Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Using FLIR in Incident Response?

Published: 2018-01-30
Last Updated: 2018-01-30 20:11:44 UTC
by Kevin Liston (Version: 1)
1 comment(s)

Take a look at a few lines...

Frist the going rate of a bitcoin:

Next the going rate of monero:

Both are seeing a lot of gains.  How is their performance related to each other?

Here are a few more lines to look at...

The Google Webtrends for the search term "ransomware":

Now the trends for the term "bitcoin":

And the trend for the term "monero":

The peak interest in "ransomware" searches is in May 2017 back when Wanacry was making a lot of noise.  NotPetya hit in June/July of 2017 and that seems to have been ransomware stopped losing its appeal for criminals.  Because NotPetya was a wiper and not actual ransomware, confidence that you would get your files back if you paid the ransom eroded.  Ransomware hasn't disppaered, but it has dropped in popularity.  (There appears to be more money to be made helping people launch ransomware attacks than actually launching attacks see:

Perhaps criminals don't want the amount of attention that incidents like wanacry or NotPetya generated.  Maybe they feel bad about the unintended consequences of locking down a hospital's computer system?  Or maybe there's just more/easier money in finding unused/poorly-secured resources to generate cryptocurrencies.

Crypto miners seem to be the payload du jour.  While writing this down, reader Chis shared the miner that was dropped on one of their servers.  The ad hoc bash script used indicates that there's a bit of red-on-red violence in the ilicit mining scene.  It also seems to be profitable, it looks like the pool used in this instance has generated a dozen or so monero units (is that the right term?) so far.

In response to this trend I'm adding an FLIR camera to my Incident Response jump kit.

Keywords: CryptoCurrency
1 comment(s)
Diary Archives