Watch Out for WatchDog
Cryptocurrency scams have reached an all-time high because of the rising cryptocurrency trading prices. Threat actors are ceaselessly dropping crypto-mining botnets on unsecured systems. The latest one is WatchDog.
WatchDog, a crypto-mining malware, has been found to be running undetected for more than two years. Researchers have stated that this is the largest Monero cryptojacking attack that has lasted for the longest time. Moreover, it is difficult to put a stop to the attack because of the scope and size of the infrastructure, and hence, it is still in operation. The botnet has hijacked at least 476 Windows and Linux devices, to date.
Be aware, be prepared
Although the campaign currently is focused on cryptojacking, researchers suspect that the attacker can find IAM data on previously compromised cloud devices and can launch more cataclysmic attacks. Moreover, the scale of the campaign is visible from the fact that the operators used 33 exploits to target 32 flaws in popular software, including but not limited to Drupal, Apache Hadoop, Elasticsearch, and Oracle WebLogic.
Making waves in the crypto world
- North Korean hackers earned around $316 million by attacking crypto exchanges between 2019 and 2020.
- Scammers sought out victims on Discord cryptocurrency servers and sent out messages pretending to be from prospective trading platforms giving away cryptocurrency.
- Earlier this month, the nefarious TeamTNT gang launched cryptojacking attacks on Kubernetes clusters.
Cryptojacking on the rise
As stated earlier, cryptojacking has become a lucrative attack for threat actors because of the booming cryptocurrency values. The value for XMR has increased to $469.79, a record high. Public mining pools have led to a 40% rise in network traffic, implying that more mining operations are being conducted.
The bottom line
The WatchDog cryptomining operation has been underway since at least July 27, 2019, and has garnered at least 209 XMR, valued at around $32,000. The threat actors behind it are skilled coders and might launch more dangerous attacks in the near future. Thus, organizations should be cognizant of the related threat indicators.