Jump to content
Donations Read more... ×
Sign in to follow this  
compgen1534

RedisWannaMine Uses NSA Exploit to Up the Crypto-Jacking Game

Recommended Posts

compgen1534

 

A new generation of crypto-jacking attacks is making the rounds, significantly improving on the unsophisticated campaigns that have characterized such attacks so far.

According to Imperva, the campaigns, one of which the firm dubbed RedisWannaMine, is aimed at both database servers and application servers. And where the first generation of crypto-jacking was limited in complexity and capability (the attacks contained malicious code that downloaded a crypto-miner executable file and ran it with a basic evasion technique or none at all), the new wave of threats are something else altogether. RedisWannaMine demonstrates a worm-like behavior, combined with advanced exploits to increase the attackers’ infection rate.

 

Crypto-jacking, in which a victim’s computer is infected with a coin-mining malware that surreptitiously steals compute power to mind for cryptocurrencies like Bitcoin and Monero, has spread significantly in the last few months as the value of virtual currencies continues to skyrocket. Imperva researchers have concluded that these attacks now account for roughly 90% of all remote code execution attacks in web applications.

 

In this case, the attackers are using a two-pronged infection campaign. First, it runs code to discover and infect publicly available Redis servers. It does so by creating a large list of IPs, internal and external and scanning port 6379, which is the default listening port of Redis.

Secondly, it uses a script to scan for the same server message block vulnerability that was used by the NSA to create the infamous Eternal Blue exploit – the root vector behind WannaCry. When the script finds a vulnerable server, it launches the infection process for the crypto-miner malware.

 

Between the two prongs, RedisWannaMine is taking aim the attack surface from both the database and application sides.“In a nutshell, crypto-jacking attackers have upped their game and they are getting crazier by the minute,” researchers said in an analysis.

 

Source: https://www.infosecurity-magazine.com/news/rediswannamine-uses-nsa-exploit/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×