"Attacks aimed at delivering cryptocurrency mining tools on enterprise networks have gone up as much as six times, according to telemetry data collected by IBM's X-Force team between January and August 2017.
A recent report by fellow cyber-security firm Kaspersky found that cryptocurrency mining malware also infected over 1.65 million machines running Kaspersky solutions in the first eight months of the year.
While Kaspersky collected data mainly from desktop endpoints, IBM's telemetry gathered data from servers and other enterprise systems.
Attackers hid cryptocurrency miners inside fake image files
According to IBM, most of the infections the company saw during the first eight months of the year involved the same mining tool and similar infection techniques.
IBM's Dave McMillen told Bleeping Computer via email that attackers used "a wide range of exploits [...] to first compromise [...] CMS platforms (WordPress and Joomla and JBoss server) prior to launching the subsequent CMDi [command injection] attack," that installed the cryptocurrency mining tool.
"These [mining] tools were hidden within fake image files, a technique known as steganography, hosted on compromised web servers running Joomla or WordPress, or stored on compromised JBoss Application Servers," McMillen says."
https://www.bleepingcomputer.com/news/security/attackers-take-over-wordpress-joomla-jboss-servers-to-mine-monero/
A recent report by fellow cyber-security firm Kaspersky found that cryptocurrency mining malware also infected over 1.65 million machines running Kaspersky solutions in the first eight months of the year.
While Kaspersky collected data mainly from desktop endpoints, IBM's telemetry gathered data from servers and other enterprise systems.
Attackers hid cryptocurrency miners inside fake image files
According to IBM, most of the infections the company saw during the first eight months of the year involved the same mining tool and similar infection techniques.
IBM's Dave McMillen told Bleeping Computer via email that attackers used "a wide range of exploits [...] to first compromise [...] CMS platforms (WordPress and Joomla and JBoss server) prior to launching the subsequent CMDi [command injection] attack," that installed the cryptocurrency mining tool.
"These [mining] tools were hidden within fake image files, a technique known as steganography, hosted on compromised web servers running Joomla or WordPress, or stored on compromised JBoss Application Servers," McMillen says."
https://www.bleepingcomputer.com/news/security/attackers-take-over-wordpress-joomla-jboss-servers-to-mine-monero/