A real case of network attack. It could happen to you.
Recently, ABT Security Systems investigated that one of our clients’ servers was compromised using an automated password testing application on vulnerable accounts with weak passwords. The attacker was able to use the hardware resources of their server for Crypto currency (named Electroneum) mining in order to generate financial gain.
The attacker performed an automated password guessing attack (Brute Force) to identify weak credentials in order to gain unauthorised access to the server. After multiple failed login attempts the attacker was able to gain access to the server using the insecure credentials of a user. The attacker created an automated sequence that performs crypto currency mining activities.
This client used a self-managed in-house server. The abnormal operation of the server was noticed by the client when printing was slow. ABT investigated and took immediate actions to stop the unauthorised intrusions:
- immediately killed the processes the hacker had installed；
- changed all users passwords;
- actively blocked connectivity to the Pronto server from all but necessary locations.
The attacker attempted to cover their tracks by clearing all fingerprints and history. However, the attacker was unable to clear the authentication log history.
How to tell if your computer is being used to mine cryptocurrency
The main giveaway is a sudden spike in CPU usage. Most mining scripts try to use as much CPU processing power as possible, so an immediate jump when browsing certain websites or a substantial reduction in processing speed on your server are dead giveaways. Your system may also feel a bit slower when trying to open other windows or programs. You can check the Task Manager on Windows or the Activity Monitor on Macs to check whether usage spikes when you visit a site.