Reports indicate that a malware used to mine virtual currencies such as Monero (XMR) is being integrated by Rig as the final payload. Currently a remote code execution vulnerability known as CVE-2018-8174 is being exploited despite the fact that it was believed to have been patched last month. It is understood that the exploit is emerging from a proof of concept that was recently disclosed.
The systems that are being affected by the security flaw include Windows 7 as well as other later operating systems from Microsoft. The exploit is understood to be working via the default web browser on older Windows systems Internet Explorer. Additionally the exploit is working via Microsoft Office documents which possess the vulnerable script engine.
Despite being relatively less-destructive, one of the biggest problems with crypto-mining malware is the fact that they can remain undetected for a long time. They can run until it becomes apparent that they are running in the background which causes a slowing computer.
Some of the steps individuals and organizations can take in order to mitigate against the threat posed by the malware include virtual patching in order to safeguard legacy networks and systems. Deploying and enabling firewalls can also help besides the use of prevention and detection systems which scan and monitor network traffic.
Application control can also be used to prevent unauthorized access as well as privilege since it will prevent suspicious processes or applications from executing. Additionally outdated or unnecessary plugins, applications or extensions should be disabled or restricted since they may serve as points of entry.
However according to Barkly the patching of the vulnerabilities has slowed down among companies. Per Barkly 80% of the firms that were polled cited the fact that the patching process of Spectre and Meltdown was unclear and this is what was hindering the patching. Additionally 88% of businesses said that the process of patching was frustrating. Some firms also said they were afraid of faulty updates with a significant number expressing patches had the potential of harming stability and performance.
Around 56% of information technology professions had deliberately refused to apply updates arguing that they will only proceed with the updates once they had tested them for performance and compatibility problems. About 23% also indicated that they would not be making any updates at all due to concerns that it would inhibit performance. Another 75% of the respondents indicated that in future patches would be rolled out at a slower rate.
Comments (No)