2018, Analysis and Mining - Information Management Today

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. The first group tracked as Pacha Group has Chinese origins, it was first detected in September 2018 and is known to deliver the Linux.GreedyAntd miner.

Mining

Mining Cloud Security IT

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. Redis Spring Data Commons CVE-2018-1273, versions prior to 1.13-1.13.10, x before 1.4.3) 1.13.10, 2.0-2.0.5

Mining

Mining Cloud Access Security

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The analysis of memory dumps and command-and-control connections revealed that the botnet is running a variant of the Ngioweb malware. ” reported Trend Micro. “Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. ” concludes the report.

Healthcare

Healthcare Phishing e-Discovery Mining

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

Worse still, the DFS found, the vulnerability was discovered in a penetration test First American conducted on its own in December 2018. But in Wednesday’s filing, the DFS said First American was unable to determine whether records were accessed prior to Jun 2018.

Insurance

Insurance Financial Services Mining Access

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” continues the analysis.

Mining

Mining Passwords Education Cybersecurity

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” ” reads the analysis published by Palo Alto Networks Unit42. “We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL.” ” continues the analysis. Pierluigi Paganini.

Mining

Mining Authentication Passwords Access

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

Mining

Mining Passwords Communications IT

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Security Affairs

AUGUST 28, 2018

According to the threat intelligence firm Volexity, the CVE-2018-11776 vulnerability is already being abused in malicious attacks in the wild. Just yesterday I wrote about the availability online of the exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2.

Mining

Mining IoT Risk IT

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . ” reads the analysis published by Avast. The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency.

Mining

Mining File names Security IT

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

” reads the analysis published by the expert. ” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. ” continues the analysis.

ROT

ROT Mining Encryption IT

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

CVE-2020-14882 Oracle WebLogic Server RCE, and CVE-2018-20062 ThinkPHP RCE) and targeting sites and systems protected with weak administrative credentials. Upon infecting a system, the malware abuses its resources to mine cryptocurrency. . ” concludes the analysis. ” said Akamai researcher Larry Cashdollar.

Honeypots

Honeypots Mining Encryption Access

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

SEPTEMBER 18, 2018

I talked with Jonathan Sander, Chief Technology Officer with STEALTHbits Technologies , about this at Black Hat USA 2018. The main difference between the two is organization and analysis. For structured data, users can run simple analysis tools, i.e., content searches, to find what they need. Ransomware target.

Unstructured data

Unstructured data Ransomware Mining Encryption

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

” reads the analysis published by Symantec. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. ” The malicious apps were added to the Microsoft Store between April and December 2018.

Mining

Mining Libraries Analytics Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

In our analysis, we found Pro-Ocean targeting Apache ActiveMQ (CVE-2016-3088), Oracle WebLogic (CVE-2017-10271) and Redis (unsecure instances).” ” reads the analysis published by Palo Alto Networks. ” continues the analysis. “Pro-Ocean uses known vulnerabilities to target cloud applications.

Cloud

Cloud Libraries Mining IT

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos.

Mining

Mining IT Security Information Security

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “The analysis showed that the worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows Privilege Escalation.

Mining

Mining Passwords Risk IT

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.

File names

File names Encryption Mining Security

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

. “Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, which uses the Eternal Blue exploit to propagate to vulnerable systems within a local network, is actively spreading in Asia. ” reads the analysis published by F-Secure. ” continues the analysis.

Mining

Mining File names Access IT

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

FEBRUARY 8, 2022

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. ” reads the analysis published by Kaspersky. The analysis of Wroba.g/Wroba.o The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages.

Phishing

Phishing Mining IT Security

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. ” continues the analysis. ” continues the analysis. ” reads a blog post published by Intezer. ” reads a blog post published by Intezer.

Mining

Mining Encryption IT Security

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Mining

Mining Passwords IT Security

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

As stated in a recent Eset report , the Shade infection had an increase during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size (shown in Figure 1). Technical analysis. Table 1: shade ransomware informations.

Ransomware

Ransomware Mining File names Encryption

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

” reads the analysis published Symantec. ” continues the analysis. ” Experts observed a spike in the activity of Beapy in March: Since Coinhive cryptocurrency mining service shut down in March, experts observed a drop in cryptojacking attacks. “ Beapy ( W32.Beapy

Mining

Mining Archiving Phishing Passwords

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud. .

Mining

Mining Cloud Security Access

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

“Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities ? ” reads the analysis published by the experts. ” reads the analysis published by the experts.

Mining

Mining Passwords Risk Security

Smominru Botnet continues to rapidly spread worldwide

Security Affairs

SEPTEMBER 19, 2019

In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. Further data, including Indicators of Compromise, are reported in the analysis published by the experts.

Mining

Mining Access IT Security

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Security Affairs

AUGUST 3, 2018

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. — MalwareHunterBR (@MalwareHunterBR) July 30, 2018. — MalwareHunterBR (@MalwareHunterBR) July 30, 2018. ” continues the analysis.

Mining

Mining Libraries Security IT

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

” reads the analysis published by Avast. “Unlike the aforementioned IoT botnets, this one tries to be more stealthy and persistent once the device is compromised, and it does not (yet) do the usual stuff a botnet does like DDOS , attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.”

IoT

IoT Communications Mining Encryption

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. “Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters.

Search queries

Search queries Honeypots File names Mining

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

Passwords

Passwords Authentication Insurance Mining

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

” reads the analysis published by Palo Alto Networks. In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code.” ” continues the analysis. Further info, including IoCs, are reported in the analysis published by the experts.

Ransomware

Ransomware Mining Passwords Security

Weekly podcast: Reports galore and more cryptojacking

IT Governance

FEBRUARY 22, 2018

This week, we discuss new reports from Cisco, McAfee and the CSIS, and Big Brother Watch, and hear more about malicious Monero mining. Hello and welcome to the IT Governance podcast for Friday, 23 February 2018. I neglected to reveal the sum the criminals managed to mine in the few hours before they were detected.

Mining

Mining GDPR Risk Security awareness

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Security Affairs

JULY 28, 2018

The attackers compromised a font package installed by a PDF editor app and used it to spread a crypto-mining malware on victims’ machines. ” reads the analysis published by Microsoft. The attackers decompiled and modified one MSI file, an Asian fonts pack, to add the malicious payload with the coin mining code.

Mining

Mining Cloud Communications Marketing

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

” reads the analysis published by the experts. In September 2018, researchers observed the Hide and Seek (HNS) IoT botnet targeting Android devices with ADB option enabled. In June, Trend Micro discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). .

IoT

IoT Passwords Mining Manufacturing

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

Security Affairs

SEPTEMBER 26, 2018

” reads the analysis published by BitDefender. ” In February 2018, security researchers at Qihoo 360’s Netlab have spotted an Android mining botnet that was targeting devices with ADB interface open.

IoT

IoT Mining Access Security

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware

Ransomware Archiving Passwords Encryption

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The Outlaw Hacking Group was first spotted by TrendMicro in 2018 when the cyber criminal crew targeted automotive and financial industries. Now, Shellbot has re-appeared in the threat landscape in a recent campaign, targeting organizations worldwide with a new IRC server and new Monero pools, so we decided to deepen the analysis.

Mining

Mining File names Honeypots IT

Cryptomining Campaign involves Golang malware to target Linux servers

Security Affairs

JULY 5, 2019

” reads the analysis published by F5. ” Attackers leverage well-known flaws to compromise target systems, including security issues in ThinkPHP (CVE-2019-9082 and CVE-unassigned) , Atlassian Confluence (CVE-2019-3396) , and the popular Drupalgeddon vulnerability (CVE-2018-7600). .”

Passwords

Passwords Archiving Mining Access

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

Data Matters

SEPTEMBER 11, 2018

This post highlights three important regulatory updates: On August 14, 2018, the Securities and Exchange Commission (SEC or Commission) issued an administrative order, In the Matter of Tomahawk Exploration LLC and David Thompson Laurance , taking action against an unregistered and fraudulent initial coin offering (ICO). securities laws.

Education

Education Blockchain Sales Mining

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Security Affairs

APRIL 23, 2019

Experts also linked the incident to the supply chain attack that targeted CCleaner in September 2018. The Operation ShadowHammer was d campaign was uncovered by experts from Kaspersky Lab and took place between June and November 2018, but experts discovered it in January 2019. ” reads the analysis published by Kaspersky.

Mining

Mining Encryption IT Government

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). ” reads the analysis published by Checkpoint security. “This C&C server has actually been active since 6 th March 2018 but didn’t attract attention because of the low capacity of the “black” botnet at that time. Pierluigi Paganini.

Encryption

Encryption Mining Security Ransomware

Ukraine’s SBU: Russia carried out a cyberattack on Judiciary Systems

Security Affairs

DECEMBER 6, 2018

Technical analysis of the code revealed many similarities with another nation-state malware, the BlackEnergy malware that was specifically designed to target ISC-SCADA systems and attributed to Russian threat actors. Experts observed the exploitation of the Flash zero-day exploit in an attack aimed at the FSBI “Polyclinic No.

Mining

Mining Phishing Government Security

Pacha Group declares war to rival crypto mining hacking groups

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Webinars

Trending Sources

Russia-linked APT28 and crooks are still using the Moobot botnet

Webinars

NY Charges First American Financial for Massive Data Leak

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

MyKings botnet operators already amassed at least $24 million

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

WatchBog cryptomining botnet now uses Pastebin for C2

DirtyMoe modules expand the bot using worm-like techniques

Microsoft warns of Dexphot miner, an interesting polymorphic threat

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Roaming Mantis SMSishing campaign now targets Europe

New variant of Linux Botnet WatchBog adds BlueKeep scanner

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Android Botnet leverages ADB ports and SSH to spread

The Long Run of Shade Ransomware

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Chinese-speaking cybercrime gang Rocke changes tactics

Modular Cryptojacking malware uses worm abilities to spread

Smominru Botnet continues to rapidly spread worldwide

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Torii botnet, probably the most sophisticated IoT botnet of ever

Multiple threat actors are targeting Elasticsearch Clusters

E-Verify’s “SSN Lock” is Nothing of the Sort

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Weekly podcast: Reports galore and more cryptojacking

Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Cryptomining Campaign involves Golang malware to target Linux servers

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Ukraine’s SBU: Russia carried out a cyberattack on Judiciary Systems

Stay Connected