Connect with us


Researchers Detect Crypto-Mining Worm to Steal AWS Credentials



Cybersecurity researchers have detected what they believe to be the first ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials.

The mining campaign was described as being relatively unsophisticated by Cado Security in their report on Aug. 17. In total, it seems so far to have only resulted in the attackers — who operate under the name TeamTNT — pocketing a paltry $300 in illicit profits.

What struck the researchers’ attention was the crypto-mining worm’s specific functionality for stealing AWS credentials. 

Cado Security understands this as part of a wider trend, showing that hackers and attackers are adapting fast to the rising number of organizations that are migrating their computing resources to cloud and container environments.

Hacking the AWS credentials is relatively simple, the report indicates. TeamTNT’s campaign has moreover recycled some of its code from another worm dubbed “Kinsing,” which is designed to suspend Alibaba Cloud Security tools. 

Based on these recycling patterns, the Cado report notes that researchers now expect to see future crypto-mining worms copying and pasting TeamTNT’s code to hack AWS credentials in future.

As is frequently the case with stealth crypto mining campaigns TeamTNT’s worm deploys the XMRig mining tool to mine Monero (XMR) for the attackers’ profit.

Cado Security investigated MoneroOcean, one of the mining pools used by the attackers, and used it to compile a list of 119 compromised systems successfully targeted by the worm.

Stealth cryptocurrency mining attacks are alternately referred to as cryptojacking — an industry term for the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

This March, Singapore-based unicorn startup Acronis published the results of its latest cybersecurity survey, which revealed that 86% of IT professionals professed concern about the risks posed to their organizations by these attacks.

Source link


Privacy coin Monero pumps 31% amid US taxation plans




Coinciding with news that United States President Joe Biden’s proposed tax plan would require tax reporting on business transactions exceeding $10,000, the value of privacy coin Monero (XMR) climbed 31% on Friday.

Biden’s American Families tax plan would require exchanges and custodians to implement tighter reporting measures to help detect tax evasion and money laundering. Banks and financial institutions would also be required to report account inflow/outflow information to the Internal Revenue Service to help uncover unreported income.

The Treasury Department’s agenda, which was published on Thursday, stated that cryptocurrency business activity remained relatively small but was expected to increase in the next decade.

“Despite constituting a relatively small portion of business income today, cryptocurrency transactions are likely to rise in importance in the next decade, especially in the presence of a broad-based financial account reporting regime,” stated the report.

Just over 24 hours later, Monero led the charts among the cryptocurrency market capitalization top 100 with 31% growth. The coin price climbed from $230 to $304 overnight, adding to a now 84% rebound since Monero sank to a three-month low of $165 during Wednesday’s market crash.

Supplemental technologies that can anonymize the transactions of many well-known cryptocurrencies now exist, but Monero remains one of the few coins focused solely on privacy and is the largest of its kind by market cap.

Launched in 2014, Monero has since become a currency of choice on the drug markets of the dark web, replacing more well-known coins such as Bitcoin (BTC) in recent years. Blockchain analysis poses a threat to anyone using Bitcoin on the dark web, from drug dealers to anonymous journalists. Monero transactions cannot be traced in the same way. The technology has drawn the attention of government agencies worldwide, many of which have offered bounties to anyone who can make the opaque cryptocurrency transparent.

Google Trends data shows that Monero search interest has increased by close to 1,000% in the past year, as the coin price rose 1,300% from March 2020’s valuation of $34. Despite the surge in interest, historic search queries remain a quarter of what they were in December 2017, when Monero’s presence in the market cap top 10 gave it a more visible position in the cryptocurrency shop window.