Criminals exploit on-premise and cloud servers using cryptocurrency mining software

Your on-premise and cloud servers could be compromised by criminals using cryptocurrency mining software.

While your servers are sitting idle, criminals may be monetising your assets whilst plotting larger money-making schemes like extracting valuable data, selling server access for further abuse or preparing dangerous ransomware attacks.

“The cybercriminal underground boasts a sophisticated range of infrastructure offerings to support monetisation campaigns of all types,” said Bob McArdle, Director of Forward-Looking Threat Research for Trend Micro.

Criminals use several methods to gain access to servers, including the exploitation of vulnerabilities in server software, brute-force attacks, stealing logins and deploying malware through phishing attacks. 

These compromised assets are then sold on online portals, the dark web, social media marketplaces and underground forums.

“A good rule of thumb is that whatever is most exposed is most likely to be exploited,” added Mr. McArdle.

As rising adoption of cloud computing continues, businesses should be aware that cloud servers are particularly vulnerable to being attacked by criminals, as they may be lacking sophisticated protection when compared to on-premise equivalents.

A recent report by Trend Micro suggested that, while cryptomining may be innocuous in causing disruption, if you find cryptocurrency mining activity on your servers, this should place your IT security teams on red alert. These servers should then be flagged for immediate remediation and investigation.

Criminals also target websites and content management systems hosted on servers that often run outdated software. Cybercriminals can use covert and difficult-to-detect methods to exploit compromised websites by placing content on a webpage or reselling websites to be used as landing pages for phishing attacks.

Billions of threats blocked during the COVID-19 pandemic

From the start of 2020, cybercriminals shifted their attention to taking advantage of the uncertainty, public fear and unfamiliar remote working environment for many.

In just six months, Trend Micro, a leader in cloud security, blocked a total of 27.8 billion cyber threats, with 8.8 million being COVID-19 pandemic-related and 92% originating from spam and phishing campaigns via email.

“The pandemic has dominated all of our lives during the first half of 2020, but it’s not slowing down the cybercriminals,” said Goh Chee Hoh, the Managing Director for Trend Micro Malaysia and Nascent Countries.

In Malaysia alone, almost 118 million email threats and 2.5 million malware attacks were detected. Amongst these threats, ransomware was a constant factor, as Trend Micro saw a 36% increase in the number of ransomware families compared to 2019.

“IT leaders must continue to adapt their cybersecurity strategies to account for increased threats to their new normal,” suggested Mr. Goh.

To strengthen your cybersecurity strategies in a world of increased remote working, rapid adoption of cloud computing and looming new threats, IT security teams should protect remote endpoints, cloud systems, user credentials and VPN systems.

Humans are often considered the weakest link of cybersecurity chains, so Mr. Goh also recommends refreshing training courses that turn newly dispersed workforces into effective first lines of defence.

Malaysia has started to show signs of improvement in the war against cybercriminals, as startups, homegrown talent and the Government have begun implementing new initiatives and solutions to battle the threats.

Got a story, opinion or more information on this article? Contact us at editor@w.media.
And get the latest updates by signing up to the W.Media Newsletter!

What is the weak link in your cybersecurity strategy?

Southeast Asia is becoming a prime target for cybercriminals, with rapidly growing digitalisation and interconnectivity in the region.

But who or what is the weakest link in your cybersecurity chain making your business vulnerable to cyber attacks?

Register now to find out how you can protect your business and data from the growing threat of cybercriminals on Thursday 24 September.

Get involved in the conversation and connect with your peers on LinkedIn and Facebook using #WMediaEvent!

> View all W.Media digital events

Trend Micro strengthens data sovereignty for Asia Pacific customers with first regional data lake in Singapore

Trend Micro has selected Singapore as the site for its first regional data lake, bringing its XDR suite to Asia Pacific and strengthening data sovereignty for its customers in Asia.

Driven by the demand for a data lake, Trend Micro selected Singapore due to its hub status for businesses across Asia Pacific as well as its strong data protection laws.

The data lake, which stores activity data across individual security tools in an organisation, began operations at the start of August.

“There has been tremendous demand from our customers in the region for XDR capabilities since last year. Now they will be able to have the full XDR experience,” said Dhanya Thakkar, Trend Micro’s Senior Vice President for Asia Pacific, Middle East, and Africa.

With security operations center (SOC) teams up against increasingly sophisticated threats, the XDR solution is said to go beyond endpoint detection and response (EDR) by acting like a black box to record and analyse data from emails, endpoints, servers, cloud workloads and networks in an organisation.

Mr. Thakkar said: “EDR is only one piece of the whole detection and response puzzle. It’s great but it has limited reach, as it only collects data on the endpoints. To have integrated visibility across multiple security vectors is a top-priority item on any SOC’s to-do list.”

The cloud security provider’s XDR solution is purported to address operational nightmares faced by SOC teams, including alert fatigue by automatically combing through noisy cybersecurity alerts identifying potential attacks, contextually visualising alerts to show different stages of attacks, and centralising normalised data to improve efficiency.

“XDR gives us an additional dimension in threat detection. It allows for faster correlation of endpoint events to related services, such as network and email, to help us quickly identify entry points and the spread of infection visually,” said Ian Loe, the Senior Vice President for Cybersecurity, Infrastructure & Performance Architecture at NTUC Enterprise Co-operative Limited.

In their announcement of the first regional data lake in Singapore, Trend Micro also revealed plans for a second data lake to be up and running in Sydney, Australia in October.

What is the weak link in your cybersecurity strategy?

Southeast Asia is becoming a prime target for cybercriminals, with rapidly growing digitalisation and interconnectivity in the region.

But who or what is the weakest link in your cybersecurity chain making your business vulnerable to cyber attacks?

Register now to find out how you can protect your business and data from the growing threat of cybercriminals on Thursday 3 September.

Get involved in the conversation and connect with your peers on LinkedIn and Facebook using #WMediaEvent!