Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Or you can hijack other people’s computers to do the mining.

Mining 149

Ngrok Mining Botnet

Security Affairs

Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure. Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

Threatpost

Cloud Security Malware Vulnerabilities botnet cryptomining CVE-2019-9193 database servers Linux Malware analysis Monero Palo Alto PGMiner PostgreSQL RCE remote code execution security vulnerability Unit 42

Hackers Hijacked Tesla's Cloud to Mine Cryptocurrency

WIRED Threat Level

SecurityThe recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. It’s likely IT and security teams won’t find the infection for months.

Mining 172

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. Researchers at Intezer Labs continued to monitor this cybercrime group and discovered that it is also targeting cloud-based environments and working to disrupt operations of other crypto-mining groups, such as the Rocke Group.

Malicious Docker Cryptomining Images Rack Up 20M Downloads

Threatpost

Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers. Cloud Security Malware

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

Threatpost

A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations. Cloud Security Malware aquasec Bitcoin Mining containers cryptojacking campaign Cryptominer Docker kinsing malware misconfiguration self-propagating

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. “NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

It’s rise in popularity has helped drive a new trend for start-ups to go “Cloud Native,” erecting their entire infrastructure, from the ground up, leveraging cloud services like Amazon Web Services, Microsoft Azure and Google Cloud. Security burden. Though DevOps-centric organizations can gain altitude quickly, they also tend to generate fresh security vulnerabilities at a rapid clip, as well. Rising API exposures are another big security concern, by the way.

Cloud 165

Black-T Malware Emerges From Cryptojacker Group TeamTNT

Threatpost

Cloud Security Malware AWS beta Black-T cloud systems Crux worm Crux worm miner Cryptocurrency cryptojacking malware MASSCAN mimipenquin mimipy Monero Palo Alto Networks pnscan Rocke Pacha teamtnt Unit 42 Worm XMP XMR mining Zmap

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

“These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.”

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things. The company, based in Petach Tikvah, Israel, addresses the problem via a “virtual Hardware Security Module” as opposed to the traditional method of using physical infrastructure. MPC streamlines the process, while also making crypto transactions more secure and resilient, Smart told me. And it would open up new areas of data mining.

Security Affairs newsletter Round 312

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 312 appeared first on Security Affairs.

IoT Unravelled Part 3: Security

Troy Hunt

Now for the big challenge - security. The "s" in IoT is for Security Ok, so the joke is a stupid oldie, but a hard truth lies within it: there have been some shocking instances of security lapses in IoT devices. IoT Security

IoT 111

Security Affairs newsletter Round 308

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.

SpeakUp Linux Backdoor Sets Up for Major Attack

Threatpost

Cloud Security Malware backdoor cpx 360 Linux servers Malware analysis monero mining propagation techniques speakup TrojanArmed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.

MY TAKE: Knowing these 5 concepts will protect you from illicit cryptocurrency mining

The Last Watchdog

The cryptocurrency craze rages on, and one unintended consequence is the dramatic rise of illicit cryptocurrency mining. Related podcast: How cryptomining malware is beginning to disrupt cloud services. So, quite naturally, malicious hackers are busying themselves inventing clever ways to leech computing power from unwitting victims — and directing these stolen computing cycles towards lining their pockets with freshly mined crypto cash. Cloud targets.

Mining 130

Security Affairs newsletter Round 274

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 274 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems.

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. “One of the easiest ways is cryptojacking – the illegal use of someone else’s computing resources to mine cryptocurrencies.

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers.

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

This variant of Xbash is equipped to quietly uninstall any one of five popular types of cloud security protection and monitoring products used on such servers. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Secure your phone.

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Saurabh told me he developed a passion for helping organizations improve the efficiencies of their security operations. Today there exists a widening shortage of security analysts talented and battle tested enough to make sense of the rising tide of data logs inundating their SIEM systems.

Cryptojacking Attack Found on Los Angeles Times Website

Threatpost

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency. Cloud Security Cryptography Malware Privacy Web Security Amazon AWS S3 bucket CoinHive cryptojacking cryptomining Monero Javascript miner

5 IoT Security Predictions for 2019

Security Affairs

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2018 was the year of the Internet of Things (IoT) – massive attacks and various botnets, a leap in regulation and standards, and increased adoption of IoT devices by consumers and enterprises, despite the existence of security and privacy concerns. Increased Motivation for Secure-By-Design Devices.

IoT 67

MY TAKE: Can ‘Network Traffic Analysis’ cure the security ills of digital transformation?

The Last Watchdog

If digital transformation, or DX , is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. NTA refers to using advanced data mining and security analytics techniques to detect and investigate malicious activity in traffic moving between each device and on every critical system in a company network.

Optimizing O365 Impossible Travel

Daymark

Cloud security is a constant concern for organizations of every size. The malicious actor located in Moscow who obtains this userID (likely an email of mine) and password then does a quick lookup on LinkedIn and finds that I work at Daymark. Security Azure Microsoft

What are the future threats in cyber security?

IT Governance

Last week the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) released their annual report on the cyber threats facing UK businesses. Cryptojacking is when cryptocurrency miners are delivered through malware, using a computer’s processing power to illicitly mine cryptocurrency. Many Internet-connected devices don’t contain basic cyber security provisions, making them unsecure and vulnerable to exploitation. Cloud security.

Cloud 53

Security Affairs newsletter Round 181 – News of the week

Security Affairs

The best news of the week with Security Affairs. Feedify cloud service architecture compromised by MageCart crime gang. Flaw in Western Digital My Cloud exposes the content to hackers. Ngrok Mining Botnet. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 181 – News of the week appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

“Most of the compromised nodes were from China and the US identified in the ISP (Internet Service Provider) list, which had Chinese and US-based providers as the highest hits, including some CSPs (Cloud Service Providers).”

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms.

Massive Smominru Cryptocurrency Botnet Rakes In Millions

Threatpost

Researchers say Smominru threat actors are in control of 500,000 node botnet and earning $8,500 daily mining for Monero cryptocurrency. Cloud Security Critical Infrastructure Cryptography Malware Vulnerabilities Adylkuzz botnet Cryptocurrency cryptocurrency miner EternalBlue Menero skinkhole Smominru Smominru botnet Smominru malware Windows Management Infrastructure WMI

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. ” reads the post published by Aqua Security. “This attack stands out as yet another example of the growing threat to cloud native environments.

The Quest for Optimal Security

The Falcon's View

There's no shortage of guidance available today about how to structure, build, and run a security program. Most guidance comes from a standpoint of inherent bias, whether it be to promote a product class, specific framework/standard, or to best align with specific technologies (legacy/traditional infrastructure, cloud, etc.). At end of day, the goal of your security program should be to chart a path to an optimal set of capabilities.

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

MY TAKE: Massive data breaches persist as agile software development fosters full-stack hacks

The Last Watchdog

Many of the high-profile breaches making headlines today are the by-product of hackers pounding away at Application Programming Interfaces (APIs) until they find a crease that gets them into the pathways of the data flowing between an individual user and myriad cloud-based resources. based software security vendor specializing in API data protection. In a sense, software updates and security patches help hackers cut through the swelling complexities of a sprawling software system.

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit.

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” Researchers discovered that the repository contained nine images comprised of custom-made shells, Python scripts, configuration files, as well as Shodan and cryptocurrency -mining binaries.

How to Keep Your WFH Employees Safe From new Cybersecurity Attacks

InfoGoTo

Typically, only work issued laptops and mobile devices are authorized to access an organization’s network unless the user has an approved security exception. LastPass’s 2019 Global Password Security Report found that 57% now use it, up from 45% just a year ago.