News broke yesterday that over 526,000 Windows computers —mainly Windows servers— have been infected with Monero mining software by a group that operates the biggest such botnet known to date. This group’s operations have been known to security researchers since last year, and various companies have published reports on its activity. Because the botnet is so massive and widespread, most previous reports covered only a fraction of the group’s entire operation. Nadav Avital, Security Researcher at Imperva commented below.
Nadav Avital, Security Researcher at Imperva:
“Crypto-mining malware is becoming attacker’s popular mode of operation, regardless of their targets. Crypto-mining attacks are directed at any machine that has a public interface to the internet, weather it is a MySQL server, Apache server or a file server. Our latest research show that attackers weaponize old vulnerabilities with new crypto-mining payloads. Our analysis also shows that attackers favour anonymous cryptocurrencies, with Monero being the most prominent. Cryptocurrencies are popular as they are both secure, private and difficult to trace. Since many servers are not updated or patched on a regular basis, attackers have a bigger chance of success. In order to stay protected without worrying about which patch to apply, one should deploy an external security solution that mitigate such attacks even before they reach the server.”