Cryptojacking Worm Hits Enterprises in China
Symantec Threat Intelligence: Beapy – Cryptojacking Worm Hits Enterprises in China
Today, Symantec released new research on a cryptojacking campaign impacting enterprises. The campaign, dubbed Beapy, uses the EternalBlue exploit and stolen and hardcoded credentials to spread rapidly across networks—including patched machines—to collect credentials from infected computers.
Beapy is most heavily affecting enterprises in Asia, with more than 80 percent of its victims located in China, with other victims in South Korea, Japan, and Vietnam. It is a file-based coinminer that uses email as an initial infection vector – activity was first seen in Symantec telemetry in January 2019 and has increased since March.
File-based coinminers have an advantage
over browser-based coinminers because they can mine
cryptocurrency faster. The Monero cryptocurrency, the
cryptocurrency most commonly mined during cryptojacking
attacks, dropped in value by 90 percent in 2018, so it may
make sense that miners that create cryptocurrency faster are
now more popular with cyber criminals.
1. Comparing profitability of browser-based and
file-based coin-mining botnets
While enterprises might think they don’t need to worry about cryptojacking as much as more disruptive threats such as ransomware, it could still have a major impact on the company’s operations.
Potential impacts of
cryptojacking for businesses include:
• A slowdown in devices’ performance, potentially leading to employee frustration and a reduction in productivity
• Overheating batteries
• Devices becoming degraded and unusable, leading to higher IT costs
• Increased costs due to increased electricity usage, and for businesses operating in the cloud that are billed based on CPU usage
To read the full Threat
Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/beapy-cryptojacking-worm-china