Last week we announced the discovery of Bondnet, a new botnet that was uncovered by GuardiCore Labs. The originator of Bondnet had installed a cryptocurrency miner and backdoor in thousands of servers of varying power and conscripted them into a botnet – a group of computing devices that can be centrally controlled for malicious purposes.
GuardiCore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS attacks as shown by the Mirai Botnet. Among the botnet’s victims are high profile global companies, universities, city councils and other public institutions.
What’s the hottest commodity cyberthieves are going after these days? Credit card numbers? Medical records? Politicians’ emails? Those may be big, attractive targets. But more and more, attackers are going after unwitting organizations’ compute power. GuardiCore’s Director of Sales Engineering & Architecture, Dave Klein, discusses why in the article published by Dark Reading.
Over the past few months, we’ve been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by mining Monero. The choice of a lesser known currency with a good exchange rate allows the attackers to rapidly gain money while the sophisticated use of safeguards makes it resilient to most disruption attempts, potentially leaving victims infected for years.
We’ve documented thousands of attacks originating from hundreds of IPs, running similar attack flows while using different binaries. In this report we will share our research on the PhotoMiner’s timelines, infection strategies, C&C servers and provide tools to help detect the malware. Read more
Illegal mining is a serious problem in the real world. Lately, it has also become popular with cyber attackers who manage to mine digital currency through untargeted attacks. Untargeted attacks are a common problem, not as attention grabbing as APTs, but still responsible for a large percentage of attacks. In this post, using Guardicore’s Data Center Security Suite, we’ll take a look at yet another type of untargeted attacks, as we first reported with Alex. Our attacker “galaden666” is a Ukrainian gamer who makes money by mining a new digital currency called Litecoins (a variant of Bitcoins) on compromised servers by stealing their CPU cycles.