Wednesday, January 27, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This cryptocurrency mining malware now disables security software to help remain undetected

January 18, 2019
in Internet Security
Why is my keyboard connected to the cloud?
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A form of cryptojacking malware has added the ability to disable cloud security software to help avoid detection and increase its chance of illicitly mining for cryptocurrency without being discovered.

It’s the first time this attack technique has ever been seen, said the researchers at security company Palo Alto Networks’ research division Unit 42 who’ve detailed the technical capabilities of the campaign.

You might also like

Predictive policing is just racist 21st century cyberphrenology

10-years-old Sudo bug lets Linux users gain root-level access

F5 Networks fiscal Q1 revenue, profit beat expectations, revenue outlook higher as well

Cryptocurrency mining malware remains one of the most common threats to internet-connected machines — ranging from IoT devices, to computers, all the way up to server farms.

This particular family of Monero cryptomining malware — which appears to be related to Xbash — targets public cloud infrastructure running on Linux servers, gaining administrative control over the hosts and forcing it to uninstall security products in the same way a legitimate admin would.

But it isn’t all forms of security software that the malware targets in this way: it seeks out five different cloud security products by Chinese firms Tencent and Alibaba in what looks to be specially selected targeting.

The malware is delivered by exploiting known vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion. One example of how this works is that attackers can exploit Oracle WebLogic vulnerability CVE-2017-10271 in Linux to install a backdoor on the system and use it to download crypojacking malware.

As well as running the miner, the malware can also kill any other cryptojacking processes that might already be exploiting the target — a common tactic used by those deploying cryptocurrency mining malware to root out the competition.

But the trump card for this attack is how it’s capable of evading detection from cloud security services by shutting them down. The malware is specially built to not exhibit any malicious behaviours when it first arrives on the system. And it avoids suspicion because it follows procedures detailed on the service provider’s websites as to how to uninstall the Cloud Host Security product.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Researchers say the campaign uses the same kind of Linux coin mining malware as as the Rocke cyber crime group — also known as Iron — which has been very active in recent years. Researchers at Cisco Talos have previously referred to the group as ‘the champion of Monero miners’ and have suggested that the operation is Chinese-speaking.

One of the reasons Rocke is able to flourish is because some administrators aren’t applying patches that have been released to counter known vulnerabilities.

“The vulnerabilities for these products have been patched by the vendors, but the Rocke group took advantage of the fact that some administrators hadn’t deployed those patches,” Ryan Olson, vice president for threat intelligence at Palo Alto Networks’ Unit 42 told ZDNet.

“This evolution indicates that attackers who are compromising hosts operating in cloud platforms are now attempting to evade security products that are specific to those platforms,” he added.

Unit 42 has detailed the Indicators of Compromise for the malware in their technical analysis of the campaign — but a good way to avoid infection in the first place is to ensure systems are up to date and all the latest patches have been applied.

READ MORE ON CYBER CRIME

Credit: Source link

Previous Post

How I used NLP (Spacy) to screen Data Science Resumes

Next Post

Validating CSRF vulnerabilities reported by automated scanners

Related Posts

Predictive policing is just racist 21st century cyberphrenology
Internet Security

Predictive policing is just racist 21st century cyberphrenology

January 27, 2021
10-years-old Sudo bug lets Linux users gain root-level access
Internet Security

10-years-old Sudo bug lets Linux users gain root-level access

January 27, 2021
F5 Networks fiscal Q1 revenue, profit beat expectations, revenue outlook higher as well
Internet Security

F5 Networks fiscal Q1 revenue, profit beat expectations, revenue outlook higher as well

January 27, 2021
Apple fixes another three iOS zero-days exploited in the wild
Internet Security

Apple fixes another three iOS zero-days exploited in the wild

January 27, 2021
Firefox support for Flash ends on January 26
Internet Security

Firefox 85 removes Flash and adds protection against supercookies

January 27, 2021
Next Post

Validating CSRF vulnerabilities reported by automated scanners

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Predictive policing is just racist 21st century cyberphrenology
Internet Security

Predictive policing is just racist 21st century cyberphrenology

January 27, 2021
Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild
Internet Privacy

Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

January 27, 2021
Airport Runway Foreign Object Debris (FOD) Detection System to bolster with Advancement in Sensor Technology!
Data Science

Airport Runway Foreign Object Debris (FOD) Detection System to bolster with Advancement in Sensor Technology!

January 27, 2021
New machine learning tool predicts schizophrenia
Machine Learning

New machine learning tool predicts schizophrenia

January 27, 2021
10-years-old Sudo bug lets Linux users gain root-level access
Internet Security

10-years-old Sudo bug lets Linux users gain root-level access

January 27, 2021
In the Wake of the SolarWinds Hack, Here’s How Businesses Should Respond
Internet Privacy

In the Wake of the SolarWinds Hack, Here’s How Businesses Should Respond

January 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Predictive policing is just racist 21st century cyberphrenology January 27, 2021
  • Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild January 27, 2021
  • Airport Runway Foreign Object Debris (FOD) Detection System to bolster with Advancement in Sensor Technology! January 27, 2021
  • New machine learning tool predicts schizophrenia January 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates