Cryptojacking is not something new in the recent years. Cryptocurrencies are immensely valuable to real cash, making them a good target for earning more money. Cryptocurrencies need to be mined. It’s a computational process of solving puzzles that require heavy hardware power. Recently, hackers were successful in running a Monero miner on several Linux servers using an old vulnerability.
This new campaign used the vulnerability in the Cacti plugin. For those who don’t know, Cacti is a PHP-based open-source tool for monitoring network, more specifically, in its “Network Weathermap” plugin. Using this plugin, servers visualize the network activity via a GUI.
Security experts from Trend Micro also found evidence that this attack is linked to the biggest cryptojacking in the history where hackers were able to earn around $3 million using a specialized Monero miner on Jenkins servers and by exploiting the CVE-2017-1000353 vulnerability. This time, the newer one used the CVE-2013-2618 vulnerability in the Cacti.
The flaw in Cacti allowed hackers to gain permission from the system to execute codes. Using the ability, they installed a modified version of XMRig – a legitimate software that’s used for mining Monero. In addition, they also included a bash script that worked as a watchdog for the mining process. If the miner program was down, it would restart it and if it was running, nothing to do. The checking process continued every 3 minutes.
This campaign earned the hackers 320 XMR ($75,000). All the infected servers were running Linux and major victims were situated in China, Taiwan, Japan and the USA.
What to do now
As long as the campaign is identified, it can be resolved very quickly. However, the hackers are already successful at their intentions. They earned a lot of cash, although less the largest one.
Such attacks demonstrate that our security measures are still not so tight after all. When it comes to updating the host system, system admins often forget or ignore them, as they may contain some complexity. That’s why hackers are able to keep on doing such hacking.
In order to stay protected, update all the software and the OS to the latest edition. It’s really important for fixing up all the known security holes. For every personal user, update all your programs to the latest version.
There are also other advanced cryptojacking campaigns, such as GhostMiner – an awesome malware with fortune on our side.