A silent security attack affects 1000 computers around the world

Information security experts at Microsoft recently revealed a serious security attack in the category of “silent attacks”, meaning that it is without the victims ever knowing that it infected 80,000 computers around the world, explaining that cyber criminals were used to This attack is malware specialized in the implementation of what is known as "cryptocurrency mining", during which victims' computers are controlled, to exploit an unknown part of the processing power and electronic memory for the benefit of criminals and attackers who launched it, and they want to obtain and generate high-value cryptocurrency digital currencies , Led by p His «Bitcoin».

This came in a post that appeared on the Information Security Blog on the official Microsoft website, and was written by Gisly Kim, head of the research team in the information security software package produced by Microsoft under the name "Microsoft Defender".

Acceleration and slowly receding

Microsoft experts reported that the new malware used in the attack bears the name "Dexfoot", pointing out that the data resulting from tracking and monitoring this software revealed that it infected more than 80 thousand devices around the world until now, and is considered a new strain of malware That affect computers operating systems "Microsoft Windows".

Experts said that the attackers used the tactic of accelerating and spreading slowly, receding and slowing down slowly, noting that although the attack is a common type of occurrence in the field of "crypto mining", the malicious software used in it involves a high degree of sophistication in the methods of its operation. And its working techniques, which makes it distinct and high-risk among the myriad of malware that are activated at any time for the purpose of currency mining.

They pointed out that one of the most prominent aspects of development and sophistication in the new attack is the methods of evading protection and the means of detection and defense, and its ability to modify the daily threats it carries out, to operate out of the sight of monitoring systems.

"Executing without files"

Experts indicated that the part used in the attack is the only one of the malware, which is installed and stored on the victim's computer, and for each period of time this malicious program works for a short period using a technique known as "executing without files", and through which it runs a Malware is only inside computer memory, making malicious files invisible to traditional antivirus systems, based on tracking the effects of malware.

They added that one of the other aspects of modernity and sophistication in this software is that it uses another technology called "living outside the earth", a technique in which legitimate and acceptable software is used by protection, monitoring and defense systems in the process of mining and mining, instead of using and executing its own executable files .

"polymorphism"

Experts also revealed that the new software attacked the systems and applications of the cloud, as "polymorphism" was used that changes the effects and fingerprints of malware, noting that based on this technology, attackers were able to change the file names and Internet addresses used to launch attacks once everything. It ranges between 20 and 30 minutes.

According to Microsoft experts, the attackers used a method known as "second-stage payload", as a mechanism for spreading this malicious software to victims' computers, a method used to drop malicious software on victim computers, through malicious software of another type, as a means of encryption. Misinformation, as in real war, is when some deceptive tactics are taken to divert the enemy's attention from the real major offensive.

Coin Mining

The process of mining digital currencies means the use of a portion of the processor power of the participant in the mining process to solve the complex mathematical equations coded by the authorities responsible for generating digital currencies, and determined by currency mining sites, from each generation of digital currency after a period of time, which is An internationally recognized activity. There are companies and individuals who buy powerful computers and use them to generate currencies, and they make a lot of money behind it.

And in exchange for those who buy hardware to carry out mining operations, there are thousands of criminals around the world growing malware, whose mission is to remotely control victims' computers, control them, and use them for free in their currency mining activities.

- The new attack features the ability to evade detection methods.