Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Beapy Cryptojacking Campaign Uses EternalBlue to Exploit Enterprises

    By
    Sean Michael Kerner
    -
    April 25, 2019
    Share
    Facebook
    Twitter
    Linkedin
      1088_UnauthorizedCryptocurrency

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Symantec reported on April 25 that an unknown group of attackers is making use of the same EternalBlue vulnerability that enabled the WannaCry ransomware attack to conduct cryptojacking attacks on enterprises.

      The attack has been dubbed “Beapy” by Symantec and apparently has been ongoing since January 2019. According to Symantec’s report, Beapy is a cryptojacking worm that initially infects systems via a phishing attack. If the attacked system has not been patched for the EternalBlue vulnerability, Beapy is then able to spread across an enterprise’s network, infecting other systems and using them to mine cryptocurrency.

      “Multiple nefarious groups have leveraged EternalBlue since it was leaked in April 2017 and have incorporated them into a myriad of threats,” Alan Neville, threat intelligence analyst for Symantec, told eWEEK.

      The EternalBlue vulnerability is a flaw in Windows that was patched by Microsoft with its MS17-010 advisory in March 2017. A month later in April 2017, working code for an EternalBlue exploit flaw was publicly revealed by a group known as the Shadow Brokers. EternalBlue is also the flaw that enabled the WannaCry ransomware attack in May 2017 to spread rapidly.

      Although the EternalBlue flaw was patched by Microsoft in 2017, there are still plenty of systems that apparently have not deployed the patch. The Beapy attack makes use of EternalBlue to get a foothold in a network, but rather than deploy ransomware like WannaCry, Beapy deploys a cryptocurrency mining tool. The activity of conducting unauthorized cryptocurrency mining on a system is commonly known as cryptojacking, 

      Cryptojacking in 2019

      The Beapy campaign comes at a time when cryptojacking is in a state of decline.

      The value of cryptocurrencies has fallen precipitously in recent months and along with that has followed an overall decline in cryptojacking. Symantec reported in its Internet Security Threat Report (ISTR) released on Feb. 19 that there was a 52% drop in the overall number of cryptojacking events between January and December 2018 as the value of the Monero cryptocurrency declined by 90%.

      Beapy makes use of a file-based miner, which is an executable program that conducts the mining directly on the system.

      “The use of file-based coinminers allows the cyber-criminals to mine cryptocurrency faster, and thus make money faster, which is appealing now that cryptocurrency values are significantly lower than where they were at their peak,” Neville said. “While we have not expanded the investigation to determine the potential amount attackers have made through Beapy alone, a 30-day file-based mining generates an average profit per machine of 25 cents.”

      Neville added that with a botnet comprising 100,000 machines, a file-based mining operation could generate up to $750,000 in profit. 

      How Beapy Works

      Beapy is mining the Monero cryptocurrency and, according to Symantec, it is making use of the open-source XMRig mining code. The Beapy attack is also not entirely random, with 98% of Beapy’s victims identified by Symantec as being enterprises, rather than individual consumers.

      Cryptocurrency mining is a very CPU-intensive process and often benefits from the use of GPU acceleration, thought that’s not something Beapy is specifically targeting. Neville commented that nothing specific was identified during analysis related to code that directs Beapy to look for systems with GPUs in order to mine cryptocurrency faster.

      For Beapy to work effectively, the target system needs to be unpatched for EternalBlue, though Neville noted that it might still be able to propagate across a network where systems have in fact been patched.

      “If the system has been patched, EternalBlue won’t be an effective means to gain access to a system on the network,” he said. “However, Beapy also makes use of embedded credential modules such as Mimikatz in order to dump network credentials and use these to spread across networks.”

      Defending Against Beapy

      For organizations, there are a few basic hygiene steps that Neville recommends to help defend against Beapy and other similar risks:

      • Deploy the appropriate patches from Microsoft to stop EternalBlue.
      • Ensure that all employees have appropriate training to recognize and report phishing attacks that are used to deliver malicious files such as Beapy. 

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best Artificial Intelligence (AI) 3D Generators

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×