Cyberattacks on cryptocurrency businesses have seen a recent surge. Cryptocurrencies are fully decentralized and there is no authority that monitors crypto activities, which provides a free hand to attackers to launch attacks at will. In addition, the soaring value of cryptocurrencies is attracting more cybercriminals.
About the attacks
In the last two months, several cryptojacking attacks have been observed targeting businesses such as Hotbit, Nagios XI software, Rarible, and Docker Hub.
- the Prometei botnet has been observed exploiting Exchange vulnerabilities and installing Monero miner. It used an open-source Monero mining software, SearchIndexer[.]exe.
- Another cryptocurrency-stealing malware HackBoss was distributed through Telegram. The malware is believed to have stolen over $560,000 from the victims so far.
- The Lazarus APT group was observed to be running a campaign utilizing BTC Changer malware. The threat group has redesigned its JS sniffers to steal cryptocurrency.
- Last month, U.S. educational organizations were targeted by cybercriminals with the intent to compromise their networks for mining cryptocurrencies such as Monero, Litecoin, Bitcoin, and Ethereum.
Exploited vulnerabilities
Threat actors are actively exploiting several vulnerabilities to mine cryptocurrency or spread miners.
- A threat actor targeted Nagios XI software to exploit a remote command injection vulnerability (CVE-2021-25296), which affected Nagios XI version 5.7.5 in a cryptojacking attack.
- Last month, an ongoing cryptocurrency malware campaign targeted unpatched QNAP NAS devices. The campaign exploited two remote command execution flaws (CVE-2020-2506 and CVE-2020-2507).
Conclusion
As the cryptocurrency market is expected to grow very quickly in the coming years, an increase in cyberattacks is also likely. For better security, organizations are recommended to maintain proper cyber hygiene, use multifactor authentication, and implement the latest patches.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_488843971.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/c459_shutterstock_460459243.jpg)
