While cryptocurrencies are becoming more popular day by day, some of the threat actors are aiming to use resources of various devices to mine. We have recently seen some attacks on NAS devices as well as on servers just by using the Log4j vulnerability to mine cryptocurrency.
Being detected = cut of the money source
The attackers get more crypto-currency as long as they mine, depending on the computing power of the infected system
According to new research by the cloud security company Aqua, the ongoing crypto mining attack campaign, Autom, has evolved its defensive capabilities to avoid target systems’ defense systems. In the initial attacks that happened in 2019, the attackers were not using any hiding features. In the meantime, the attacks evolved to hide malware’s presence in the systems.
Later versions of the malware that is injected in the name of the Autom campaign have some serious anti-detection features. Some of them even disable the security tools and get the mining payload as five times Base64-encoded which makes them even harder to catch.
While crypto mining attacks are pretty innocent compared to ransomware or espionage attacks, the attacks still use pretty valuable resources on the systems. After the initial breach, they just tend to stay stealth and mine as much as they can until the malware is detected.
- Microsoft has enhanced Defender for Log4j vulnerabilities
- Apache Log4j 2.17.1 is released to fix a new flaw
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- A third, new Apache Log4j vulnerability is discovered
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- CISA published Log4j vulnerability guidance
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited