It was reported today that researchers have discovered a spike in Beapy, a variant of malware that is using leaked National Security Agency (NSA) exploits to spread across corporate networks and force computers to run its cryptocurrency mining capabilities. The malware was first discovered in January and it has currently infected 12,000 devices across 732 organizations. Beapy relies on an employee opening a malicious email that will therefore allow the malware to create a persistent backdoor on the computer, it then uses the NSA’s EternalBlue exploit to spread laterally throughout the network; very similar to how WannaCry spread in 2017. Beapy also boasts open-source credential stealing capabilities in order to collect and use passwords from infected devices to aid in its spread throughout an enterprise’s network.
About NSA, crypto mining, Beapy, DoublePulsar, Mimikatz #cybersecurity https://t.co/aNcRiMzRas
— G. Livada (@glivada) April 26, 2019
Jonathan Bensen, CISO and Senior Director of Product Management at Balbix:
“Cryptojacking should not be viewed as a victimless crime. Besides drastically slowing down computers and causing device degradation, Beapy in particular leverages open-source credential stealing capabilities to aid in its spread throughout an enterprise’s network. If these credentials make their way back to a command and control center, a malicious third party could gain unauthorized access into a corporation’s network and compromise intellectual property (IP), employee, customer or partner data.
To prevent cryptojacking incidents, enterprises must leverage artificial intelligence (AI) and machine learning (ML) based solutions to effectively identify vulnerabilities among the tens of thousands of data signals arising across all IT assets, including apps, devices, users and beyond. When vulnerabilities are detected, AI and ML can then provide a prioritized list of actions, based on business criticality, with recommended fixes, to proactively remediate them before they can be abused by a nefarious actor.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
