Hackers have managed to compromise over 50,000 servers across the globe with cryptocurrency mining malware according to a new report released by Guardicore Labs, a Cybersecurity firm. This allowed the hackers to mine virtual coins in a large-scale effort using tools that were not that sophisticated. The initiative was dubbed “Nansh0u campaign” and has been ongoing for the past four months.
According to the report, the cryptocurrency mining malware had been spreading to over 700 new victims every day over the period. The hackers mostly targeted companies that were based in the media, healthcare, IT and telecoms sectors. Guardicore said that it had found over 20 different malicious payloads in the cryptocurrency mining malware overtime where new ones were created at least once every week and immediately put into use. What made the malware even more compelling was the fact that it installed a rootkit that prevented its removal.
After the discovery, the cybersecurity firm proceeded to contact the hosting provider of the attack servers and the issuer of the rootkit certificate. This forced the attack servers to be taken down and the certificate to be revoked.
Interestingly, the attack used sophisticated tools like those used by different nations a clear indication that elite weaponry was now easily accessible to cybercriminals.
Guardicore noted that the package was written in Chinese language tools and was also placed in Chinese Language Servers.
In a statement the firm noted:
“The Nansh0u campaign is not a typical crypto-miner attack. It uses techniques often seen in APTs [advanced persistent threats] such as fake certificates and privilege escalation exploits. While advanced attack tools have normally been the property of highly skilled adversaries, this campaign shows that these tools can now easily fall into the hands of less than top-notch attackers.”
According to the Guardicore, the Cryptocurrency mining malware campaign shows why it’s crucial for companies to have strong credentials protecting their assets. In conclusion, the report noted:
“This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions.”
You may also be interested in;
- Negligence From Microsoft Outlook Allows Hackers To Steal Crypto From Users
- Hackers use double cryptocurrency miners to exploit an Oracle server Vulnerability