Criminals exploit on-premise and cloud servers using cryptocurrency mining software

Your on-premise and cloud servers could be compromised by criminals using cryptocurrency mining software.

While your servers are sitting idle, criminals may be monetising your assets whilst plotting larger money-making schemes like extracting valuable data, selling server access for further abuse or preparing dangerous ransomware attacks.

“The cybercriminal underground boasts a sophisticated range of infrastructure offerings to support monetisation campaigns of all types,” said Bob McArdle, Director of Forward-Looking Threat Research for Trend Micro.

Criminals use several methods to gain access to servers, including the exploitation of vulnerabilities in server software, brute-force attacks, stealing logins and deploying malware through phishing attacks. 

These compromised assets are then sold on online portals, the dark web, social media marketplaces and underground forums.

“A good rule of thumb is that whatever is most exposed is most likely to be exploited,” added Mr. McArdle.

As rising adoption of cloud computing continues, businesses should be aware that cloud servers are particularly vulnerable to being attacked by criminals, as they may be lacking sophisticated protection when compared to on-premise equivalents.

A recent report by Trend Micro suggested that, while cryptomining may be innocuous in causing disruption, if you find cryptocurrency mining activity on your servers, this should place your IT security teams on red alert. These servers should then be flagged for immediate remediation and investigation.

Criminals also target websites and content management systems hosted on servers that often run outdated software. Cybercriminals can use covert and difficult-to-detect methods to exploit compromised websites by placing content on a webpage or reselling websites to be used as landing pages for phishing attacks.

Billions of threats blocked during the COVID-19 pandemic

From the start of 2020, cybercriminals shifted their attention to taking advantage of the uncertainty, public fear and unfamiliar remote working environment for many.

In just six months, Trend Micro, a leader in cloud security, blocked a total of 27.8 billion cyber threats, with 8.8 million being COVID-19 pandemic-related and 92% originating from spam and phishing campaigns via email.

“The pandemic has dominated all of our lives during the first half of 2020, but it’s not slowing down the cybercriminals,” said Goh Chee Hoh, the Managing Director for Trend Micro Malaysia and Nascent Countries.

In Malaysia alone, almost 118 million email threats and 2.5 million malware attacks were detected. Amongst these threats, ransomware was a constant factor, as Trend Micro saw a 36% increase in the number of ransomware families compared to 2019.

“IT leaders must continue to adapt their cybersecurity strategies to account for increased threats to their new normal,” suggested Mr. Goh.

To strengthen your cybersecurity strategies in a world of increased remote working, rapid adoption of cloud computing and looming new threats, IT security teams should protect remote endpoints, cloud systems, user credentials and VPN systems.

Humans are often considered the weakest link of cybersecurity chains, so Mr. Goh also recommends refreshing training courses that turn newly dispersed workforces into effective first lines of defence.

Malaysia has started to show signs of improvement in the war against cybercriminals, as startups, homegrown talent and the Government have begun implementing new initiatives and solutions to battle the threats.

Got a story, opinion or more information on this article? Contact us at
And get the latest updates by signing up to the W.Media Newsletter!

What is the weak link in your cybersecurity strategy?

Southeast Asia is becoming a prime target for cybercriminals, with rapidly growing digitalisation and interconnectivity in the region.

But who or what is the weakest link in your cybersecurity chain making your business vulnerable to cyber attacks?

Register now to find out how you can protect your business and data from the growing threat of cybercriminals on Thursday 24 September.

Get involved in the conversation and connect with your peers on LinkedIn and Facebook using #WMediaEvent!

> View all W.Media digital events