Bitdefender discovered a cryptojacking campaign on Microsoft OneDrivewhich has been reaping in recent months over 700 victims. They were often unaware, given that vulnerability DLL sideloading exploited by cybercriminals prevented the system from recognizing the problem. But what are cryptojacking attacks and how to avoid suffering them?
Bitdefender scopre una campagna cryptojacking su Microsoft OneDrive
Cryptojacking is an emerging threat in the IT landscape, so much so that Bitdefender reports growth in global threat reports Year after year. This is mainly due to the increase in the value of cryptocurrencies, which with ups and downs has however significantly increased on average in recent years.
Normally, “mining” cryptocurrencies requires the use of dedicated hardware to produce the tokens to be placed on the market. A procedure that it takes time and a lot of electrical energya (Bitcoin pollutes more than meat production). The cybercriminals then infect the computers or servers of private users or companies to use their resources for the production of crypto tokens. Practically they steal the energy and resources needed to create digital currencieswithout your knowledge.
Bitdefender explains that in this case the hackers used a vulnerability of Dynamic Library Link (DLL) di OneDrive in order to function without being noticed by defense systems. From May 1, 2022 and July 1, it has detected ben 700 cryptohacking cases against OneDrive. And this same vulnerability can also be used for ransomware, spyware and other malware.
So how do you react? Bitdefender recommends that you pay close attention and update both the operating systems of your devices and the antivirus you use. Also, he recommends avoid cracked software and only download applications from safe sources.
But for continued protection from these types of threats, it is necessary to “apply Indicators of Compromise (IOC) to the solutions of prevention and endpoint detection and response“(The devices used).
Security experts can find the full Bitdefender report at this address.