Hackers attack servers to mine cryptocurrencies
The topic of digital security is increasingly featured in our news reports. But this is absolutely logical, because today cryptocurrencies cost a lot of money, which attracts the attention of hackers. Rookie crackers seek to attack unsecured devices to generate income and prepare for major attacks. Well, advanced scammers successfully hack even advanced digital solutions. Like Apache, Oracle and Redis servers. Just today it became known that representatives of the Rocke hacker group used the vulnerabilities of these protocols to extract cryptocurrencies. Let’s discuss how to protect your servers from attacks and avoid falling victim to digital criminals. So let’s get started.
Who are Rocke-hackers
Without exaggeration, we are talking about one of the most prepared, arrogant and dangerous hacker groups of our time. Representatives of this unofficial organization are engaged in many types of hacking, but the main area of work is cryptocurrency mining. Monero cryptocurrency, which criminals extract using computers of their victims, was chosen as a source of income. Fraudsters are in constant search of weakly protected devices that are infected with specialized programs and are used to make a profit. Criminals are widely known all over the world, they are actively eliminating competitors and waging real digital wars with opponents and government officials.
These are serious specialists to be wary of. In their work, scammers use fundamentally new programs that are able to hack even time-tested servers. Which is exactly what happened with Apache, Oracle and Redis. Recall that it is on these services that most sites are built, both amateur and serious corporate resources. For the first time, the group’s activity became known in 2018. Digital security experts have noticed that most attacks follow a similar approach. During the investigation, it was established that Rocke was responsible for tens of thousands of infected computers.
How the virus works
Security specialists at Palo Alto Networks note that the malicious solution is dangerous and almost elusive. When it hits the server, the virus immediately settles in the very depths of the system, from where it begins its destructive activity. In the case of Apache, the messaging functionality is defeated. The situation is similar with Oracle, but the biggest blow falls on Redis. This server is hitting the direct database. It is noteworthy that the virus seeks to take full control over the activity of the equipment, and therefore removes all competing malware. The next ones to disable security programs that detect dangerous applications. The virus simply turns off some of the processes that can detect it.
And, finally, having cleared the field for activity, the program by hackers intercepts control over the workload of the equipment. Every operation of the system is monitored and optimized to channel free productivity towards remote mining of Monero. The cryptocurrency is mined and the profits are sent directly to the scammers’ wallets. In this case, the user may not notice the infection for a long time, but the impact on performance is obvious. So if you notice problems with the speed of your site, be sure to check the system for reliable functionality and, if necessary, do the deepest cleaning possible.
Statistics show that recently of all attacks made on servers, about 95% had remote currency mining as their goal. The virus can be obtained in a variety of ways, its name is Pro-Ocean. So be careful on the internet and follow all the crypto industry news with us. We publish only high-quality, interesting material. Thank you for attention. Good luck!