Tag Archive for: miners

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners


Atlassian Confluence

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads.

In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner on victim networks.

The bug (CVE-2022-26134, CVSS score: 9.8), which was patched by Atlassian on June 3, 2022, enables an unauthenticated actor to inject malicious code that paves the way of remote code execution (RCE) on affected installations of the collaboration suite. All supported versions of Confluence Server and Data Center are affected.

CyberSecurity

Other notable malware pushed as part of disparate instances of attack activity include Mirai and Kinsing bot variants, a rogue package called pwnkit, and Cobalt Strike by way of a web shell deployed after gaining an initial foothold into the compromised system.

“The vulnerability, CVE-2022-26134, allows an attacker to spawn a remotely-accessible shell, in-memory, without writing anything to the server’s local storage,” Andrew Brandt, principal security researcher at Sophos, said.

Ransomware and Crypto Miners

The disclosure overlaps with similar warnings from Microsoft, which revealed last week that “multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134.”

CyberSecurity

DEV-0401, described by Microsoft as a “China-based lone wolf turned LockBit 2.0 affiliate,” has also been previously linked to ransomware deployments targeting internet-facing systems running VMWare Horizon (Log4Shell), Confluence (CVE-2021-26084), and on-premises Exchange servers (ProxyShell).

The development is emblematic of an ongoing trend where threat actors are increasingly capitalizing on newly disclosed critical vulnerabilities rather than exploiting publicly known, dated software flaws across a broad spectrum of targets.

Source…


[the_ad_group id="27628"]

Google warns cryptocurrency miners are hacking cloud accounts, suggests ways to counter cyber threat




The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency. (Reuters Image)


© Provided by The Financial Express
The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency. (Reuters Image)

Global search engine giant Google has revealed that hackers are increasingly targeting compromised cloud accounts to mine cryptocurrency. The revelation is part of a new report from Google’s in-house cybersecurity action team.

Google’s cybersecurity team, which spots cyber threats and gives advice on how to tackle them, has come out with a report called “threat horizon” that sheds light on multiple threats currently looming in cyberspace.

As per the report, Russian state hackers have been attempting to dupe users into giving away their passwords on the pretence that they were being targeted by government-backed attackers. In North Korea, hackers have been trying to lure users with fraudulent job offers from big-ticket firms like Samsung.

Crypto miners hacking Google cloud accounts

The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency.

Since “mining” blockchains that underpin cryptocurrencies require a significant amount of computing power and expensive software, 86 per cent of the cloud computing hacks are said to be used to perform cryptocurrency mining.

Democratic countries need to think about creating safe, accountable internet: MoS IT

The cryptocurrency mining software area is downloaded within 22 seconds after the cloud account has been hacked. Cyber-attackers take advantage of vulnerable third-party software and poor customer security to perform the hacks.

Other forms of cyber threat

The Google report says in one instance 12,000 Gmail accounts were targeted by the Russian government-backed hacking group APT28, also known as Fancy Bear, where users were tricked into handing over their user details through email.

Google says the attack was neutralised after all the phishing emails were blocked –’which focused on the UK, the US and India-and no users’ details had been compromised.’

Apple, Google get slapped with EUR 20-Million antitrust fine in Italy over ‘aggressive’ data practices

In another…

Source…

Google warns crypto miners are hacking users’ cloud accounts




text


© Provided by CNBCTV18


The cybersecurity team of Google has released a report claiming that cryptocurrency mining abuse is making Google Cloud accounts vulnerable to hacking.

The report has made startling observations. It alleges that a Russia-based group — APT28/Fancy Bear — launched a Gmail phishing campaign. Google was able to block the attack, said the company.

“Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” said the Google report “Threat Horizons”.

Also Read: Most cryptocurrencies will not survive; pose same problem as unregulated chit funds: Raghuram Rajan

Threat Horizons also said North Korean actors impersonated employment recruiters from Samsung to steal credentials. As part of the breach, malicious attachments were sent to employees at several South Korean anti-malware cybersecurity companies.

The cybersecurity team of Google found that 86 percent of the 50 compromised Google Cloud accounts were used for cryptocurrency mining. The cyber researchers also revealed that the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised in a majority of these breaches. This suggests that the initial attacks and subsequent downloads were “scripted events” not requiring human intervention.

An analysis of the breach attempts revealed that about 10 percent of the compromised Google Cloud accounts were used to conduct scans of other publicly available resources on the internet. The Google team also tracked some fraudsters seeking to abuse Cloud resources to generate traffic to YouTube.

Also Read: Satoshi Nakamoto’s Bitcoin holding: Here’s how much it is worth now

“While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation,” said the report.

The Google team also listed security measures to avoid such breaches. These include using multiple layers of defense to combat theft of credentials and authentication cookies and “hashing authentication” of the code downloaded by clients.

Source…

Cryptocurrency miners are now hacking accounts of Cloud users, Google warns






© Provided by The Indian Express


Google has warned that cyber criminals are now hacking Google cloud accounts to mine cryptocurrency. Details of the hack were highlighted in Google’s first threat horizon report published by the company’s cybersecurity action team.

The report said that 86 percent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, adding that in the majority of cases, the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.

Google’s cloud service is the one of the most popular remote storage system, where the tech giant stores customers’ data and files in a remote server—which is technically capable of being used for crypto mining. Cryptocurrency mining requires high-powered computers, that are competing to solve complex mathematical puzzles, in a process that makes intensive use of computing power and electricity.

Read more |Unregulated cryptocurrency fueling ransomware attacks globally: Report

Interestingly, Google noted that of 50 percent hacks of its cloud computing service, more than 80 percent were used to perform cryptocurrency mining.

Cloud customers continue to face a variety of threats across applications and infrastructure, and many successful attacks are “due to poor hygiene and a lack of basic control implementation,” Google said in its blog post.

Additionally, 10 percent of compromised Cloud instances were used to conduct scans of other publicly available resources on the internet to identify vulnerable systems, and 8 percent of instances were used to attack other targets. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” Google added.

Read more |Regulators don’t have capability to monitor cyber risk in crypto exchanges: Raghuram Rajan

The tech giant has recommended its cloud customers to improve their security by enabling two-factor authentication—it is an extra layer of protection used to ensure the security of online accounts beyond just a username and…

Source…