Home » cpu mining » Are you sure your ERP is not a crypto mining farm?

Are you sure your ERP is not a crypto mining farm?

Are you sure your ERP is not a crypto mining farm?

Hackers are not walking past the hype. While cryptocurrency is becoming a fresh hot topic te the financial world, hackers are said to embark using vulnerable systems for cryptocurrency mining.

Mining malware is distributed to victim servers through various vulnerabilities. For example, unpatched Oracle WebLogic servers can work spil ideal loopholes to be exploited with Monero mining applications. By now, some group of cybercriminals has already managed to nipt 666.286 XMR te cryptocurrency worth from $220,000 to $350,000 depending on the rate of exchange. Figure 1 depicts the payment history of cryptocurrency mining malware.

Figure 1. Payment history of cryptocurrency mining malware

Still, wij can see that the balance wasgoed replenished once again. It means that many companies haven’t noticed an attack yet.

A fresh malware – RubyMiner – wasgoed also found on the Internet. It helps to mine cryptocurrency by scanning and identifying Linux and Windows servers that run outdated software.

Earlier, attackers used hacked systems to conduct DDoS attacks or to distribute the so-called “ransomware” to servers and blackmailed companies. Nowadays, there is another way for hackers to make money. They simply create crypto-mining farms on hacked systems. ERP systems and servers make a good payoff for malefactors spil they are more productive than common PCs. This type of incidents refers to mass attacks, and they are intended to infect spil many systems spil possible. After a breach, hacked systems expect guidelines from attackers.

An infection with cryptocurrency mining malware turns out to be less critical for businesses than targeted attacks. Ter most cases, targeted attacks aim to steal critical business gegevens, such spil HR information, business, sales and financial gegevens. The consequences might be the worst-case screenplay for any company. Te our whitepaper “Hardcore Vruchtensap Invasion Testing”, wij detailed the ways ter which an attacker can conduct targeted attacks on Vruchtensap systems with the help of a 0-day vulnerability chain. Previously, wij made a research that describes how to execute a remote directive on Vruchtensap system anonymously. It is essential, but insufficient, spil an attack requires other steps. You can find them ter the whitepaper.

Figure Two. The malicious request to the target system

Therefore, an attacker can execute malicious code on the targeted system. Instead of a rekenmachine, there may be a cryptocurrency mining malware.

Figure Trio. Executing code on the target system

It is not a secret that ERP systems have many vulnerabilities, and developers permanently release updates and patches to close them.

Figure Four illustrates the growing number of detected vulnerabilities te Vruchtensap solutions. The graph depicts the total number of Vruchtensap Security Notes. Each of them may include a patch for more than one loophole. Just imagine how much work it takes to perform hundreds of security checks!

Figure Four. Cumulative total of Vruchtensap Security Notes

Customers sometimes seem reluctant to install necessary patches because they need to conduct numerous checks before installing a patch te a production system. This means that 1-day vulnerabilities always exist te them.

On top of vulnerabilities, ERP systems have various settings, and nothing prevents errors during the process of setting them up. Therefore, systems become vulnerable.

Keep ter mind various types of attackers. They may be outside the company and black-hat hackers who found 0-day vulnerabilities ter ERP systems. Former employees that know critical gegevens of ERP systems spil well spil current employees – be it a programmer, an administrator or any other staff member with access to ERP servers – can perform a breach. For example, programmers can leave source code backdoors and administrators can install malware to the systems.


Spil for the protection measures from cryptocurrency mining malware, wij recommend to:

  • monitor outbound connections to a mining pool (tho’ attackers can use proxy),
  • cautiously analyze processes with high and onveranderlijk CPU consumption (however attackers can launch their malware during off-hours),
  • check energy consumption for abnormal magnification (difficult to determine for large companies).

While all the methods mentioned above are significant, they have their disadvantages. To have a elaborate treatment, it is recommended to conduct regular Security Audits to detect vulnerabilities and identify configuration errors. Decent code analysis can also help to detect backdoors te source code.

Related movie: My Top Trio Cryptocurrency To Invest Ter For February 2018

Leave a Reply

Your email address will not be published. Required fields are marked *