Messaging security firm Proofpoint has been tracking botnet activity as closely as security vendor. One recent development is the deployment of botnets for hire, such as Necurs, towards illicit crypto mining, or crypto-jacking.
Related article: Crypto jacking spreading faster than ransomware
This silent stealing of corporate computing resources may seem somewhat benign compared to ransomware campaigns or Distributed Denial of Service attacks. In actuality, the harm is material, and this attack development is in a nascent stage.
Last Watchdog asked with Kevin Epstein, Proofpoint’s vice president of threat operations, to frame the impact for businesses.
LW: What precisely is the harm caused to my business, if several of my servers are corrupted and directed to cryto-mining?
Epstein: The primary risk is reduced performance and availability on potentially mission-critical systems like Active Directory infrastructure, web servers, database servers, etcetera.
LW: Does this type of bot activity noticeably drain performance? Or are they stealthily distributed?
Epstein: It depends on the existing workloads and performance of the infected systems. High-performance servers with low to moderate workloads may not experience noticeable impact while older servers with higher utilization are most likely to suffer noticeable impacts.
LW: Will the victim companies even know what’s going on?
Epstein: This will likely depend on the impact the company experiences. However, organizations can detect C&C communications via network intrusion detection systems (IDS) and unusual use of Windows Management Interface (WMI) via a number of endpoint management tools.
LW: How do you expect this threat to evolve over the next few months?
Epstein: We can only speculate, but we may see that as easily-mined cryptocurrencies emerge, threat actors will shift to newer cryptocurrencies as they did from Bitcoin to Monero. We have also observed upticks in cryptocurrency-related threats corresponding to spikes in value.
This is a Security Bloggers Network syndicated blog post authored by bacohido. Read the original post at: The Last Watchdog