Illegal cryptocurrency mining outfits that hack servers for profit are having to fight each other for limited resources within the hijacked cloud space. So, on top of getting ahead of the hacked system's security, there's a silent battle ensuing behind the scenes between potential profiteers.
And while it may sound like great fun to watch cryptominers pathetically scuffling over server scraps, this is a fierce contest, one that encourages a certain level of innovation from the involved parties. Their in-fighting only makes them stronger, faster, more agile.
The use of malware to turn profit in the cryptocurrency space has been on the rise in recent years, with security reports in 2018 seeing a 4,000% rise, and it's only been getting more prevalent over the years. After all, why use your own resources when you can hack into someone else's?
As Trend Micro reports, more and more of these illicit cryptocurrency mining outfits are turning to cloud-based servers to maximise profit on wider, more powerful hardware arrays, but it's not always as simple as shouting "I'm in," and watching the zeros roll in.
Trend Micro's recent research paper (PDF warning) goes into more detail, but the crux (outlined in a blog post) is this: "The battle to take and retain control over a victim’s servers is a major driving force for the evolution of these groups' tools and techniques, prompting them to constantly improve their ability to remove competitors from compromised systems and, at the same time, resist their own removal."
The competing groups will utilise kill scripts to knock out rivals, 'obfuscate' code to make it harder to understand, and increase persistence mechanisms such as continual password updates to keep the competition at bay. All the while, batting off backlash from the hacked system's security protocols.
It seems illegal cryptocurrency miners have forgotten the fifth rule of fight club: One fight at a time, fellas.
Best gaming monitor: Pixel-perfect panels for your PC
Best high refresh rate monitor: Screaming quick screens
Best 4K monitor for gaming: When only high-res will do
Best 4K TV for gaming: Big-screen 4K PC gaming
With the competition being so hot, groups are continually churning out "new exploits that enable them to attack systems that their competitors cannot and, at the same time, they constantly improve both their ability to resist being deleted by competitors."
The report cites a rivalry between Kinsing and 8220, two groups who target WebLogic vulnerabilities, who are constantly found pushing back against one another within the infected system, "sometimes even several times a day."
Trend Micro is calling it "a sort of capture-the-flag in the cloud."
This kind of hacking commotion is only going to become more rampant as we move into a more cloud-based future. And this almost parodic dance illegal cryptocurrency miners have found themselves in—having to act as both attacker and defender—will only serve to improve their tactics.
