Security News
Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected. The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.
A fileless worm dubbed FritzFrog has been found roping Linux-based devices - corporate servers, routers and IoT devices - with SSH servers into a P2P botnet whose apparent goal is to mine cryptocurrency. Simultaneously the malware creates a backdoor on the infected machines, allowing attackers to access it at a later date even if the SSH password has been changed in the meantime.
Microsoft just found a campaign that exploits Kubernetes to install cryptomining software in its Azure cloud. Kubernetes is an open source project that lets administrators manage software containers en masse, and it runs in cloud infrastructures like Microsoft's Azure.
The Kubeflow open-source project is a popular framework for running machine-learning tasks in Kubernetes. Because Kubeflow is a containerized service, these various tasks run as containers in the Kubernetes cluster, and each can present a path for an attacker into the core Kubernetes architecture.
Sadly unlawful cryptomining is still a thing, and SophosLabs has just published a report that follows the evolution and operation of the cybercrime gang behind a botnet known as Kingminer. Servers have two desirable properties for cryptomining abuse, namely that they're always on, so any unauthorised mining runs 24/7, and they're usually much more powerful than the average laptop, so the crooks can dial in decent earnings without taking over the server so completely that they get noticed.
Several supercomputers across Europe were taken offline last week after being targeted in what appears to be a crypto-mining campaign. While CSCS' notice says that the background of the attack is currently unclear, the European Grid Infrastructure security team issued an alert claiming that the purpose of the attack is cryptocurrency mining.
Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.
Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.
For the last two years or so, attackers have been infecting and reinfecting poorly secured MS SQL servers, booting other criminals' malware from them and exploiting their compute power to mine Vollar and Monero cryptocurrency. Microsoft SQL Server is a relational database management system/software that can run on computers running any of the most popular operating systems.
A recently uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign. Vivin is unique due to its longevity - the threat actor has been active since at least 2017 - and researchers with Cisco Talos point to Vivin as a good example of why cryptomining malware isn't going anywhere, despite a loss in the value of Monero over the past few years.