Cryptocurrency-mining bot targets devices with SSH service
Target: Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port.
Attack Vector: Cryptocurrency miner.
Summary: A newly discovered cryptocurrency-mining bot is targeting Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port, enabling it to exploit vulnerable devices. Not only are attackers targeting IoT connected devices, they are also capable of carrying out cryptocurrency mining in the background. The IP related to the attack has been identified as 220.127.116.11, which is based in the US, California, and connected to the organisation Vivid Hosting. It has seen to be typically landing on port 22, an SSH service. This implies the attack could be applicable to all servers and connected devices with a running SSH service.
Risk assessment summary: This threat has been assessed as 3c MODERATE. If successful, the attacker can install a cryptocurrency miner on to a device using social engineering tactics. Once the miner has been installed, the attackers can funnel profit, in the form of Monero and Ethereum cryptocurrency, over to a scam website. However, the likelihood of infection is mitigated by employing good security practices to protect against phishing or embedded email delivered malware.