Blogging Platform Ghost Successfully Fends off Cryptojacking Attack Author: Jimmy Aki Last Updated: 05 May 2020 Almost everyone continues to face the threat of malware in one way or the other, and it’s been notably worse since the outbreak of the coronavirus. However, while many people have recorded financial losses due to these attacks, some have refused to give in. One of the latter is Ghost, an online blogging platform. No Way in Here The firm announced earlier this week that its developers had successfully combated a crypto-malware attack that threatened to take advantage of their server infrastructures. In the release, the firm explained that they came across the attack at 1:30 AM on Sunday. The firm explained that the attackers targeted its Salt server backend infrastructure and managed to take control of their master server using an authentication bypass (CVE-2020-11651) and a directory traversal (CVE-2020-11652). The attackers went on to try using the infrastructure to mine cryptocurrency – a process that immediately overloaded Ghost’s systems and CPU. Ghost’s developers found the anomaly in time and quickly went to work combating it. After a 4-hour battle, they successfully took the malware down and erased all its traces from their systems. Ghost confirmed that they would continue to run checks and cycle important credentials to ensure a full recovery. At the same time, the firm assured its customers and clients that the attackers weren’t able to make off with any valuable information. Cryptojacking Begins to Ramp Up Amid COVID-19 As stated earlier, the threat of malware attacks has been more prominent since the outbreak of the coronavirus pandemic. With millions now forced to stay home, more hackers have found ways to profit off the agitation and ignorance of the public. Last week, Tonya Ugoretz, a Deputy Assistant Director at the Federal Bureau of Investigation (FBI), said at a panel discussion that the FBI’s Internet Crime Complaint Center is now getting between 3,000 to 4,000 cybercrime complaints in a day – a 400 percent increase. While hacks, in general, appear to be on the increase, it’s worth noting that some haven’t been so prominent. Cryptojacking and ransomware attacks are a part of that trend. Still, there have been some prominent cryptojacking reports of late too. Early in April, researchers at Aqua Security confirmed that they had discovered a persistent cryptojacking campaign that targets 1,000 Docker servers every day with a Bitcoin miner. As the researchers explained, the malware is a Golang-based Linux agent, known as Kinsing. The malware reportedly exploits configuration errors in Docker API ports. Once it exploits the ports, it propagates and deploys a crypto miner on the host. Cybersecurity firm ESET also announced on April 23 that it had successfully disrupted the operations of a Monero-mining botnet in Latin America. The company added that the botnet had infected 35,000 victims since May 2019 – 90 percent of whom are in Peru. The botnet, which ESET eventually named Victory Gate, reportedly propagates through external USB drives. The security firm also confirmed that it would work with the Shadowserver Foundation, a non-profit, to share sinkhole logs and try to mitigate VictoryGate’s threat.