Recently cryptojacking attacks have been spreading like wildfire and Imperva has witnessed that these attacks hold roughly 90% of all remote code execution attacks in web applications. However, this week a new generation of cryptojacking attacks was discovered which is aimed at both database servers and application servers.
Researchers from Imperva discovered the extremely complex cryptojacking attack dubbed RedisWannaMine, which is powered by Redis and NSA exploits and aimed at both database servers and application servers.
RedisWannaMine is more complex in terms of evasion techniques and capabilities. It demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets.
In a nutshell, cryptojacking attackers have upped their game and they are getting crazier by the minute!
To protect against the attack, Imperva recommends the following:
- Protect your web applications and databases. The initial attack vector was introduced through a web application vulnerability. A properly patched application or an application protected by a WAF should be safe.
- Make sure you don’t expose your Redis servers to the world. This can be achieved with a simple firewall rule.
- Make sure you don’t run machines with the vulnerable SMB version in your organization. You can use thisawesome tool to do check it