Security researchers have warned of a sharp increase this year in cyber-attacks targeting enterprise computers with embedded crypto-currency mining tools.
IBM Managed Security Services (MSS) senior threat researcher, Dave McMillen, explained that the firm had seen more than a six-fold increase in attacks during the period January-August.
All of these attacks involved the same mining tool which supports several different currencies, although CryptoNote-based currencies such as Monero (XMR) were most popular among the black hats.
Typically, attackers are attempting steganographic techniques to hide such tools inside fake image files hosted on compromised web servers running Joomla or WordPress. Compromised JBoss Application servers are another target, said McMillan.
It’s unknown whether the malicious actors compromise the servers themselves first or scan for content management systems that have already been hacked.
Firms in manufacturing (29%), financial services (29%) and arts & entertainment (21%) sectors have experienced the highest volume of attacks over the eight-month period, indicating that these may have a larger number of vulnerable targets.
Attackers are increasingly interested not in IoT devices – although they may be easier to compromise – but in poorly protected servers.
“Server-based targets have a wider range of power — certainly much more than the plethora of IoT devices that typically come with very little computing power,” explained McMillan.
“We may soon see a worm designed to mass-infect computers ranging from enterprise-level servers right down to the one from which you’re reading this blog to mine coins. On monitored devices, such activity would typically affect the endpoint’s performance and may be detected and shut down promptly after mining commences.”
Cross-site scripting, brute force/default password attacks, command buffer overflow exploits, SQLi and command injection, and any other attack involving the injection of executable code could be used in a crypto-mining raid, he added.
IBM recommends prompt patching of bugs, changing default security credentials, app whitelisting, input validation on web apps and improved user awareness to help mitigate the threat.
Last week, Kaspersky Lab revealed it has blocked 1.65 million crypto-currency mining attacks on its customers already this year, a major increase on the 700,000 seen in 2014.
North Korean hackers are known to be actively focused on stealing Bitcoins and other online currencies to fund the regime there.