# Opener

Spider-Man: Employees Clicking on Crypto-mining Malware File

Published by Axio

Spider-Man: No Way Home, which debuted in December 2021, is now in its fifth weekend in theaters with over $1.5B in box office sales. Despite being only available in theaters, it is the first pandemic-era film to exceed $1B. The excitement leading up to the film’s release was unprecedented even compared to other Marvel blockbusters and began to take shape back in April 2021, after Disney and Sony finally came to a licensing content agreement for Spider-Man IP. 

Due to this unique licensing agreement between the two studios, it’s likely that the film won’t be available on streaming services for quite some time. People are spending more time at home, and while almost any movie eventually becomes available online for unlawful downloading, the Covid-19 pandemic and popularity of the latest Spider-Man seem to have generated a higher than usual amount of illegal torrenting. The film has earned a 98% audience rating on Rotten Tomatoes, and this significant public interest has caught the attention of cybercriminals looking to cash in on the hype. ReasonLabs, an online protection organization that specializes in enterprise malware protection, discovered crypto-mining malware embedded in a widely downloaded torrent file for Spider-Man: No Way Home.  

Masquerading as a pirated copy of the flick, this file is believed to have originated from Russia, which is notoriously lax on cybercrime. It is an executable file designed to disguise its true nature. Once downloaded, it installs Monero (a type of crypto-currency) crypto-mining malware. Crypto-mining is a painstaking, expensive, and energy-intensive process that requires time and resources. Rather than using their own machines to mine crypto, these hackers use the unsuspecting cinephile’s PC resources to mine cryptocurrency on the dark web. This type of attack is known as “crypto-jacking” and is designed to remain undetected by Windows Defender, which is not able to detect this type of malware or the crypto-mining. The malware injects itself into a critical Windows operating systems program and uses the infected machine’s CPU, GPU, and memory to do its dirty work. This type of strain from high usage results in performance costs and downgraded PC performance. Further, any hacker exploiting this vulnerability can do so with relative ease. All they need to do is get the user to execute the file, and then they’re “good to go.”  

Employees shouldn’t be downloading illegal material in the first place, especially on a work computer. And it’s probably safe to assume that most of these illegal downloads are done by private citizens on their privately-owned machines. However, this latest bout of malware in the headlines serves as a valuable lesson for business leaders on the importance of cybersecurity fundamentals. Compared to ransomware, this type of attack seems less harmful and doesn’t appear to have any immediate effects on its victims. However, crypto-jacking and malware, in general, can be severely detrimental to a business. In addition to degraded system performance and the potential need for hardware replacements, the incursion of crypto-mining malware on any company device constitutes a network intrusion, meaning the business may eventually need to involve attorneys, forensics, and even insurance providers.  

As recommended by the Cybersecurity and Infrastructure Security Agency (CISA) and established frameworks like NIST CSF, cybersecurity should be an ongoing, continuous process that is embedded in the culture of any business. Cyber literacy is no longer optional in the workplace or at home. One of the first matters any cybersecurity awareness training covers is PC basics. Double-checking any link or download before clicking should be a “no-brainer,” and best practices in cybersecurity should be second nature to all employees. Because cybersecurity should be a continuous, ongoing process in a business, CISOs and business leaders must prioritize continuous workflow process improvement in their cybersecurity programs. 

Tackling your cybersecurity program can seem like a daunting task, especially when the “weakest link” in cybersecurity is the end-user and human error. Established cybersecurity frameworks like NIST CSF provide an excellent starting point for companies and their CISOs to begin developing (or improve existing) their security programs. The Axio360 platform is designed to walk CISOs through the steps of a NIST assessment, ultimately helping them get a handle on cyber risk and prioritize cybersecurity projects. Security is a team sport, CISA director Jen Easterly has said. Let Axio360 play a part in getting your team trained and ready to exercise good cyber hygiene and best practices.