Cryptocurrency mining seems to be all the rage right now. While it wouldn’t be unusual for my clients in the finance industry to be keeping close tabs on technology’s “hottest” trend, I’ve been asked about cryptocurrency by just about everyone, including stay-at-home parents and retirees, mostly because a younger family member is either an avid PC videogamer or aspiring cryptominer trying to find a video card. Why on earth would cryptominers need cards normally focused on digital entertainment? It just so happens that the complex mathematical equations used to calculate the physics and graphics of a video game are very similar to the ones used to mine Bitcoin and other cryptocurrencies. But when they can’t find video cards to fill their mining warehouses, some cybercriminals are resorting to stealing processing power from your hacked server.
“Let my server go?”
Before you go yanking the cables out of your server and network because things are running a little slow lately, keep in mind that Microsoft is busy patching the snot out of the biggest CPU flaw known to man at this point, and as some have predicted, it’s taking a toll on all systems, big and small. However, if your server is running unusually slow, there is a possibility that your network may be compromised by either the Smominru or Wannamine botnets, especially if they include servers or workstations that haven’t been patched in awhile. Unfortunately these particular variants are very hard to detect, and can move laterally through networks as infected machines are isolated and disabled. Early reports from security research firms indicate that these infections are crippling and very hard to remove because they employ methods that include fileless deployment strategies that completely sidestep traditional antivirus protection. In the two above mentioned cases, they are relying on a widely known, but still largely unpatched exploit known as EternalBlue, so eliminating that weakness in your network will add a certain measure of security, but the most effective option by far is to continue training your people to avoid infection vectors in the first place, ie. stop opening those strange attachments and links.