A New Wave of Sophisticated Crypto-Jacking Attacks Emerges
The Evolution of Crypto-Jacking
A new generation of crypto-jacking attacks is on the rise, showcasing a significant advancement from the basic campaigns that have characterized such attacks in the past. Imperva has identified one of these campaigns, named RedisWannaMine, which targets both database servers and application servers. Unlike earlier attacks that were simple in nature, the latest threats demonstrate a more complex and sophisticated approach, showcasing worm-like behavior and advanced exploits to enhance the attackers’ ability to infect systems.
The Rise of Crypto-Jacking
Crypto-jacking involves infecting a victim’s computer with coin-mining malware that covertly uses the device’s processing power to mine cryptocurrencies like Bitcoin and Monero. With the surge in the value of virtual currencies, these attacks have become increasingly prevalent. According to Imperva researchers, crypto-jacking attacks now constitute approximately 90% of all remote code execution attacks in web applications.
The Attack Strategy
The attackers behind RedisWannaMine have adopted a dual approach to infect systems. Firstly, they deploy code to identify and target publicly accessible Redis servers by scanning for the default listening port (6379) of Redis. This allows them to create a comprehensive list of IP addresses, both internal and external, to carry out their attacks. Secondly, they utilize a script to exploit the same server message block vulnerability that was leveraged by the NSA for the Eternal Blue exploit, which was behind the infamous WannaCry ransomware attack. Once a vulnerable server is identified, the infection process for the crypto-miner malware is initiated.
Enhanced Targeting
By combining these two methods, RedisWannaMine targets systems from both the database and application perspectives, significantly expanding its attack surface. This multi-pronged approach highlights the increasing sophistication of crypto-jacking attackers, who continue to evolve their strategies to maximize their impact.
As the threat landscape continues to evolve, organizations must remain vigilant and implement robust security measures to protect against these advanced crypto-jacking attacks.