Oracle has already released a critical patch update for certain WebLogic Server versions that can allow hackers to set up shop and mine for cryptocurrency using the power of your network.
Now, FireEye researchers have an unusually good analysis of four ways hackers get the job done, including examples of code to look for in each of these tactics:
- Delivering the miner directly to a vulnerable server
- Utilizing PowerShell scripts to deliver the miner
- Lateral movement across Windows environments using Mimikatz and EternalBlue
- The Linux Scenario
This may be worth checking out because of what FireEye researchers have discovered.
"We saw evidence of organizations located in various countries—including the United States, Australia, Hong Kong, United Kingdom, India, Malaysia, and Spain, as well as those from nearly every industry vertical—being impacted by this activity."
It's all about the crypto these days, isn't it?
