Researchers Spot Ambitious Bitcoin Mining Malware Campaign Targeting Thousands Daily
Cybersecurity researchers have identified a persistent and ambitious campaign targeting thousands of Docker servers daily with a Bitcoin (BTC) miner.
In a report released April 3, Aqua Security issued a threat alert about the attack, which apparently “has been going on for months, with thousands of attempts almost daily.” The researchers caution: “These are the highest numbers we have seen in some time, far exceeding what we have witnessed to date.”
Such scope and ambition indicate that Bitcoin’s illegal mining campaign is unlikely to be “an impromptu effort” as the actors behind it must rely on significant resources and infrastructure.
Using its virus scanning tools, Aqua Security has identified the malware as a Golang-based Linux agent, known as Kinsing. Malware spreads by exploiting incorrect settings on Docker API ports. It runs an Ubuntu container, which downloads Kinsing and then tries to spread the malware to other containers and hosts.
The ultimate goal of the campaign – accomplished by first exploiting the open port and then carrying out a series of evasion tactics – is to deploy a cryptocurrency miner to the compromised host, investigators say.
Security teams need to improve their game, says Aqua
Aqua’s study provides detailed insight into the components of the malware campaign, which stands out as a compelling example of what the company claims is “the growing threat to cloud-native environments.”
Attackers are improving their game to mount increasingly sophisticated and ambitious attacks, the researchers note. In response, the company’s security teams must develop a stronger strategy to mitigate these new risks.
Among its recommendations, Aqua proposes that teams identify all cloud resources and group them into a logical structure, review their authorization and authentication policies, and adjust basic security policies in accordance with the “least privilege” principle.
Teams should also investigate logs to locate user actions that are logged as anomalies, as well as implement cloud security tools to strengthen their strategy.
Last month, Singapore-based unicorn startup Acronis released the results of its latest cybersecurity survey. It revealed that 86% of IT professionals are concerned with cryptojacking, the industrial term for the practice of using the processing power of a computer to mine cryptocurrencies without the owner’s consent or knowledge.
Disclaimer: This press release is for informational purposes information does not constitute investment advice or an offer to invest. The views expressed in this article are those of the author and do not necessarily represent the views of infocoin, and should not be attributed to, Infocoin.