Connect with us

Hi, what are you looking for?

HEADLINES

Sophos identifies source of ‘MrbMiner’ attacks targeting database servers

MrbMiner is a recently discovered cryptominer that targets internet-facing database servers (SQL servers) and downloads and installs a cryptominer. Database servers are an attractive target for cryptojackers because they are used for resource intensive activity and therefore have powerful processing capability.

Sophos, a global player in next-generation cybersecurity, published a new report on MrbMiner, “MrbMiner: Cryptojacking to bypass international sanctions,” tracking its origin and management to a small software development company based in Iran. 

MrbMiner is a recently discovered cryptominer that targets internet-facing database servers (SQL servers) and downloads and installs a cryptominer. Database servers are an attractive target for cryptojackers because they are used for resource intensive activity and therefore have powerful processing capability. 

SophosLabs found that the attackers used multiple routes to install the malicious mining software on a targeted server, with the cryptominer payload and configuration files packed into deliberately mis-named zip archive files. 

The name of an Iran-based software company was hardcoded into the miner’s main configuration file. This domain is connected to many other zip files also containing copies of the miner. These zip files have in turn been downloaded from other domains, one of which is mrbftp.xyz. 

Advertisement. Scroll to continue reading.

“In many ways, MrbMiner’s operations appear typical of most cryptominer attacks we’ve seen targeting internet-facing servers,” said Gabor Szappanos, threat research director, SophosLabs. “The difference here is that the attacker appears to have thrown caution to the wind when it comes to concealing their identity. Many of the records relating to the miner’s configuration, its domains and IP addresses, signpost to a single point of origin: a small software company based in Iran.

“In an age of multi-million dollar ransomware attacks that bring organizations to their knees it can be easy to discount cryptojacking as a nuisance rather than a serious threat, but that would be a mistake. Cryptojacking is a silent and invisible threat that is easy to implement and very difficult to detect. Further, once a system has been compromised it presents an open door for other threats, such as ransomware. It is therefore important to stop cryptojacking in its tracks. Look out for signs such as a reduction in computer speed and performance, increased electricity use, devices overheating and increased demands on the CPU.”

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Two brilliant minds, Art Abal and Anna Kazlauskas, with their Filipino roots, are reshaping the future of data. Their vision is clear: create a system where no...

COMPUTERS

These include the AI PCs ThinkPad T14s Gen 6 AMD, ThinkBook 16 Gen 7 Powered by Snapdragon X Plus, and innovations Lenovo Auto Twist...

GAMING

Supercell, the developers of Brawl Stars, identified SpongeBob SquarePants as the perfect fit for the game’s humourous, high-energy action.

HEADLINES

“We started Wellness Whispers with a vision to offer products that cater to the wellness needs of our customers,” said Dani Barretto, CEO and...

HEADLINES

“When it comes to mobile computing, AI is not just a buzzword, it's a revolution,” commented George Zhao, CEO of HONOR Device Co., Ltd.

HEADLINES

The partnership between IBPAP and Paywatch is designed to enhance the appeal of the IT-BPM industry to prospective employees by leveraging financial wellness initiatives.

HEADLINES

Under the Load & Fly raffle with SM, four lucky customers won international roundtrip tickets for two simply by entering the raffle when they...

HEADLINES

The Palawan Group of Companies’ mission has always been to serve and bridge families and friends through financial transactions. Meanwhile, as the country's second...

Advertisement