最有看点的互联网金融门户

最有看点的互联网金融门户
全新的互联网金融模式国际资讯

遭遇恶意挖矿软件攻击,加拿大一大学被迫关闭网络

全新的互联网金融模式国际资讯

遭遇恶意挖矿软件攻击,加拿大一大学被迫关闭网络

环球新闻报道称,位于加拿大新斯科舍省Antigonish的圣弗朗西斯泽维尔大学上周不得将整个网络关闭四天,以抵御加密挖矿恶意软件的攻击。校园电子邮件、Wi-Fi、借记卡交易、在线选课、云存储以及该大学网络驱动器都受到了网络关闭的影响。

在11月4日的声明中,圣弗朗西斯泽维尔大学表示,正在采用"交错方法将系统重新联机,并最大限度地降低潜在风险",并表示攻击者曾试图使用"恶意软件,利用该大学的集合计算能力制造或发现比特币,以获取货币收益。"

加密货币挖掘是一种臭名昭著的竞争性、计算和能源密集型过程,设备开展竞赛,发现由软件设置的用于加密密封数据块的随机数。比特币网络上,成功猜测到新区块的计算机将获得12.5比特币的奖励。通常在加密挖矿攻击中开采的另一种加密货币是名为Monero的"隐私硬币"。

"Cryptojacking"(劫持用户的浏览器用于挖掘加密货币的技术)是一种相对较新的网络攻击形式,今年被邪恶黑客视为勒索软件攻击的首选。

在勒索软件攻击中,恶意软件会将目标计算机的全部或部分系统锁定。用户通常是因为点击感染电子邮件中的链接感染恶意软件,导致恶意软件侵入系统。在锁定系统或数据之后,勒索软件攻击者会要求受害者将加密货币发到特定的在线钱包地址,受害者的系统方可解锁。

在过去的几年中,许多企业在其IT安全部门或咨询人员的建议下,一直持有加密货币,以便快速应对勒索软件攻击。今年,勒索软件攻击有所减少,但是"Cryptojacking"或加密挖矿恶意软件攻击呈现上升趋势。

类似于勒索软件,加密挖矿恶意软件通常通过员工电子邮件感染系统,将网络"僵尸化"并用于加密货币挖矿活动,而不会导致系统或网络关闭。恶意软件通常会关闭被感染系统的"睡眠"功能,设备将进行不间断计算来查找能够获得"块奖励"的数字,计算机处理单元功能将会被弱化。网络的电费也会增加。"Cryptojacking"恶意软件还会将加密收入自动发送到攻击者钱包,而恶意软件提供商也会从中抽利。

截至发稿,圣弗朗西斯泽维尔大学的网络系统已部分恢复。该大学表示,攻击中没有发生个人数据泄露,并要求其网络的所有用户按照"标准做法"更改密码。

St Francis Xavier University in Antigonish, Nova Scotia, Canada had to shut down its entire network for four days last week to fend off a crypto-mining malware attack, Global News reports.

Campus email, Wi-Fi, debit transactions, online course selection, cloud storage, and drives on the St. FX network were all affected by the shutdown.

In a November 4th statement, the university said it was using a “staggered approach in bringing the systems back online to minimize potential risk,” and said attackers had attempted to use, “malicious software… to utilize StFX’s collective computing power in order to create or discover bitcoin for monetary gain.”

Cryptocurrency mining is a notoriously competitive, computing- and energy-intensive process whereby machines compete to discover a random number set by the software that will be used to cryptographically seal blocks of data.

The computer that successfully guesses the long number is currently awarded 12.5 bitcoins for doing so on the Bitcoin network. Another cryptocurrency popularly mined in crypto-mining attacks is a “privacy coin” called Monero.

“Cryptojacking” is a relatively new form of cyber attack which, for better or worse, appears to be eclipsing ransomware attacks as the attack of choice among nefarious hackers this year.

In a ransomware attack, all or part of a target’s computer system is locked up by malicious malware. This malware is often injected onto a system through a link in an infected email.

After locking up a system or data, ransomware attackers then demand that victims forward cryptocurrency to a particular online wallet address in order to have their systems unlocked.

Over the past several years, numerous businesses, at the advice of their IT security departments or consultants, have been keeping cryptocurrency on hand in order to quickly resolve ransomware situations.

This year, “cryptojacking” or crypto-mining malware attacks are on the rise as ransomware attacks decline.

Like ransomware, crypto-mining malware often infects a system through an employee email, but rather than shutting down a system or network, crypto mining malware “zombifies” a network to engage it in 24-7 cryptocurrency mining activity.

Infected systems often have their “sleep” functions overridden by the malware, and computer processing units be run down by the incessant calculations undertaken to find the number that will win “block rewards.”

Power expenses to a network can also go up.

“Cryptojacking” malware also automatically sends any crypto proceeds directly to attacker wallets, with malware providers taking a cut.

At the time of writing, St Francis Xavier University network systems are partially restored.

The University says that no personal data was breached in the attack and has asked all users of its network to change their passwords as a matter of “standard practice.”

用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

栀航 | 未央团队未央编辑团队

57
总文章数

TA还没写个人介绍。。。

英国:2018秋季预算涉及多项金融科技举措

Madhvi Mav... 11-01

与使用数据的公司相比 数据保护公司从股票市场得到的甜头更多

栀航 07-16

英国央行要求金融企业必须接受网络安全压力测试

高旭 | PYMNTS 06-28

安全认证创企Valimail获2500万美元B轮融资

Frederic L... | 猎云网 05-23

世界经济论坛设立金融科技网络安全联盟

高旭 03-07

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1