Crypto-mining malware leaps to Intel-powered Linux systems

News by SC Staff

A coin-mining malware infection has made a leap from Arm-powered internet of things (IoT) devices to Intel systems

A coin-mining malware infection has made a leap from Arm-powered internet of thing (IoT) devices to Intel systems, said Akamai senior security researcher Larry Cashdollar.

"I have been playing close attention to Internet of Things (IoT) malware targeting systems with Telnet enabled, while also collecting samples targeting systems with SSH enabled on port 22," Cashdollar said in his detailed blog post on the discovery,  

One of his honeypot systems snared IoT malware aimed at Intel machines based on Linux.

"I've collected over 650 samples landing in my honeypot within the last week. The earliest sample showed up on 24 July at  20:06. The honeypot allows logins using known default login credentials for root," he wrote.

The malware appears to be an IoT crypto-mining botnet derivative, with this specimen targeting enterprise systems, Cashdollar told The Register. 

"As with other similar attacks, this latest malware capitalises on the abundance of low hanging fruit of default credentials and user names with simple passwords. As we’ve learned over the last 15 to 20 years, there are far too many systems connected to the internet with this type of access which will be easily popped and CPU cycles monetised," Gavin Milllard, VP of intelligence at Tenable.

"The attack originates from a pretty wide IP distribution with clusters in the Americas, Asia, and Europe," Cashdollar wrote in the blog post.

Milllard suggests that organisations should restrict all inbound SSH access, monitor for unusual activity and most importantly have robust credentials for access to thwart this particular coin-mining malware from abusing Linux servers.

Cashdollar too made a similar suggestion.

"System administrators need to employ security best practices with the systems they manage. Unsecured services with unpatched vulnerabilities or weak passwords are prime targets for exploitation and abuse. Strong passwords, a vulnerability remediation plan, and two factors of authentication can go a long way to keep systems secure from the most basic and common attacks," he wrote.

It's often said that when it comes to basic cyber-hygiene that you don't have to run as fast as a bear, just slightly quicker than the person next to you, but in the case of crypto-mining the organisations getting hit by this aren't running, they're laying down covered in honey," Milllard said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews