Security report finds Monero (XMR) leads in “cryptojacking” exploits
A new cybersecurity report said privacy protocol Monero was used in most of the cryptojacking attacks traced this year. The cryptocurrency remains one of the most-used among illicit groups due to its strong privacy-features, one that even the US Security and Exchange Commission is trying to break into.
Monero emerges on top
Titled “Attacks in the Wild on Container Infrastructure,” the report by Aqua Security claimed to have analyzed over 16,371 attacks on software containers and cloud-native infrastructure over June 2019 and July 2020.
Aqua Security said it saw a 250% spike in attacks on its cloud honeypots since the end of 2019 and start of 2020
— Catalin Cimpanu (@campuscodi) September 14, 2020
It said cloud servers, which power a majority of the world’s enterprising computing software in an online location, remain a major target for cryptojacking, or the illicit mining of cryptocurrencies using a victim’s computing power without thier knowledge. Such attacks are said to siphon hundreds of millions of dollars each year.
Per the report, cryptojacking attacks in the second half of 2019 and the first half of 2020, surged by over 250%. Overall, cryptojacking accounted for a staggering 95% of the 16,371 cyber attacks registered during that period, the report added.
The firm said hackers mainly used Monero-based mining tools in the cryptojacking attacks. For the uninitiated, Monero is a privacy-first cryptocurrency that obfuscates user addresses and transactional trails, making it extremely difficult to accurately trace.
Aqua Security said XMRig, a well-known Monero mining app, was used in most instances to deploy the attacks. The firm explained:
“Although Bitcoin has better publicity than Monero, the last is preferred by the adversaries. We speculate that they choose Monero since it is considered significantly more anonymous than Bitcoin.”
Aqua Security said that the involvement of organized cybercrime groups had led to both an increased occurrence of such attacks and their complexity. This had, in turn, caused the proceeds earned by cryptojacking to increase each year, the firm said.
From scanning the internet for cloud servers exposed online without a password, exploiting vulnerabilities in unpatched systems, and carrying out brute-force attacks, hacker groups have been recently orchestrating supply-chain attacks, the firm noted.
Meanwhile, it added that the malware stored inside malicious software directories on victim computers perform malicious actions only after being installed, making it impossible to detect static analysis or signature-based security systems.
The report confirms the findings of Symantec, another cybersecurity firm. Earlier this year, the firm said cryptojacking attacks had risen by over 163% in the second quarter of 2020 alone and was expected to rise further.