On-premise and cloud servers are compromised, abused, and leased as part of the sophisticated criminal monetization lifecycle, Trend Micro says.
The cloud security specialist has analyzed in a series of reports how the underground hosting market works and the findings show that crypto-mining activity should be the indicator for IT security teams to be on high alert.
While crypto-mining may not cause disruption or financial loss on its own, mining software is often used to monetize compromised servers that are down while criminals plot larger schemes to make money. These include extracting valuable data, selling server access for further abuse, or preparing for a targeted ransomware attack. Any server found to contain cryptomers should be flagged for immediate repair and investigation.
“From dedicated bomb-proof hosting to anonymity services, domain name provisioning and compromised legitimate assets, the cybercrime underground has a sophisticated array of infrastructure offerings to support monetization campaigns of all kinds,” said Bob McArdle, director of the Trend Micro Forward-Looking Threat Research team.
“Our goal is to increase awareness and understanding of cybercriminal infrastructure to help law enforcement, customers and other investigators block cybercrime routes and increase costs for threat makers,” they explain.