HomeTech PlusTECH & OTHER NEWSWashington State educational organizations targeted in cryptojacking spree

Washington State educational organizations targeted in cryptojacking spree

US educational organizations are being targeted by threat actors intent on compromising their networks to covertly mine cryptocurrency. 

Otherwise known as cryptojacking attacks, this form of assault is usually mired in stealth as the overall aim is to quietly install cryptocurrency mining components that leech stolen computational power. 

Miner software abused by cyberattackers may attempt to generate cryptocurrency including Monero (XMR), Litecoin (LTC), Bitcoin (BTC), and Ethereum (ETH), and even if small amounts are mined, compromising large numbers of systems can make these attacks lucrative.  

According to a new advisory released by Palo Alto Network’s Unit 42 team, cryptojacking incidents have recently taken place against educational institutions in Washington State.

The researchers say that a UPX-packed cpuminer — used to mine LTC and BTC — has been delivered by way of malicious traffic. 

The first attack, spotted on February 16, involved a malicious HTTP request sent to a domain owned by an educational establishment that at first seemed like a “trivial command injection vulnerability,” according to the team, but upon further examination, revealed that it was actually a command for a webshell backdoor. 

If deployment is successful, the backdoor is then able to call and execute the cryptomining payload. In addition, the malware will download a mini shell that pretends to be a wp-load.php file.

“Since the mini shell is not moved elsewhere, we speculate that the current directory of the mini shell, as well as the backdoor, is a web directory exposed to the internet,” the report says. 

Cryptocurrency mined on infected systems is sent to two wallets owned by the operators (1,2). 

In two other incidents, there were some differences when it came to user agent strings, pass values, and algorithms, but the general attack method remained the same. 

“The malicious request […] exhibits several similarities,” Unit 42 noted. “It’s the same attack pattern delivering the same cpuminer payload against the same industry (education), suggesting it’s likely the same perpetrator behind the cryptojacking operation.”

In March, a study of K-12 schools across the United States revealed a “record-breaking” year of cybersecurity incidents in 2020. The report cataloged over 400 incidents including ransomware, phishing attempts, website defacement, and denial-of-service (DoS) attacks. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS