- Bad Packets LLC has released a report that confirms over 80 cryptocjacking schemes against them
- 170,000 servers have allegedly been compromised
- Crypto related crimes on the rise
As interest in the cryptocurrency industry grows, so does cryptocurrency-related crime. This was evidenced this week when the Bad Packets LLC began investigating incidences of over 80 crypto jacking schemes that targeted Mikro Tik routers.
The results of their investigations have been released and it seems that thousands of devices that make use of their service have been compromised.
The investigation was first triggered by a number of compromises a few months ago which uncovered an even larger problem.
Old Software Vulnerabilities Targeted
The breach of security is, fortunately, not a mystery to Bad Packets who have revealed that it was caused by malicious parties exploiting a vulnerability in their technology.
The vulnerability is CVE-2018-14847 which, unfortunately, is embedded in all versions of Mikro Tik up till version 6.42. However, Mikro released a patch to combat the vulnerability in record time. Unfortunately, the recent report indicates that some device owners and operators have not applied it, which means they are still vulnerable to compromise.
The compromises in question are far from random. In fact, it has been reported that over 170,000 Mikro Tik routers in Brazil alone have been targeted. According to Kenin:
“Let me emphasize how bad this attack is. The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source; carrier-grade router devices.”
Despite several warnings from the company, many routers have continued to be compromised, with malware such as CoinHive, Crypto-loot, and Coinimp, which allegedly affected over 115,000 servers.
Two service providers in Iran, AS59566, and AS56616, apparently, are the largest hosts of compromised devices
Combating the Infection
Remarkably enough, despite all these, AV companies have not flagged the URL (https://srcip[.]com/src.js) that the malware originates from.
Users of CoinBlockerLists are protected from the malware as the URL is automatically blocked.
While informing the public and releasing a patch have been helpful steps, it is apparent that more needs to be done by Bad Packets and other organizations like them to prevent future occurrences and remedy them when they do occur.
