Security News > 2021 > August > Splunk spots malware targeting Windows Server on AWS to mine Monero
Data analysis firm Splunk says it's found a resurgence of the Crypto botnet - malware that attacks virtual servers running Windows Server inside Amazon Web Services.
Splunk's Threat Research Team posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol enabled.
Once target VMs are identified, the attackers wheel out an old favourite: brute forcing passwords.
Splunk's security team noticed that one of the Monero wallets used in this campaign was also involved in a 2018 wave of attacks using the same Crypto botnet.
Splunk's advice for those hoping to avoid the attack is simple: stay up to date with patches, use strong passwords, and enable network-level authentication.
Windows admins will also know that RDP is not on by default, for good reasons - advice for those not wanting to avoid the attack is presumably to switch on RDP, use 'Admin/Passw0rd1234' as the login credentials and let 'er rip.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/10/crypto_botnet_targets_windows_on_aws/
Related news
- Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers (source)
- Microsoft is bringing the Linux sudo command to Windows Server (source)
- Raspberry Robin malware evolves with early access to Windows exploits (source)
- Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
- Microsoft says it fixed a Windows Metadata server issue that’s still broken (source)
- New Migo Malware Targeting Redis Servers for Cryptocurrency Mining (source)
- New Migo malware disables protection features on Redis servers (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)