Mining virus will not only encroach on users' bandwidth resources and computing resources, but also harm computer hardware and affect enterprise business.

Recently, AsiaInfo safely released the "2021 Mining virus Special report". Based on the mining virus events monitored, analyzed and disposed of by AsiaInfo Security threat Intelligence and Service Operations in 2021, the report analyzes and summarizes all kinds of mining viruses and attacks, and explores in depth the direction that may evolve in the future, so as to help more users make security planning with more secure, efficient and comprehensive actions, and provide a reference path for mining virus governance.

Harm of mining virus

The report combs the typical mining viruses and events of the year as a whole, and summarizes the characteristics and purpose of their attacks. It is found that some mining viruses attack enterprise cloud servers in order to maximize benefits, while others cooperate with botnets to quickly seize the market. In addition, some mining viruses have made a breakthrough in their own technology, using a variety of loopholes to attack methods, not only that, mining viruses are also taking an innovative route, falsifying CPU utilization, using Linux kernel Rootkit for covert mining and so on.

Review of Mining virus attack in 2021

Due to the previous surge of virtual currency, driven by interests, hackers also aimed at the virtual money market, using mining scripts to realize the realization of traffic, making mining virus one of the most frequent attacks by lawbreakers.

Mining virus attack kill chain includes seven steps: reconnaissance and tracking, weapon construction, lateral penetration, load delivery, installation and implantation, remote control and mining. The attacker first searches for the weakness of the target, then uses the loophole and backdoor to make a weapon carrier that can be sent, delivers the weapon package to the target machine, then runs the utilization code on the victim's system, and installs malware at the target location. establish a path for the attacker to remotely control the target system, and finally release the mining program, carry out mining, and the attacker accomplishes its expected target remotely.

Mining virus kill chain

Mining virus not only brings economic losses to users, but also brings huge energy consumption. In order to promote energy conservation and emission reduction, in September 2021, the National Development and Reform Commission and other 10 departments jointly issued a circular calling for a comprehensive crackdown on virtual currency "mining" activities. Through the data tracking of AsiaInfo Security from 2016 to 2021, it is found that with the downward trend of the number of mining viruses in China in 2021, it has been confirmed that China's comprehensive crackdown on virtual currency "mining" in 2021 has achieved preliminary results.

Development trend of mining virus

Mining virus continues to innovate in attack means and attack platform. In order to maximize profits, it does mining not only for personal computers and enterprise servers, but also for cloud hosts. Compared with personal computers, enterprise clouds or enterprise data centers have a large amount of industrial hardware, once successfully invaded by mining viruses, they will quickly build a large number of mining networks, greedily engulfing electricity and dragging down the computing power of enterprises. Because the mining virus has a certain concealment, it is often found that the virus program has been running for several days or even longer, which has caused large-scale machine infection and caused great losses to enterprises. In this regard, it is recommended that large enterprises and public cloud platforms should pay special attention to such malicious mining procedures.

In order to improve the success rate of mining attack, on the one hand, the mining virus uses Windows and Linux dual platform attacks, on the other hand, it continues to mine the benefit of the "mining machine", introducing botnet module, so that the overall attack and transmission ability of mining virus has been significantly improved.

Not only that, the mining virus also continues to fight against soft killing, and it begins to use a large number of non-file attacks, and the attack chain of this attack mode is more concealed. Ordinary file antivirus engines and network scanning engines can not accurately identify the attack technology at all, which is also an important aspect that can not be effectively resisted by undocumented mining at present.

Analysis and suggestion

AsiaInfo Security advises users to do the following daily prevention work, enhance network security awareness, and do not give cyber criminals an opportunity.

1. Optimize server configuration and update timely

Open the server firewall, service only open business ports, close all unneeded high-risk ports, such as 137,138,445,3389 and so on. Turn off system services that are not needed by the server and default sharing. Timely install the latest security patches for servers, operating systems, network security devices and common software, update Web vulnerability patches, upgrade Web components, prevent vulnerabilities from being exploited, and prevent attacks from known viruses.

two。 Strong password instead of weak password

Set a high-complexity password and change it regularly. Multiple hosts do not use the same password. Set the server login password strength and login times limit. Configure the login failure handling function on the server, configure and enable related preventive measures such as ending the session, limiting the number of illegal logins and automatically exiting when the login number of links times out.

3. Enhance the awareness of network security

Strengthen network security training for all relevant personnel, raise network security awareness, do not click on e-mails, documents and links from unknown sources, and do not visit illegal websites that may carry viruses. If you use a U disk internally, you need to scan and kill the virus first, make sure there is no virus, and then fully open it for use.