A surge of cyberattacks on cryptocurrency businesses has been seen recently by the cybersecurity community. We all know that cryptocurrencies are fully decentralized. They have no authority that monitors crypto activities and transactions, which provides a free hand to threat actors to conduct attacks at their will. This fact, in addition to the soaring value of cryptocurrencies, is definitely attracting more cybercriminals.
A couple months ago, there are several cryptojacking attacks discovered targeting businesses such as Nagios XI, Hotbit, Docker Hub and Rarible:
- The Lazarus APT hacking group seemed running a campaign using BTC Changer malware; the threat actor group had redesigned their JS sniffers to also steal cryptocurrency
- Another crypto-stealing malware, HackBoss, has been distributed through Telegram. It is believed that this malware has stolen more than $560,000 from all its victims
- In the previous month, the educational organizations in the US were targeted by threat actors aiming to compromise their systems and networks for cryptocurrency mining such as Litecoin, Monero, Bitcoin and Ethereum
- Prometei botnet was discovered exploiting Exchange vulnerabilities and installing the Monero miner. The botnet used SearchIndexer exe, an open–source Monero mining software
The threat actors are actively exploiting several known vulnerabilities to spread miners and mine cryptocurrency. One of the attackers targeted Nagios XI software that aims to exploit CVE-2021-25296, a remote command injection vulnerability that affects Nagios XI version 5.7.5 for a cryptojacking attack. An ongoing cryptocurrency malware attack campaign targets unpatched QNAP NAS devices from last month until now. The ongoing campaign aims to exploit CVE-2020-2506 and CVE-2020-2507. Both are remote command execution vulnerability flaws.
Everyone expects to see the rapid growth of the cryptocurrency market in the coming years.
Hence we are expecting an increase in cyberattack activities. To avoid getting victimized by cryptocurrency mining and cryptojacking exploits, we urge every organization to implement better cybersecurity systems and policies. Maintain proper cyber hygiene, enable multifactor authentication, and immediately implement the latest security patch updates for peace of mind.