Over the past 18 months, the cryptojacking threat has become all the more tangible. Whereas consumers were among the first wave of “targets'< it now seems most of these attempts are shifting to a completely different audience. The vast majority of current cryptojacking attacks target enterprises, with one strain making a massive impact in China over the past handful of months.
Cryptojacking Remains Popular in China
Most cryptocurrency enthusiasts will be all too familiar with the term cryptojacking. This form of malware primarily focuses on making money by abusing the computer resources of its victims. In virtually all cases, the infected device’s resources are used to mine cryptocurrencies, in the form of Monero, Dash, ZCash, or even Bitcoin. It has been a very bothersome trend for quite some time now, yet it seems the number of attacks will not necessarily diminish in the near future either.
According to a new report by Symantec, the Beapy malware strain is one of the most problematic creatures to come to market in early 2019. It is a form of cryptojacking worm which is mainly interested in wreaking havoc upon Chinese enterprises. That in itself is a very interesting development, a sit seems criminals are less interested in attacking regular consumers or even small companies. Instead, they want to extract as much money as possible from the bigger enterprises. This also coincides with noteworthy increases where the average ransomware payment is concerned these days.
What makes Beapy so difficult to deal with is how it makes use of the EternalBlue exploit. This is one of the security loopholes initially developed by the NSA and later on leaked to the public by The Shadow Brokers. As part of its process, Beapy also tries to obtain login credentials, which are spread through networks at an alarming rate. Since January of 2019, Beapy has gotten on Symantec’s radar, and it seems to become a more common threat as more time progresses.
Similar to some other cryptojacking malware strains, Beapy is distributed via email. As enterprises seem extremely vulnerable to such a method of distribution, it is only normal criminals will continue to target these victims accordingly. Although it doesn’t appear is the attacks themselves are targeting specific companies, it is evident 98% of Beapy’s activity focuses on the enterprise sector. This only further confirms consumers are not a prone target for cryptojacking criminals any longer, although that situation may come to change again in the near future.
The current findings by Symantec paint a very interesting picture. More specifically, they see similarities between ransomware and crypto hacking attempts in the past 12 months. Both attack vectors slowly shifted toward attacking enterprises rather than regular consumers. For criminals looking to make a fair bit of money, going after corporations seems to be the more plausible course of action. This is not good news for enterprises, who often find themselves unable to deal with these attacks.
Although Beapy appears to be prominent in China, it is not the only country on this malware’s radar. Other regions being attacked include Japan, South Korea, Hong Kong, Taiwan, and even the United States. A wide selection of regions, although no one will deny over 80% of its presence focuses on China at this time. Depending on how lucrative these attacks prove to be over the coming weeks and months, there is a genuine chance the number of attacks in this country will increase even further.