2017 and Mining - Information Management Today

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%. This is done to boost the miner execution performance, thereby increasing the speed of the mining process.

Mining

Mining Access IT Authentication

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

FEBRUARY 27, 2019

com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. Coinhive took a whopping 30 percent of the cut of all Monero currency mined by its code, and this presented something of a conflict of interest when it came to stopping the rampant abuse of its platform.

Mining

Mining IT Blockchain Access

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. Oracle WebLogic Server CVE-2017-10271 – versions 10.3.6.0.0, x before 1.4.3) 1.13.10, 2.0-2.0.5 x, 5.10, 5.0.23

Mining

Mining Cloud Access Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based

Mining

Mining Privacy IT Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Arsene: It’s important to understand that crypto mining may seem benign.

Mining

Mining Data breaches Ransomware Cloud

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp.

Mining

Mining Computer and Electronics Blockchain Marketing

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

It’s a PPSX file, seemingly an outdated US Army manual for tank mine clearing blades (MCB). The researchers pointed out that the use of the “script:” prefix demonstrates the exploitation of the vulnerability CVE-2017-8570 , a bypass for CVE-2017-0199. The remote script, named “widget_iframe.617766616773726468746672726a6834.html,”

Military

Military Mining Libraries Security

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Ransomware

Ransomware Mining Communications IT

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.”

Mining

Mining Libraries Analytics Security

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

NOVEMBER 22, 2022

“They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. The bad news for the investors is that HashFlare did not have the virtual currency mining equipment it claimed to have. ” reads the press release published by DoJ.

Mining

Mining Marketing IT Security

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

. “In the web server compromise, Beapy also attempted to exploit an Apache Struts vulnerability ( CVE-2017-5638 ). This vulnerability was patched in 2017, but if successfully exploited it can allow for remote code execution.” ” continues the analysis.

Mining

Mining Archiving Phishing Passwords

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

OCTOBER 12, 2018

Experts pointed out that the Shellbot code first appeared in 2005 and is being used by several threat groups, it was also used in the massive crypto-mining campaign that was exploiting the CVE-2017-5638 Apache Struts vulnerability (CVE-2017-5638) in March 2017. “

Mining

Mining Security IT

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

AUGUST 5, 2018

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection.

Mining

Mining Ransomware Security IT

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The Chaos malware supports more than 70 different commands, including executing propagation through the exploitation of pre-determined CVEs, launching DDoS attacks or starting crypto mining. Some samples analyzed by the experts were able to exploit the CVE-2017-17215 and CVE-2022-30525 , respectively impacting Huawei and Zyxel devices.

Mining

Mining Financial Services IT Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. “Pro-Ocean uses known vulnerabilities to target cloud applications.

Cloud

Cloud Libraries Mining IT

Cryptojacking Displaces Ransomware as Top Malware Threat

Data Breach Today

JULY 5, 2018

Criminals' Quest for Cryptocurrency Continues If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking.

Ransomware

Ransomware Mining IT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining

Mining Passwords Communications IT

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload. The bot used a user-mode rootkit to hide the malicious process and malicious registry entries created.

Passwords

Passwords Mining IoT Security

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

DarkGate is a commodity malware that was first spotted by Fortinet researchers in 2017, it supports multiple features, including the ability to perform the following operations: Execute discovery commands (including directory traversal) Self-update and self-manage Implement remote access software (such as remote desktop protocol or RDP, hidden virtual (..)

Mining

Mining Ransomware Access IT

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining

Mining Passwords Government IT

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

The malware is being distributed via large-scale COVID-19-themed spam campaigns, the messages use an RTF exploit targeting the CVE-2017-8570 Microsoft Office RCE to deliver the malicious payload. “This aspect of the campaign expands the mining operation to support computers running Linux.

Mining

Mining Passwords Authentication Access

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Analyzing other 2017’s threat reports, we noticed the address did not changed over time, different story for the email address. Comparison between the ransom note of Shade 2019 (up) and Shade 2017 (down, source: SonicWall ). However, the mining pool dashboard provides a clue of the current number of infected machines.

Ransomware

Ransomware Mining File names Encryption

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

The list of exploits used by the malware includes EternalBlue , DoublePulsar ; exploits for CVE-2014-6287, Tomcat arbitrary file upload vulnerability CVE-2017-12615 , CVE-2017-8464 ; and three ThinkPHP exploits for different versions of the framework. continues the analysis. The last week of May is the most active period on record.

Mining

Mining File names Libraries IT

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017. In 2017 there were ten times more than in 2016. Experts highlighted that IoT malware is increasing both in quantity and quality. ” concludes Kaspersky.

IoT

IoT Honeypots Passwords Mining

Smominru Botnet continues to rapidly spread worldwide

Security Affairs

SEPTEMBER 19, 2019

In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities.

Mining

Mining Access IT Security

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 22, 2023

Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. Recently, observers noticed Kinsing actors exploiting vulnerable Openfire servers.

IT

IT Mining Cloud Cybersecurity

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

“Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities ? The final stage payload is the open source Xmrig CPU miner that allows PSMiner to mine for Monero cryptocurrency.

Mining

Mining Passwords Security Risk

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

The primary purpose of the KashmirBlack botnet is to abuse resources of compromised systems for cryptocurrency mining and redirecting a site’s legitimate traffic to spam pages. .” reads the first part of two reports published by the experts detailing the DevOps implementation behind the botnet.

CMS

CMS Mining Communications Security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management. The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency.

Financial Services

Financial Services Libraries Mining Retail

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Nheqminer is a great implementation of equihash mining, mainly used on NiceHas but forked many times and todays is getting used for several spare projects as well. Exploring memory snapshots during its execution can be easy to figure out the miner runs over Zcash.Flypool server mining for the following wallet address. Attacker Wallet.

Ransomware

Ransomware Mining File names Encryption

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted.

Security

Security Data breaches Mining Ransomware

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. Recently, Kinsing actors were observed exploiting vulnerable Openfire servers.

Cloud

Cloud Mining Access Security

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Passwords

Passwords Mining Risk IT

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

The experts believe that threat actors behind the campaign leveraged EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) exploits on unpatched Windows and Linux systems, respectively. The name EternalSilence comes from port mapping descriptions left by the attackers.

Mining

Mining Communications Ransomware IT

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target. ” reads the analysis published by Avast.

IoT

IoT Communications Mining Encryption

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Experts observed working exploits for the CVE-2018-7600 in Drupal (aka Drupalgeddon2 ) and the CVE-2017-10271 in Oracle WebLogic, and CVE-2018-1273 in Spring Data Commons.

Search queries

Search queries Honeypots File names Mining

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Security Affairs

AUGUST 28, 2018

“Unlike last year’s Apache Struts exploit ( CVE-2017-5638 ), which was at the center of the Equifax breach , this vulnerability appears easier to exploit because it does not require the Apache Struts installation to have any additional plugins running in order to successfully exploit it.”. continues the report from Volexity.

Mining

Mining IoT Risk IT

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

While security experts have been aware of printer vulnerabilities for quite a while, even previous large-scale attacks on printers like the Stackoverflowin hack in 2017 and the PewDiePie hack in 2018 did not seem to shock the public into securing their networked devices. Securing your printer.

Security

Security IoT Passwords Manufacturing

Court Rules in Favor of Mining LinkedIn User Data

Adam Levin

SEPTEMBER 23, 2019

A federal appellate court ruled that mining and aggregating user data publicly posted to social media sites is allowable by law. LinkedIn sent a cease-and-desist letter to hiQ in 2017 requesting that the company stop accessing and copying data from its servers.

Mining

Mining Privacy Passwords Access

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

SEPTEMBER 18, 2018

But with no orderly internal framework, unstructured data defies data mining tools. Gartner analysts estimate that over 80 percent of enterprise data is unstructured and is growing up to 65 percent a year, enticing cyber criminals to mine the mother lode. Ransomware target. Here are some ways: •Basic inventory.

Unstructured data

Unstructured data Ransomware Mining Encryption

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

More recently, Škorjanc served as chief technology officer at NiceHash , a Slovenian company that lets users sell their computing power to help others mine virtual currencies like bitcoin. In December 2017, approximately USD $52 million worth of bitcoin mysteriously disappeared from the coffers of NiceHash.

Mining

Mining Marketing IT

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Security Affairs

APRIL 23, 2019

The investigators also found a connection between the ASUS attack to the ShadowPad backdoor that was first detected in 2017 and that was attributed to the Axiom group (also known as APT17 or DeputyDog ). The most popular campaign attributed to the APT17 group is the attack on the Google’s infrastructure, also known as Operation Aurora.

Mining

Mining Encryption IT Government

Cryptominer ELFs Using MSR to Boost Mining Process

Crypto Mining Service Coinhive to Call it Quits

Webinars

Trending Sources

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Webinars

500M Avira Antivirus Users Introduced to Cryptomining

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Norton 360 Now Comes With a Cryptominer

Targeted operation against Ukraine exploited 7-year-old MS Office bug

StripedFly, a complex malware that infected one million devices without being noticed

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Cryptojacking Displaces Ransomware as Top Malware Threat

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Necro Python bot now enhanced with new VMWare, server exploits

DarkGate malware campaign abuses Skype and Teams

PurpleFox malware infected at least 2,000 computers in Ukraine

Lemon_Duck cryptomining malware evolves to target Linux devices

The Long Run of Shade Ransomware

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Evolution of threat landscape for IoT devices – H1 2018

Smominru Botnet continues to rapidly spread worldwide

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Modular Cryptojacking malware uses worm abilities to spread

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Oracle critical patch advisory addresses 284 flaws, 33 critical

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs newsletter Round 318

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

DirtyMoe modules expand the bot using worm-like techniques

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Torii botnet, probably the most sophisticated IoT botnet of ever

Multiple threat actors are targeting Elasticsearch Clusters

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Court Rules in Favor of Mining LinkedIn User Data

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Stay Connected