Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular cryptojacking attacks. This blog post details these detection statistics and analyzes a few interesting cryptojacking campaigns uncovered by Qualys BrowserCheck CoinBlocker.
About Qualys BrowserCheck CoinBlocker
The world heat map below shows the geographical distribution of mining threats as a percentage of detections blocked by Qualys BrowserCheck CoinBlocker. The Top 5 countries where mining threats are detected and blocked are Bulgaria (33%) topped the list followed by India (18%), the United States (16%), Argentina (10%) and Thailand (9%).
Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking.
Yesterday Adobe published the second update (APSB14-26) of Adobe Flash this month, an out of band release. After addressing 18 CVEs in the November 11 update (APSB14-24), the new version of Flash has only a single fix for CVE-2014-8439. Adobe does not say why this CVE is so important that it warrants this unexpected release, but points out that a mitigation for this problem had been introduced already in APSB14-22 in October.
They acknowledge the work of a trio of security researchers that are all quite involved in malware detections in the wild (Sébastien Duquette of ESET, Timo Hirvonen of F-Secure and Kafeine from malware.dontneedcoffee.com) which makes me think that they have seen the initial signs of exploitation attempts. I would address the flaw as quickly as possible.
Internet Explorer 10 and 11 and Google Chrome will autoupdate Flash; on other browsers you will have to run the update yourself. You can use our free BrowserCheck tool to get a quick overview of the security situation on your desktop or laptop. With the BrowserCheck Business Edition you can even control a small network and see how your users are keeping their machines at the latest level.
Updating your computer software for security purposes should be a no-brainer, after all we have been working on this issue for the last 10+ years and it should be a solved problem. Nevertheless, many people use their PCs basically as they received it, ignoring patch warnings, thinking it does not apply to them:
(from a recent dialogue that I had on a news/comment site) or believe they have more important things to do:
At the RSA conference a few weeks ago, we introduced a new free service – the Top 4 Control audit. This service focuses on how to help computer end users and small- to medium-sized companies implement the top 4 security measures first suggested by the Australian government’s ASD division. In their internal forensics, using the four measures were able to prevent over 85% of the incidents that had occurred in the government agencies that they were responsible for. In the last year, the Top 4 controls have been starting to gain acceptance, with both the SANS Institute and the Council on CyberSecurity supporting their implementation. CSIS’s Jim Lewis gave them a very favorable mention in his 2013 paper “Raising the Bar for Cybersecurity”.
With Thanksgiving falling close to Christmas this year, online shopping will be a great way to avoid the crowds and take advantage of retail incentives, including free shipping and returns, and Cyber Monday deals. In fact, industry analyst firm Forrester reports that online holiday sales are expected to reach an all-time high.
Java security has been in the spotlight this year, first because of hackers’ frequent use of Java applets to get onto end-user systems (Microsoft reported in 2013 that over 30% of all web based attacks make use of Java applets). Also, there are concerns about the end-of-life of Java 6, whose public version is now frozen at Java 6u45 from April 2013. Most recently, security researchers at F-Secure reported on the discovery of the first public exploits against vulnerabilities (CVE-2013-2463 and CVE-2013-2470) present in Java 6u45, but they remain unfixed due to its end-of-life status.
Network World recently named Qualys BrowserCheck one of the hottest products at the recently concluded RSA conference 2013. BrowserCheck has been widely adopted by individuals and businesses concerned about attacks that exploit vulnerabilities in browsers and their plugins, especially given trends towards increased remote workers and BYOD. By keeping browsers and their plugins up-to-date with the latest security patches, Qualys BrowserCheck helps secure end-users and keep them safe when they surf the web.
New features in BrowserCheck now make it even easier for IT administrators to continuously monitor user machines remotely and effectively, so that their employees don’t have to worry.
Qualys BrowserCheck (www.qualys.com/browsercheck), our free “online checkup” service, now makes it easier for individuals and businesses to know whether their computers are up-to-date and safe for surfing the web.
With BrowserCheck, not only can you see whether or not your browsers and plugins are current with vendors’ latest releases, now you can also check your Windows PCs for any missing Microsoft Security Updates. In addition, businesses can have this scanning happen automatically, without any user intervention.
IT administrators can now use the enhanced web console in BrowserCheck Business Edition to:
Set how often users’ machines are automatically scanned (such as daily, weekly, or monthly).
Get easy instructions for connecting users’ computers to BrowserCheck.
Continuously track which browsers and plugins are installed on each machine.
Verify that crucial OS security settings are enabled and that OS security updates are being received.
View at-a-glance dashboards and drill down into per-machine status.
Advanced Scanning for missing Microsoft Windows Security Updates. This release provides a simpler way for users on Windows PCs to choose how deeply they would like their computers to be scanned. Instead of having to pick among specific scanning features, users now can simply select a type of scan from a drop-down menu:
Basic– Scan just the browser that is currently being used and its plugins. This is the default type of scan and is like the scan done on non-Windows platforms which can’t use the BrowserCheck plugin. Previously, this was performed when none of the “Scan Options” check boxes were selected.
Intermediate– Scan all browsers installed on this PC as well as their associated plugins (even ones that are disabled). This also checks whether important OS settings are enabled, such as anti-virus, firewall, Windows Update and DNS-changer malware. In the previous release, this was performed when both of the “Scan Options” check boxes were selected.
Advanced (new in this release) – In addition to the checks listed above, this option causes BrowserCheck to identify any missing Microsoft Windows security updates. This is very powerful, but may take several minutes to perform.
Automated scanning. The web-based management console provided by BrowserCheck Business Edition now gives IT administrators the ability to have corporate PCs scanned every day, week or month. Users on PCs no longer have to manually revisit browsercheck.qualys.com; the BrowserCheck plugin will automatically re-scan their computer at the appropriate time. Note that the BrowserCheck plugin is still very lightweight; it only runs when the user’s browser is open, unlike heavyweight agents that run in the background all the time. This approach gives administrators an efficient, reliable way to keep track of what’s installed on each machine and whether it’s still current with vendors’ releases – without interrupting the user.
Easier-to-use lists of scans. The Scans tab now follows the layout used in the Assets tab, making it easier for administrators to drill down into specific scans done on specific machines.
Faster. Switching among different tabs to examine data in different ways is now significantly faster than before.
Give it a try
If you haven’t already used BrowserCheck, go to www.qualys.com/browsercheck to try it yourself or sign up for a free BrowserCheck Business Edition account.
Last week USENIX held its 20th Security Symposiumin San Francisco, and I attended a number of interesting and inspiring presentations.
BTW, the real purpose of the research was to determine if Amazon’s Mechanical Turk can provide an efficient way to install malware on machines, i.e. to see if a botnet could be constructed that way. Answer: it depends. Read the full paper “Putting Out a HIT: Crowdsourcing Malware Installs” itself for a detailed answer to the question and more insight into this fascinating experiment.