Analysis of cyber attacks on servers that are traps for hackers shows that most of the attacks are aimed at mining cryptocurrencies on compromised servers.
The cloud servers analyzed by Aqua Security, a cybersecurity company, were deliberately set up to attract hackers to find out how such attacks occur and how to stop them. The study was conducted from June 2019 to July 2020.
According to a recent report
Aqua Security, 95% of the 16,371 attacks on its trap servers over the past year were aimed at mining cryptocurrencies by hijacking computing power with malware. The number of attacks per day on these servers increased significantly in the first half of the year: their average number per day increased from 12 in December 2019 to 43 in June 2020.
While trap servers help understand the methods used by attackers, Aqua Security States that the results may be ” highly biased due to a single initial access point.” This indicates that similar studies analyzing multiple compromised access points or a supply chain attack may come to different conclusions.
Although decoy servers do not accurately simulate the conditions of real attacks, they can provide insight into the malware used to compromise cloud servers and the motives behind such attacks. A study by Aqua Security showed that hackers who attacked servers for the purpose of mining cryptocurrencies prefer XMR and BTC.
“They often choose XMR because IT is considered significantly more anonymous than BTC,” Aqua Security States in the report.
Recall that last summer, the company Skybox Security conducted a study, according to the results of which hackers switched from viruses-miners for the PC of ordinary users to hacking and using the resources of cloud services.