Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) published its 27th semi-annual report on November 8th with emphasis on the most prominent cyberattacks in Switzerland during the first half of 2018.
The research covered vulnerabilities within the cyberspace and how they have led to attacks and phishing within the Swiss Internet space. In the past, cyber-security threats gravitated towards hacking online banking services, but Swiss researchers say the focus has now shifted on attacking cryptocurrency exchanges with high efficiency, with the most prominent malware to hit the country being a computer virus that mines Monero.
Dridex, a banking trojan malware, whose focus has always been on the theft of bank credentials to perpetrate fraudulent transactions, has upped its ante on crypto operations, MELANI report revealed. Authored by Necurs, Dridex was initially known as Bugat and Cridex. Researchers discovered a dramatic increase in the number of targeted cryptocurrency exchanges in this malware’s configuration files during the first half of the year.
Also making the list is the Gozi Trojan which was efficiently built to tamper with operating systems. It has, however, morphed from being a little banking trojan into a threat on digital assets. Gozi, according to the report, has been shifting its focus on cryptocurrency exchanges. It attempted to gain access to exchanges within the shortest possible time using ‘maladvertising,’ and it should not come as a surprise that it was ranked as the ninth most dangerous cyber-threat in Switzerland. Gozi uses online adverts to lure unsuspecting victims into downloading manipulated software, the researchers explained, adding that:
“In search engines, the advertisements are often displayed above the actual results, (which) leads to confusion among users.”
Monero the Most Critical Malware
- 1 Monero the Most Critical Malware
- 2 Lack of Clear Regulations
- 3 Cryptojacking in Other Nations
In spite of how overwhelming these cryptocurrency threats seem to be, the most worrisome for the Swiss researchers is the mining malware Monerominer (XMR ). It was ranked as the sixth most pervasive malware threat found on Switzerland’s internet broadband within the first half of 2018.
The proliferation of the malware application is done using several malicious websites (RIG Exploit Kit). By so doing, the XMR miner gains access to systems without the consent of the users. Users are inadvertently redirected by potentially unwanted programmes (PUPs) which deliver intrusive ads from third parties. The malware is specifically designed to mine Monero cryptocurrency but can also give way for the execution of scripts that secretly download and install malware on the users’ systems. The notoriety of Monero-mining was attested to when security researchers discovered that over two million variations of the CoinHive script were released within three months.
Read: How to Mine Monero
Lack of Clear Regulations
The boom of the crypto industry in Switzerland has fostered friendly relations between the Swiss government and crypto companies primarily in the area of gaining access to traditional banking services. The lack of regulatory provisions for cryptocurrency-related transactions in the region has been a critical issue which may have contributed to the prevalence of cyber attacks in the country.
Cryptojacking in Other Nations
In India, a research conducted by Cybersecurity firm Banbreach in October discovered over 30,000 routers that were infected with CoinHive, a malicious cryptocurrency service used to mine Monero. The proliferation of the original CoinHive protocol was said to have paved the way for internet browsers to mine cryptocurrency without the consent of the users. Lending credence to Banbreach’s finding, McAfee Labs revealed that there was over 2.5 million version of the malware in existence.
Brazil was among the worst hit in August, after 200,000 MikroTik routers were infected with malware which mines Monero in the background. While MikroTik rectified the bug used by the attacker within the date it was detected, thousands of routers which were not updated before the attack, had already been infected.