Mexico Encounters A Surge In Cryptojacking As These Cybercrimes Intensify Globally
Cybercriminals are having a field day as digital activity surges in the wake of rapid COVID-19 spread. In that context, Mexican media has reported on a new study that shows an increasing lack of trust from locals geared towards public cloud network security. The mistrust is spurred by a surge in cryptojacking cases in the country.
The Mexican users of the public cloud networks report an increase in ransomeware attacks in recent months. Almost 75% of Mexican firms that use cloud networks like Google, Amazon, and Microsoft have reported security incidents recently. These incidents have caused a negative perception by the citizens towards cloud-based solutions. Less than 33% of the locals fully trust cloud network security.
Different types of security weaknesses allow criminals to deploy several types of crypto-related attacks like ransomware. It includes a recent case where Pemex oil company was targeted by the DoppelPaymer gang.
The report indicates that Mexican firms have been reporting incidents involving mysterious hackers. These criminals are using their cloud computing networks to mine cryptos in a process known as cryptojacking. But, no major details were given about which cryptocurrencies are mined.
Such attacks arise from the lack of knowledge among firms about security measures for cloud computing according to the general sales manager for Latin America of Netskope cybersecurity firm, Alain Karioty. The manager of engineering at Sophos in Latin America, Leonardo Granda, highlighted on the security hiccups within the public network that results in data loss:
“This data loss is often due to poorly configured public access in shared cloud storage and by leaving data sources open for cyber attackers to search for them using tools such as the specialized search engine Shodan they can exfiltrate them.”
Latin American Countries Attract Many Cybercriminals
Another study revealed on May 28 by the National Police of Colombia indicates that ransomware attacks are a growing trend in the country. Based on that report, 30% of all ransomware attacks discovered in Latin America have targeted Colombia. In this nation, threat actors have been targeting public companies and entities.
Cisco Systems Discover Prometei Cryptojacking Botnet
The Cisco Systems threat intelligence team announced that it has unearthed a new botnet that mines Monero while simultaneously stealing data from innocent victims. The cryptojacking botnet, dubbed ‘Prometei’ is known to mine Monero (XMR). Reports indicate that the malware has been in operation since May.
It is designed to utilize 15 executable modules that recover administrator passwords and other login credentials from the infected computers and networks that it targets. Password authenticity is determined by sending them to a centralized control server linked to other networks.
After this malware accesses and takes over all the user’s administrative rights, it records all data available in the whole system. Prometei may have almost 10,000 systems at any time according to Cisco Talos estimates. For now, it is operating with a hash generating frequency of about 1M Hash/sec (million hashes per second).
Vanja Svajcer, an expert at Cisco Talos stated that Prometei earns its owner around $1,500 per month. That amount is more than an average salary in many developing countries. Svajcer explained:
“Stealing credentials is the most dangerous part of the Prometei botnet. You could consider the attacker with its bot being a burglar in your home. Naturally, the burglar searches all the drawers and finds various keys. They take keys with them and ask somebody else (another infected system) to check if any of the keys work on your car, safe deposit box, etc. When criminals break into a house it opens up a whole new set of opportunities. It is very similar to this botnet.”
It might mean that Prometei is designed to make a moderate profit for a single developer most probably working from Eastern Europe. Notably, there is an increasing number of malware incidents that target normal vulnerabilities in the Windows OS targeting mine Monero.