Smominru cryptocurrency miner makes millions for hackers

walden, system, systems, walden systems, rita, firewall, port, forward, up, protect, intrusion, security, traffic, DMZ, block, protection, walden systems, walden, systems, network, fire, wall, hack, intrusion, cisco, router, network, switch, hub, IoT, traffic
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.



     Hackers are using the cryptocurrency miner Smominru to make millions. Security firms estimates that the hackers have amassed a huge botnet of infected servers that makes 24 Moneros a day. The Smominru botnet is made up of 526,000 infected Windows based servers throughout Russia, India and Taiwan. The botnet is about twice the size of the cryptocurrency botnet Adylkuzz. Smominru uses the same NSA exploit, EternalBlue as an attack kit to infect computers and make them part of a botnet that mines Monero cryptocurrency. The attacks are large and are resilient to efforts to clean it.

     What makes Smominru unique from other mining botnets is the size, profitability and its tenacity. The botnet withstood sinkhole mitigation efforts to analyze and disrupt operations. Smominru adapts to the sinkholing and returns up to two thirds of its hash rate with a new Monero mining address. It's hard estimate how much hackers make with ransomware or banking trojans, but with cryptocurrency it's easy. Cybercriminals have moved away from ransomware and banking trojans and are now focused on mining cryptocurrency as values have risen over the past 18 months. As Bitcoin mining has become resource intensive without using dedicated mining farms, interest in Monero have drastically increased. Even though Monero can't be mined on desktop computers, a distributed botnet like Smoniru canbe lucrative.




     Smominru is effective because it uses Windows Management Infrastructure, which researchers said is unusual among coin mining malware. WMI is a scripting tool for automating actions in the Windows ecosystem, primarily used on servers. Researchers haven't come accross hackers using WMI until Smoniru. Usually, cryptocurrency miners use their own dedicated command-and-control network. Researchers say Smominru operators are using a hybrid of traditional command and control and WMI to manage mining bots. Researchers warns that because of the large number of Windows servers used in the Smominru botnet, businesses that are affected may see performance hits to their servers as well as a jump in energy costs as systems run close to capacity.