Cryptomining malware targets unpatched servers
Cybercriminals are increasingly targeting unpatched server vulnerabilities to infect machines with cryptomining malware, according to a new report.
The study from Check Point Software Technologies sees cryptomining malware dominate Check Point’s Top Ten Most Wanted Malware Index, the Coinhive variant retains the top spot with a global reach of 16 percent. Cryptoloot -- another crypto-mining malware -- is close behind with a global reach of 14 percent, while the Roughted malvertising malware came in third (11 percent).
Two unpatched server vulnerabilities in Microsoft Windows Server 2003 (CVE-2017-7269) and Oracle Web Logic (CVE-2017-10271) are being targeted in order to illicitly mine cryptocurrency. Globally, 46 percent of the world's organizations have been targeted for the Microsoft Windows Server 2003 vulnerability, while the Oracle Web Logic vulnerability was close behind, targeting 40 percent of organizations across the world. Interestingly, old-fashioned SQL injection attacks remained the third most popular vulnerability.
"With crypto-mining malware's consistent growth, cyber-criminals are innovating their techniques in order to find new ways to exploit victims' machines and net more revenue," says Maya Horowitz, threat intelligence group manager at Check Point. "Now that they're seeking to infiltrate networks using unpatched server vulnerabilities, this is a clear reminder to organizations that security basics -- such as patching -- are critical to ensuring that networks remain secure."
Elsewhere in the report, Lokibot, an Android banking Trojan which grants super user privileges to download malware, was the most popular malware used to attack organizations' mobile estates. In second place was Triada, a modular backdoor for Android, followed by Hiddad, Android malware which repackages legitimate apps then releases them to a third-party store.
You can read more about the findings on the Check Point blog.