Windows Servers on AWS Are Now the Target of Cryptojacking Attacks

The surge of attacks over the last few years has been in the spotlight, although – and interestingly – it slowed down during the coronavirus pandemic. However, it didn’t mean that cryptojacking lost steam at all, as threat actors remained active behind the scenes.

The Splunk Threat Research Team recently unveiled malware that targets Windows servers running on AWS. The crypto botnet is distributed via Telegram and has the capabilities to generate bots and execute codes remotely. As usual, most cryptojacking attacks target systems that work with Remote Desktop Protocol (RDP), and this case is not an exemption to the rule.

Iranian and Chinese Hackers Involved?

Investigators traced the origin of the botnet and all points to Iranian and Chinese IPs. But, which cryptocurrency do the hackers use? In this campaign, Monero (XMR) was the chosen one for the threat actors. Interestingly, Monero’s wallet used for the cryptojacking attack was also involved in a 2018 crypto-mining malware attack campaign that relied on the same botnet.

“The STRT has now observed the resurfacing of this botnet using Telegram as C2 Infrastructure,” the researchers noted.

Why do the ‘cryptojackers’ often use XMR wallets to collect the cryptos mined? Simply: Monero is well-known for being a privacy coin, and its CPU mining still offers a modest profit compared to other cryptocurrencies in the market.

Returning to the recent coronavirus-driven slowdown in the cryptojacking attacks, Unit 42, the global threat intelligence team at Palo Alto Networks, revealed in April that cryptocurrency-mining malware attacks with Monero posted a decline for the first time since 2018 when the researchers first started to trace such kind of cyberattacks with XMR mining.

And one factor that raises concerns among the businesses and enterprises that host massive IT infrastructures is that cryptojacking attacks could remain undetected for an extended period of time. In fact, hackers’ use of cloud servers during the almost-undetected illicit crypto mining can explain such a factor.

Although XMR is the preferred coin for cryptojacking purposes, Bitcoin (BTC), Ether (ETH), Litecoin (LTC), and DASH are also used in some of the attacks related to crypto mining malware campaigns. Still, figures from the cybersecurity industry put Monero in the first place ranking as the favorite cryptocurrency for the threat actors who always try to find ways to reinvent their intrusion techniques.

Leave a Reply

Your email address will not be published.

Related Articles
Read More

What Are The Safest Ways To Store Bitcoin?

Traders are at risk of their Bitcoin being stolen on exchange platforms. One can lose Bitcoin due to computer hacking, misplacement of private keys, or computer issues. If you do not want to fall victim, use any of the following ways to store your Bitcoin:...