As annoying as spam email is, it’s usually pretty harmless. But hackers have been using a method called distributed spam distraction (DSD) where spam email is used to carry out illegal activities. Learn more about DSD and how you can safeguard your systems against it. What is DSD? DSD is a type of attack wherein Learn More “Distributed spam distraction hides illegal activities”
Hackers use cryptojacking to mine cryptocurrencies, and this process can cause PCs to run below optimal speeds. If you have a relatively new computer but are experiencing performance problems after clicking a link or visiting a website, you might be a victim of cryptojacking. Here’s what to do. Hijacked hardware Instead of paying for computing Learn More “How to protect yourself from cryptojacking”
Cryptocurrencies like Bitcoin and Monero are so popular because they’re secure and potentially worth thousands of dollars. But investors and consumers aren’t the only ones interested in them. Hackers are using malicious tactics to steal cryptocurrency, and they’re doing it with something called cryptojacking.
Hijacked hardware
Cryptojacking secretly uses your computer to calculate complex mathematical problems to generate cryptocurrency. They get inside by using phishing emails to lure victims into clicking on a link, which then runs malicious cryptomining programs on the computer. Any cryptocurrency produced then gets delivered to the hacker’s private server.
But hackers have developed an even more insidious tactic. By infecting websites with ads and plugins that run cryptojacking code, any visitor who loads the web page instantly gets infected with the malware, sending their computer’s processor into overdrive trying to generate cryptocurrency.
Unlike most malware, cryptojacking software won’t compromise your data. But it will hijack your hardware’s processing power, decreasing performance while increasing your power and cooling bills. So instead of paying for the computing power themselves, hackers can simply use thousands of compromised computers.
Surge in cryptojacking
It’s difficult to tell how much hackers are making with cryptojacking, but there’s a good chance that this type of attack will be as popular as ransomware was in 2017. In fact, for as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them.
According to several reports, even sites like The Pirate Bay, Openload, and OnlineVideoConverter are allegedly using cryptojacking exploits to diversify their revenue streams.
The biggest reason why this is becoming so popular is because it’s a low-risk, high-reward scheme. Instead of extorting money directly from the victim, hackers can secretly generate digital currencies without the victim knowing.
If it is detected, it’s also very hard to track down who initiated the attack. And since nothing was actually “stolen” (other than a portion of computing power), victims have little incentive to apprehend the culprit.
Prevention and response
To avoid cryptojacking, you need to incorporate it into your monthly security training sessions. Teach your employees to practice extra caution with unsolicited emails and suspicious links. Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected.
Beyond prevention, use network monitoring solutions to detect any unusual behavior with your computers. For example, if you notice a significant number of PCs running slower than usual, you should assume that cryptojacking is taking place.
If you’ve confirmed that it is, advise your staff to close browser tabs and update browser extensions as soon as possible.
Cryptojacking may seem less threatening than some malware we’ve discussed in the past, but it can incur real power, cooling, and performance costs to your business when several systems are compromised. To make sure you don’t end up enriching any hackers, call us today. We offer hardware solutions and cybersecurity tips to keep your business safe and sound.
Users get around 200 emails in their inbox a day, including work messages, automated payment slips, and everyone’s least favorite email, spam. Spam messages are mostly harmless, but when you get more than 10,000 of them flooding your inbox, you’re probably the victim of a special type of spam attack.
Understanding DSD
Distributed Spam Distraction (DSD) is designed to inundate your inbox with thousands of nonsense emails. There are no dangerous links, ads, or attachments involved, just random excerpts of text stolen from books and websites. What’s more, the email and IP addresses used are all different so victims can’t simply block a specific sender.
These attacks last anywhere from 12 to 24 hours and can flood inboxes with as many as 60,000 messages. While they may seem like harmless annoyances, the true purpose of DSD is to draw victims’ attention away from what hackers are doing behind the scenes.
And what they’re doing is exploiting your personally identifiable information (PII) to make unauthorized purchases or pilfer cash directly from your accounts. The DSD acts as a sort of smokescreen to hide payment confirmation messages behind a deluge of spam messages.
New tactics
Over the years, hackers have developed new tactics involving DSD. Several reports have shown that, instead of nonsensical emails, hackers are using automated software to have their targets sign up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that have been designed to weed out malicious code and gibberish text used by traditional DSD attacks.
What’s even more worrying is that any ill-intentioned individual can go to the dark web and pay for DSD services. They just have to provide a hacker with their target’s name, email address, and credit card numbers — all of which can also be purchased in the dark web — and pay as little as $40 to send 20,000 spam messages.
How to stop it
DSD is a clear sign that one of your accounts has been hijacked, so whenever you receive dozens of emails in quick succession, contact your financial institutions to cancel any unfamiliar transactions and change your login credentials as soon as possible. It’s also important to update your anti-spam software (or get one if you don’t have one already) to protect your inbox from future DSD attacks.
Hackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected. This means you should regularly change your passwords and pins, enable multi-factor authentication, set up text alerts for whenever online purchases are made in your name, and be careful about sharing personal information.
For more tips on how to deal with DSDs or other cyberattacks, call us today. We offer powerful tools and expert advice that will ensure your business’s safety.