Threat Watch

Beapy Cryptojacking Campaign

A new crypto jacking campaign has been found using leaked NSA software. Cryptojacking, unauthorized use of a victim’s computer systems to mine for cryptocurrency, has been found on over 700 companies’ computer networks since March of this year. This new version, called Beapy by researchers, uses leaked hacking tools from an NSA breach that happened two years ago. Beapy relies on a user to open a malicious email; once opened it injects malware to the company’s network and spreads throughout as many computers as possible. Using the combined processing power of an organization’s computers, hackers are able to mine for large amounts of cryptocurrency and deposit it into the virtual wallet of their choice. A secondary threat with Beapy is that it also uses a credential stealer called “Mimikatz” which has the potential to steal users’ passwords and usernames across the infected network. In a single month, researchers estimate that an attacker can generate as much as $750,000 using this tactic. Cryptojacking runs in the background of a company’s network and has the potential of slowing down the entire network and eventually causing the physical machines to be overworked and worn out earlier than budgeted for.

ANALYST NOTES

Establishing a security awareness training program in the company is one of the best methods to assist employees to recognize a phishing email before it has a chance to infect the system. Installing ad-blocking and anti-crypto mining software on web browsers can help as well due to the fact that this malware is generally delivered through web ads. Once a malicious site is detected, it can be added to the web filtering tools to keep users from accessing the site in the future.