Security News > 2021 > August > Splunk spots malware targeting Windows Server on AWS to mine Monero
Data analysis firm Splunk says it's found a resurgence of the Crypto botnet - malware that attacks virtual servers running Windows Server inside Amazon Web Services.
Splunk's Threat Research Team posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol enabled.
Once target VMs are identified, the attackers wheel out an old favourite: brute forcing passwords.
Splunk's security team noticed that one of the Monero wallets used in this campaign was also involved in a 2018 wave of attacks using the same Crypto botnet.
Splunk's advice for those hoping to avoid the attack is simple: stay up to date with patches, use strong passwords, and enable network-level authentication.
Windows admins will also know that RDP is not on by default, for good reasons - advice for those not wanting to avoid the attack is presumably to switch on RDP, use 'Admin/Passw0rd1234' as the login credentials and let 'er rip.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/10/crypto_botnet_targets_windows_on_aws/
Related news
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)