be Considering Acquisition Targets? – Real Money

  • SonicWall CEO Bill Conner is quoted by Real Money talking about Facebook’s need for cybersecurity acquisitions in a piece that speculates where the company might go next.

Are We Really Aware of What Mobile Malware Is? – VarIndia

  • SonicWall’s Debasish Mukherjee is interviewed as part of a panel discussing the mobile malware. He talks about the data SonicWall Capture Labs found on the Android platform throughout 2018.

SonicWall Aims to Build Brand in Critical Two Years – IT Europa

  • Bill Conner, CEO of SonicWall, lends his thoughts to IT Europa talking about the future of the fast-moving cybersecurity market and why not every security company is able to keep up.

Cyber Security News

Hackers are Passing Around a Megaleak of 2.2 Billion Records – Wired

  • After the leak of Collection # 1 earlier in the year Collections #2-5 continue the data dump of hacked records, largely information that has been leaked previously.

Airbus Reports Breach Into Its Systems After Cyber Attack – Reuters

  • Airbus detected a cyberattack which resulted in a data breach of mostly employee data. It says the incident did not affect commercial operations.

What Was the Cybersecurity Impact of the Shutdown? – FCW

  • With the Government shutdown over, the cybersecurity impact is still being worked out. FCW discuss the possible knock-on effects and how long they might last.

IT Spending Expected to Rise in 2019 Amid Shift to Cloud Services – Wall Street Journal

  • Forecasts for IT enterprise spending say there will be an 8.5% growth this year, and overall IT spending is expected to rise 3.2%.

Too Few Cybersecurity Professionals Is a Gigantic Problem for 2019

  • There is a global gap of nearly 3 million cybersecurity positions. In the USA alone 314,000 jobs were posted in a one-year period between 2017 and 2018. Cybersecurity training itself is a new area and almost no cybersecurity professional over 30 today has a formal cybersecurity degree.

Bangladesh to Sue Philippine Bank Over $81M Cyber Heist – Security Week

  • A digital heist in 2016 led to the successful theft of $81 million from the Bangladesh central bank’s account with the US Federal Reserve. Bangladesh is now attempting to retrieve the funds by suing the Philippines bank that facilitated the transfer. The Federal Reserve denies that it was hacked.

Massive DDoS Attack Generates 500 Million Packets per Second – Dark Reading

  • A DDos attack on Github in 2018 made headlines as the biggest ever DDos attack, but it was only a quarter of the size of the attack stopped earlier this month.

Cryptocurrency Thefts, Scams Hit $1.7 Billion in 2018: Report – Reuters

  • Cryptocurrency theft rose 400 percent in 2018, with up to $1.7 billion stolen by the end of the year. $950 million of this was theft from cryptocurrency exchanges and digital wallets.

In Case You Missed It

Cyber Security News & Trends

This week, fears are growing that new 5G industrial robots are vulnerable to cyberattack, the numbers affected by a breach jump from 500 to over 500,000 and the government shutdown continues to worry cybersecurity experts.

SonicWall Spotlight

SonicWall on Winning the Cyber Arms Race on Winning the Cyber Arms Race – Tahawul Tech

  • SonicWall’s Michael Berg is interviewed talking SonicWall’s expansion in Dubai, the cyber arms race and where SonicWall is going in 2019.

Cyber Security News

Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses – Dark Reading

  • Big corporations seize the cyberattack headlines, but Dark Reading argues that cybersecurity must be a top priority for small and medium businesses, outlining the major security risks and methods of protection.

For Industrial Robots, Hacking Risks Are on the Rise  – Wall Street Journal

  • 5G and the Internet of Things promise to make factories a lot smarter, but also a lot more vulnerable to cyberattacks.

New Ransomware Poses as Games and Software to Trick You Into Downloading It – ZDNet

  • A Dangerous new ransomware dubbed Anatova that was found at the start of the new year is being watched closely by researchers. Its modular architecture makes it easily adaptable and potentially very dangerous in the hands of a skilled cybercriminal.

The Shutdown Is Exposing Our Economy to Crippling Cybersecurity Breaches – Salon

  • Salon details the infrastructural cybersecurity problems, many previously outlined by SonicWall, that have been growing with the ongoing government shutdown.

Proposed Law Classifies Ransomware Infection as a Data Breach – SecurityWeek

  • The Act to Strengthen Identity Theft Protections in North Carolina proposes widening the definition of a breach to include ransomware and even unauthorized access. The legislation requires tightened data protection and a quicker notifications period when there is a breach.

Online Casino Group Leaks Information on 108 Million Bets, Including User Details – ZDNet

  • The server details of an online casino were left exposed online, leaking information on 108 million bets, including complete customer data like real names and addresses, phone numbers, email addresses, birth dates, and more.

Victim Count in Alaska Health Department Breach Soars – BankInfoSecurity

  • It was originally thought to only affect 501 people but the numbers in the Alaska Health Department breach of June 2018 have soared to up to 700,000. The number has soared after months of analysis and confirmation, the DHSS says they always knew the number would rise dramatically after analysis.

Recession Is the Number One Fear for CEOs in 2019, Survey Says – CNBC

  • While recession is the number one fear worldwide, a survey of over 800 CEO’s found that cybersecurity was the number one fear for CEO’s in the U.S.

Cybercriminals Home in on Ultra-High Net Worth Individuals – Dark Reading

  • With a growing cybersecurity awareness in businesses new research is suggesting that some hackers are shifting their sights to the estates and businesses of wealthy families with personalized cyberattacks.

In Case You Missed It

Cyber Security News & Trends

This week, one city is back to using pen and paper after a ransomware attack, cybercriminals utilize popular video game Fortnite in a money laundering scam and construction industry cranes are alarmingly vulnerable to being hacked.

SonicWall Spotlight

SSL, TLS Certificates Expiring on US Government Sites During Federal Shutdown – SonicWall Blog

  • SonicWall’s Brook Chelmo explains why US Government websites are starting to suffer during the ongoing Government Shutdown, explaining that security certificates are not being updated and what kind of messages you might be seeing as a result.

Cyber Security News

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach – Wired

  • Wired details the mega-breach where at least 773 million emails and 21 million unique passwords have been released in a folder called “Collection #1.” Some are calling this the largest collection of breached data ever found, although it should be noted that Collection #1 is a compilation of both old and new leaked details.

Fortnite Is Being Used by Criminals to Launder Cash Through V-Bucks – ZDNet

  • Criminals have been using the in-game currency in Fortnite for laundering money from stolen cards. It is not known exactly how much profit the cybercriminals have made, but Fortnite coins sold on eBay alone have grossed over $250,000 in two months.

Defense Department Continuously Challenged on Cybersecurity – Security Week

  • A report has revealed that while the U.S. Department of Defense has been making strides to improve their cybersecurity stance, they are still struggling. In September of last year there were 266 open cybersecurity‑related recommendations, some dating as far back as 2008.

NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million

  • Zurich insurance rejected a $100 million claim by Mondelez saying that since the NotPetya ransomware attack has been seen by some, including the UK government, as a Russian military attack it is not covered by standard insurance against malware. Mondelez are taking legal action in response.

Oklahoma Gov Data Leak Exposes FBI Investigation Records, Millions of Department Files – ZDNet

  • A storage server belonging to the Oklahoma Department of Securities was found with terabytes of confidential data exposed and accessible to the public.

Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What? – The Register

  • Cybersecurity protection on cranes, drilling rigs, and other heavy machinery has been found to be severely lacking with a report into the area finding that none of the radio remote controllers investigated had “implemented any protection mechanism to prevent unattended reprogramming.”

WEF: Cyber-Attacks a Major Global Risk for Next Decade – Infosecurity Magazine

  • The World Economic Forum released a reporting stating that cyberattacks remain as one of the risks facing the world today with 82 percent of those queried stating they expect data and monetary theft attacks to increase.

Ransomware Attack Sends City of Del Rio Back to the Days of Pen and Paper – ZDNet

  • Officials at Del Rio, Texas, had to abandon their computers and switch to pen and paper after a ransomware attack last week. It has not been revealed who is behind the ransomware but the FBI have been informed and are investigating.

Emotet Malware Returns to Work After Holiday Break – BankInfoSecurity

  • Whether coincidence or a sign that the criminals were actually on holidays, a number of malware strains including Emotet have returned in 2019 after falling out of use towards the end of the year. BankInfoSecurity trace the history and usage of Emotet, including information on where in the world it has and has not been striking.

In Case You Missed It

Cyber Security News & Trends

Adware apps downloaded by millions, German politicians have their data leaked, and how is the government shutdown affecting cybersecurity? SonicWall has collected this week’s best cybersecurity stories, just for you.

SonicWall Spotlight

What Is Driving the Workforce of the Future? – IT News Africa

  • SonicWall threat data is used to examine the potential dangers of a workforce dependent on the Internet of Things and 5G mobile connection.

Cyber Security News

German Man Confesses to Hacking Politicians’ Data, Officials Say – New York Times

  • The December leak of the personal information of German politicians was carried out by a young German student who used very basic techniques like guessing the passwords. The authorities are treating him as a juvenile and he has been released while the investigation is ongoing.

Google Removes 85 Adware Apps That Were Installed by Millions of Users – ZDNet

  • Google removed 85 apps from the Play Store after complaints that they were blatantly adware where every page on the apps triggered a full screen advert. At the time of removal one of the apps had already been downloaded over five million times.

Class-Action Lawsuit Filed Over Marriott Data Breach Washington Times

  • 76 plaintiffs from all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands are suing Marriott International Inc. in federal court over the data breach in 2018 that saw millions of people’s data released.

Who Should Be Responsible for Protecting Our Personal Data?World Economic Forum

  • The World Economic Forum explores the growing cybersecurity challenges that are presented by the fact that 89% of Americans and 70% of Europeans use the internet daily, and half the world’s population is online in some way. They ask if governments are reacting fast enough to the changes and if cybersecurity is a personal or public responsibility.

Zeroday Exploit Prices Are Higher Than Ever, Especially for iOS and Messaging Apps – ArsTechnica

  • The going rate for a zero-day jailbreak for Apple’s iOS is currently as high as $2 million. That’s the highest end of the scale but the market for exploits has been going higher and higher with no sign of leveling off.

U.S. Initiative Warns Firms of Hacking by China, Other Countries – Reuters

  • A new initiative by The National Counter-Intelligence and Security Center (NCSC) has been launched, aimed with improving cybersecurity in U.S. companies. Videos, brochures, and online informational materials have all been made available in an attempt to address ongoing concerns that many companies are not currently doing enough to protect themselves from cyberthreats.

Cybersecurity May Suffer as Shutdown Persists – Roll Call

  • The partial government shutdown may be leaving departments open to cybersecurity risks since many of the shutdown departments are on the “hit-list for hackers.” As more time passes there is a fear that minor setbacks may become irreversible.

This Old Ransomware Is Using an Unpleasant New Trick to Try and Make You Pay Up – ZDNet

  • First spotted in 2016, Cryptomix is a ransomware that seemed to have disappeared until it was rediscovered recently with a new distasteful trick; using information scraped from children’s charity organizations to make it seem like the ransom payment will be used to help people in need.

  The Cybersecurity Skills Shortage Is Getting Worse – CSO Online

  • With 53 percent of respondents of one survey reporting a problematic shortage of people with the right skills, the cybersecurity job situation is seen by some as actively getting worse rather than better. CSO Online recommend massive federal leadership, a more thorough public/private partnership and an integrated industry effort to solve the problem.

In Case You Missed It