Crypto-miners have been around for several years, in all forms and shapes, and distributed via various attack avenues. Increased competition from other cyber-criminal groups and various defenses set in place at the browser or security solution level have prompted crypto-mining operators to up their game and look for victims in enterprise environments rather than home users.
Bitdefender researchers have taken a closer look at LemonDuck, an advanced attack that compromises enterprise networks for cryptocurrency mining. Some of the more impressive techniques include:
• Various avenues of initial access (phishing e-mails, EternalBlue, RDP, SSH, SQL accounts)
• File-less execution all the way through the final payloads
• Persistence via WMI and scheduled tasks
• Lateral movement with a dedicated module and various techniques
• Leveraging publicly available tools to attain goals (XMRig, PingCastle, PowerSploit).
A complete technical analysis and the Indicators of Compromise associated with this attack are available in the whitepaper below.
*** This is a Security Bloggers Network syndicated blog from Bitdefender Labs authored by Janos Gergo SZELES. Read the original post at: https://labs.bitdefender.com/2020/10/lemonduck-crypto-miner-a-kingminer-successor/
When it comes to detecting phishing and social engineering threats, slow response times are detrimental. Automate online brand protection to take…
Interesting development in Germany to restore phonetics that were erased by the Nazis Before the Nazi dictatorship some Jewish names…
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…
via the comic delivery system monikered Randall Munroe resident at XKCD! Permalink
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…
It's December, so you know what that means: Predictions for what's to come for cyber in 2021. We brought together…