SophosLabs has found the source of the recently discovered Cryptominer attacks on SQL database servers. According to the research results of SophosLabs, a small software start-up in Iran is the origin for the "MrbMiner attack".
Numerous hints in the configuration, domain and IP address indicate that the attacker has little ambition to hide well. It is also obvious that the attackers use similar techniques as the MyKings, Lemon_Duck or Kingminer.
Cryptojacking is more than just an annoying evil
“At a time when multi-million dollar attacks are bringing organizations to their knees, there is a temptation to classify cryptojacking as a nuisance rather than a serious threat. But that would be a mistake: Cryptojacking is a quiet and invisible threat, easy to implement and very difficult to detect, ”warns Gabor Szappanos, Threat Research Director at SophosLabs. The complete English-language evaluation is available online.
More on this at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.