Researchers have discovered a spike in Beapy, a variant of malware that is using leaked National Security Agency (NSA) exploits to spread across corporate networks and force computers to run its cryptocurrency mining capabilities. The malware was first discovered in January and it has currently infected 12,000 devices across 732 organisations.
Beapy relies on an employee opening a malicious email that will therefore allow the malware to create a persistent backdoor on the computer, it then uses the NSA’s EternalBlue exploit to spread laterally throughout the network; very similar to how WannaCry spread in 2017. Beapy also boasts open-source credential stealing capabilities in order to collect and use passwords from infected devices to aid in its spread throughout an enterprise’s network.
Using the leaked NSA RCE exploits doublepulsar and eternalblue to
execute arbitrary code if the phishing attempt was successful compromised machines and made way for the extraction of credentials using mimikatz. #beapy #malware https://t.co/jvtIcN61sw— RegistryD0g (@D0gRegistry) April 28, 2019
Thousands of firms hit by Beapy malware using NSA hacking tools see https://t.co/MzYVqyXgO9 pic.twitter.com/jkng52LSZT
— Marco Borger (@MarcoBorger1) April 28, 2019
Experts Comments:
Barry Shteiman, VP of Research and Innovation at Exabeam:
Anurag Kahol, CTO at Bitglass:
“To protect against cryptojacking, organisations must be able to recognise the signs of an attack and understand how to respond before it is too late. Educating employees on how to identify attacks and avoid phishing schemes (which is how Beapy is spread) is a basic yet crucial piece of the puzzle. Businesses must also require employees to use complex passwords, leverage multi-factor authentication (MFA), promptly install security patches and software updates, deploy ad-blocking extensions, and adopt mobile data security solutions that can defend any endpoint without causing privacy concerns or hindering device performance. Anti-malware solutions must be able to detect infected files in real time as they are downloaded to any device, uploaded to any application, or at rest within the cloud.
“As evidenced with Beapy, hackers are always devising new tactics and leveraging new tools in order to attack companies and make money through nefarious means. Fortunately, the above tips can help any business to stay secure against cryptojacking as well as other types of cyberattacks.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.