1
00:00:00,740 --> 00:00:10,100
A new addition to the threat landscape started to appear in mid 2017 2018 it is a form of malware that

2
00:00:10,100 --> 00:00:13,110
hijacks your C-p you cycle's to mine.

3
00:00:13,120 --> 00:00:20,270
Cryptocurrency the rising popularity of cryptocurrency for both purchasing and for mining has led to

4
00:00:20,270 --> 00:00:26,150
a significant growth of the mining community and cryptocurrency market worldwide.

5
00:00:26,150 --> 00:00:31,130
These in turn produce a new kind of tool used to generate revenue.

6
00:00:31,300 --> 00:00:39,480
A crypto miner in cryptocurrency networks mining is a validation of a transaction for doing the mining.

7
00:00:39,500 --> 00:00:44,050
Successful miners obtain new cryptocurrency as a reward.

8
00:00:44,240 --> 00:00:46,160
So mining makes money.

9
00:00:46,160 --> 00:00:52,280
The more mining you do the more money you make especially if you use other people's machines to do the

10
00:00:52,280 --> 00:00:57,660
mining and you end up paying for the electricity tools used by malicious actors.

11
00:00:57,680 --> 00:01:04,480
I've seen call things like crypto mining malware C.P you highjackers crypto jackers.

12
00:01:04,580 --> 00:01:06,600
We've not really settled on a name yet.

13
00:01:06,620 --> 00:01:08,880
So all of those names are used.

14
00:01:08,900 --> 00:01:15,470
There are a few ways your device might be subjected to running a crypto on the common and obvious ways

15
00:01:15,980 --> 00:01:21,350
through things like phishing attacks social engineering exploiting a vulnerability.

16
00:01:21,590 --> 00:01:29,300
Downloading a bad app from a store or any any untrusted coding device can result in getting crypto mining

17
00:01:29,300 --> 00:01:31,190
malware on your device.

18
00:01:31,190 --> 00:01:38,570
Another major attack vector to be aware of is javascript based mining tools which can be injected into

19
00:01:38,570 --> 00:01:44,660
Web sites both by the website owners themselves or by threat actors.

20
00:01:44,660 --> 00:01:50,480
So imagine you visit a Web site and unbeknown to you your browser is running it will see you for no

21
00:01:50,780 --> 00:01:52,250
known good reason.

22
00:01:52,250 --> 00:01:55,920
The site is running Javascript based mining tools.

23
00:01:56,090 --> 00:02:01,030
Sometimes the Web sites have crypto reminders as an alternative to advertising.

24
00:02:01,190 --> 00:02:06,070
So are doing it openly and honestly so that that model is actually fine.

25
00:02:06,230 --> 00:02:12,740
But sometimes sites aren't open about it and try to secretly use your machine as a minor and run up

26
00:02:12,740 --> 00:02:20,840
the CPQ too hard all the times the site has been taken over in some way by an adversary and is ruining

27
00:02:20,840 --> 00:02:24,020
the code without the permission of the owner of the site.

28
00:02:24,020 --> 00:02:30,260
The bottom line though they are all taking CPQ cycles to mine cryptocurrency to make money.

29
00:02:30,350 --> 00:02:34,310
You need to be aware of this and if you don't want this to be happening on your machine then you need

30
00:02:34,310 --> 00:02:35,440
to stop it.

31
00:02:35,450 --> 00:02:40,190
The ones are particularly nefarious will ruin your Sipa you too hard that it will affect the performance

32
00:02:40,190 --> 00:02:41,390
of your machine.

33
00:02:41,390 --> 00:02:47,000
Let me give you some examples to make you aware of the current threat landscape Pirate Bay the popular

34
00:02:47,000 --> 00:02:53,780
torrent site which I'm sure you're aware of has been found to be used in user CPQ power to mind cryptocurrency

35
00:02:53,810 --> 00:02:55,350
without notification.

36
00:02:55,520 --> 00:03:02,180
Well there are examples of sites that do it without notification or sites thought up to box and also

37
00:03:02,280 --> 00:03:10,290
vids that I TV up to boxes a file hosting service vids that are adult TV is a video sharing service.

38
00:03:10,310 --> 00:03:13,770
These are also known to use a super power to mine.

39
00:03:13,790 --> 00:03:19,430
Manero cryptocurrency without notification there there'll be many other sites that do this and as time

40
00:03:19,430 --> 00:03:23,510
passes I'm sure other sites will try to do this without notification.

41
00:03:23,510 --> 00:03:30,170
Kaspersky Lab says they spotted evidence of a vulnerability in a desktop version of the messaging app

42
00:03:30,170 --> 00:03:35,670
telegram that allows attackers to install cryptocurrency mining malware on the user's computer.

43
00:03:35,740 --> 00:03:42,710
Zoraida ex-boy was used to trick telegram used into downloading malicious files which could then be

44
00:03:42,710 --> 00:03:50,350
used to deliver crypto mining software and spyware Elmis digital currencies like Manero Zed cash Fantom

45
00:03:50,360 --> 00:03:57,760
coin and others which are common coins to be mined by cryptocurrency malware cryptocurrency mining scripts

46
00:03:57,770 --> 00:04:03,100
injection was found in over 4000 Web sites including those belonging to the UK and US government.

47
00:04:03,270 --> 00:04:09,710
Hackers managed to hijack a popular third party accessibility plugin called Brough's allowed used by

48
00:04:09,710 --> 00:04:15,490
all these affected Web sites and infected their cryptocurrency mining script into its code.

49
00:04:15,500 --> 00:04:21,320
The script used to do this belongs to these guys here coign hive.

50
00:04:21,350 --> 00:04:28,160
They're a legitimate service offered as an alternative to advertisement and the hackers are using coign

51
00:04:28,160 --> 00:04:30,990
hive in this example as a quick way to make money.

52
00:04:31,010 --> 00:04:37,460
Coin hive as been used in other attacks to crudo currency mining malware infected over half a million

53
00:04:37,460 --> 00:04:45,730
PCs using an NSA ex-boy Researches from proof point discovered a massive global botnet called sumon

54
00:04:45,740 --> 00:04:51,960
men rou aka MO that is using the eternal blue SNB exploit.

55
00:04:51,980 --> 00:04:58,730
That's the one the NSA discovered at s.a.a exploit leaked by the shadow brokers to infect Windows computers

56
00:04:58,730 --> 00:05:06,480
to secretly Manero cryptocurrency is mo as been active since at least May 2017.

57
00:05:06,520 --> 00:05:13,450
And the bottleneck as of recording is infected more than 500 in 26000 Windows machines the Bahna operators

58
00:05:13,770 --> 00:05:19,180
as of recording have mine approximately eight thousand nine hundred Manero which is valued at about

59
00:05:19,180 --> 00:05:21,870
3.6 million dollars.

60
00:05:22,020 --> 00:05:28,090
And the rate of roughly 24 mineros per day which is around eight thousand five hundred dollars per day

61
00:05:28,270 --> 00:05:34,080
by stealing computing resources of millions of systems so crypto mining does pay.

62
00:05:34,090 --> 00:05:39,940
This is a valid threat to be talking about on the threat landscape Android malware is taking over phones

63
00:05:39,940 --> 00:05:46,680
to mine for cryptocurrency for scrutinizing is now also affecting mobile phones and tablets on mass

64
00:05:46,690 --> 00:05:54,490
not only via Trojan apps but also via redirects and pop Ponder's while mobile platforms are less powerful

65
00:05:54,490 --> 00:05:56,770
than their desktop counterparts.

66
00:05:56,770 --> 00:06:02,080
There is also a great number of them so they are a viable target.

67
00:06:02,110 --> 00:06:04,240
IOS is probably safer.

68
00:06:04,420 --> 00:06:10,770
Android is less safe but the last thing you want to do is be downloading from untrusted app stores.

69
00:06:10,840 --> 00:06:16,470
Even the mighty huge he was caught serving ads with CPQ draining cryptocurrency mine.

70
00:06:16,490 --> 00:06:23,650
Is this an example of times man a man of the times campaign that let attackers profit while all unwitting

71
00:06:23,650 --> 00:06:25,630
users were watching videos.

72
00:06:25,630 --> 00:06:27,540
This was quickly taken down.

73
00:06:27,700 --> 00:06:33,400
But it goes to show you that cryptocurrency minors can be injected into sites via mail all the time

74
00:06:33,580 --> 00:06:36,820
and even on top top sites like YouTube.

75
00:06:37,030 --> 00:06:39,030
So what can we do to mitigate this.

76
00:06:39,100 --> 00:06:46,340
Well you'll need to monitor your CPQ usage and see if any process looks like it's running too high.

77
00:06:46,420 --> 00:06:53,650
You will most often notice this from your browser processes due to the javascript based attacks from

78
00:06:53,650 --> 00:06:56,050
web sites Firefox Chrome etc..

79
00:06:56,050 --> 00:07:02,980
Those processes if the browser process is running high close the browser tab or window that is running

80
00:07:03,100 --> 00:07:11,770
the high process is hard to say what normal CPQ usage looks like since computer processing power applications

81
00:07:11,770 --> 00:07:13,930
people run vary so much.

82
00:07:14,000 --> 00:07:22,180
Boy a suddenly elevated level of CPQ usage would indicate an abnormal increase in demand for processing

83
00:07:22,180 --> 00:07:22,920
power.

84
00:07:22,930 --> 00:07:30,360
Some sneaky sites load hidden browser windows so you will need to end the process as you might not even

85
00:07:30,370 --> 00:07:36,430
be able to see the window browser window in or to close it to check out your CPP usage.

86
00:07:36,430 --> 00:07:45,400
Look at Task Manager in Windows activity monitor on Mac and top on Linux to see if your browser processor

87
00:07:45,410 --> 00:07:52,490
is running faster than it should be and any browser process that is running normally high in the core

88
00:07:52,490 --> 00:07:59,420
section on browser security we discuss and blockers and hasty ETP filters installing an ad block a lot

89
00:07:59,440 --> 00:08:04,630
you block origin that you can see here can help to prevent these crypto minors.

90
00:08:04,750 --> 00:08:11,080
Also here is a known coin mynahs you are a blacklist to add to your ad blocker.

91
00:08:11,090 --> 00:08:17,740
This block known coign mine is install in your book origin or your blocker of choice.

92
00:08:17,950 --> 00:08:22,630
So see the browser security section for more information on ad blockers.

93
00:08:22,630 --> 00:08:26,400
You can also install the extension no coin into your browser.

94
00:08:26,500 --> 00:08:33,730
No coin is a tiny browser extension aiming to block coin minors such as coin high that will help you

95
00:08:34,090 --> 00:08:41,560
mitigate the risk to that lots round upon C-p you hijacker's crypto mining malware encrypt jackaroos.