Research from Microsoft reveals that Indonesia had the highest malware encounter rate across the Asia Pacific region in 2019. They conclude that this indicates a surge in cryptojacking and ransomware attacks. The report shows that the region continues to experience a “higher-than-average” encounter rate for ransomware and other malware attacks, posting figures 1.6 and 1.7 times higher than the rest of the world, respectively. Ransomware and cryptojacking attacks on the rise in Indonesia Indonesia had a 10.68% malware attack rate during 2019. While this does represent a 39% decrease, the figures remain two times higher than the regional average, Microsoft …
On June 24, security experts from Palo Alto Networks’ Unit 42 warned about a new self-propagating malware that launches cryptojacking and DDoS attacks against Windows systems. The software operates under the name “Lucifer”. According to the study, Lucifer is a hybrid of cryptojacking and DDoS malware that leverages old vulnerabilities on the Windows platform. Vulnerabilities exploited After breaking the security infrastructure, attackers execute commands that release DDoS attacks. This allows them to install XMRig Miner, a well-known Monero (XMR) mining app, to launch cryptojacking attacks. Palo Alto Networks claims that a related Monero wallet has received 0.493527 XMR so far. …
A new report shows that a Kazakhstani hacker built a million dollar fortune by breaching private networks and selling their data. Researchers at threat intelligence company, Group-IB, said that the hacker, who operates under the pseudonym “Fxmsp,” began promoting their services across darknet. They posted data for sale on hacking-related forums, offering valuable resources stolen from private corporate networks. Some customers have taken to calling the hacker “The invisible god of networks.” Millionaire profits for Fxmsp According to the report, the magnitude of Fxmsp’s cybercriminal business is enormous. They reportedly accumulated $1.5 million in profits over three years by targeting …
Software company and former smartphone manufacturer, BlackBerry, has partnered with Intel to launch a crypto mining and cryptojacking detection system for Intel-based commercial computers. According to the announcement, BlackBerry released “BlackBerry Optics v2.5.1100”, which relies on the BlackBerry Optics Context Analysis Engine, or CAE, to leverage CPU telemetry from Intel Threat Detection Technology to provide enterprises with advanced malware software. This software’s main purpose is to detect cryptojacking attempts. On how the system works, representatives from BlackBerry sent the following comment to Cointelegraph: “BlackBerry and Intel have teamed up to provide a robust defense against cryptojackers in a way unique …
Microsoft announced on June 10 that it had discovered a number of cryptojacking attacks on powerful machine-learning clusters on its Azure cloud computing network. In a blog-post, the company said that some customers had misconfigured nodes, allowing attackers to hijack them to mine the privacy-focused cryptocurrency Monero (XMR). Default settings overridden Microsoft said that it had discovered tens of clusters affected by the attack, which targets a machine learning toolkit, Kubeflow, for the open-source Kubernetes platform. By default the dashboard to control Kubeflow is only accessible internally from the node, so users need to use port-forwarding to tunnel in via …
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Data published by Russian cybersecurity firm Kaspersky indicates that Singapore has seen a significant increase in the prevalence of attempted cryptojacking attacks during the first quarter of 2020. Kaspersky estimates that 11,700 attacks were attempted on devices located in Singapore from January until March — up from 2,900 as of the first Q1 2019. Kaspersky asserted that the spike in attacks is the highest percentage increase posted within the South-East Asian region. Cryptojacking attacks up three-fold in Singapore In an interview with Straits Times, Kaspersky’s general manager for South-East Asia, Yeo Siang Tiong, described Singapore’s high-performance internet infrastructure as attracting …
Developers at blogging platform Ghost have spent the past 24 hours fighting a crypto mining malware attack. Announced in a status update on May 3, the devs revealed that the attack occurred around 1:30 a.m. UTC. Within four hours, they had successfully implemented a fix and now continue to monitor the results. No sensitive user data compromised Yesterday’s incident was reportedly carried out when an attacker targeted Ghost’s “Salt” server backend infrastructure, using an authentication bypass (CVE-2020-11651) and directory traversal (CVE-2020-11652) to gain control of the master server. The Ghost devs have said that no user credit card information has …
Slovakian cybersecurity firm ESET has reported some success in disrupting the workings of a previously undetected Monero (XMR)-mining botnet in Latin America. In an announcement on April 23, ESET said the malware had infected over 35,000 computers since May 2019, with 90% of compromised devices located in Peru. Researchers have had some success in tackling the threat ESET researchers have dubbed the botnet VictoryGate, noting that its main activity has been illicit Monero mining — also known as cryptojacking. This is the industry term for stealth crypto-mining attacks that work by installing malware that uses a computer’s processing power to …
Cybersecurity researchers have identified a persistent and ambitious campaign that targets thousands of Docker servers daily with a Bitcoin (BTC) miner. In a report published on April 3, Aqua Security issued a threat alert over the attack, which has ostensibly “been going on for months, with thousands of attempts taking place nearly on a daily basis.” The researchers warn: “These are the highest numbers we’ve seen in some time, far exceeding what we have witnessed to date.” Such scope and ambition indicate that the illicit Bitcoin mining campaign is unlikely to be “an improvised endeavor,” as the actors behind it …
Cybersecurity firm, Guardicore Labs, revealed the identification of a malicious crypto-mining botnet that has been operating for nearly two years on April 1. The threat actor, dubbed ‘Vollgar’ based on its mining of the little-known altcoin, Vollar (VSD), targets Windows machines running MS-SQL servers — of which Guardicore estimates there are just 500,000 in existence worldwide. However, despite their scarcity, MS-SQL servers offer sizable processing power in addition to typically storing valuable information such as usernames, passwords, and credit card details. Sophisticated crypto-mining malware network identified Once a server is infected, Vollgar “diligently and thoroughly kills other threat actors’ processes,” …
The cybercriminals behind the crypto mining Stantinko botnet have devised some ingenious methods to evade detection. Malware analyst Vladislav Hrčka from cybersecurity firm ESET sounded almost impressed as he unveiled the firm’s latest findings, and potential countermeasures, in a blog post. “The criminals behind the Stantinko botnet are constantly improving and developing new modules that often contain non-standard and interesting techniques,” he wrote. The half-million strong botnet has been active since 2012 and was spread via malware embedded in pirated content. It mainly targets users in Russia, Ukraine, Belarus and Kazakhstan. It originally focused on click fraud, ad injection, social …