Microsoft Exchange servers have been targeted time and again for crypto mining ever since Bitcoin and cryptocurrency gained footing in the digital transaction world.
The good news for our Logix Cisco Email ATP customers is that they're protected against Lemon Duck Crypto Mining Malware.
Why is crypto mining dangerous?
The term crypto mining means gaining cryptocurrencies by solving cryptographic equations through the online activity. This process involves working with data blocks and adding transaction records to a public record (ledger) known as a blockchain. Blockchain, in a nutshell is a cryptocurrency trading service, which hackers / crypto miners use on high-capacity computers to run their complicated mining algorithms.
The trend with cryptocurrency is, websites will host Bitcoin and the like on their web apps, and miners will mine for the cryptocurrency through advanced scripts. But, how will a person know which websites to mine? That is why crypto miners will run automated scripts that require humongous processing resources to scour websites by the tonne, in hopes of striking gold.
Crypto mining, therefore, is dangerous because it exposes your users’ web requests to risk, as well as slows down the website performance for legitimate users who are not even the least bit interested in mining for bitcoin, but are genuinely interested in engaging with the website.
Moreover, crypto mining scripts can also expose hitherto unknown vulnerabilities in your security fabric. Hackers can misuse this information to launch further attacks on your brand.
Cisco’s Insights on Lemon Duck Crypto Mining Botnet
Cisco Talos has recently observed updated infrastructure and new components associated with the Lemon Duck crypto mining botnet that target unpatched Microsoft Exchange Servers and attempts to download and execute malicious payloads.
This activity reflects updated tactics, techniques and procedures (TTPs) associated with this threat actor. After several zero-day Microsoft Exchange Server vulnerabilities were made public on March 2, Cisco Talos realized various threat actors, including Lemon Duck, were leveraging these vulnerabilities.
Microsoft also released a report highlighting Lemon Duck’s targeting of Exchange Servers to install crypto mining malware and a malware loader that was used to deliver secondary malware payloads.
The problem of crypto mining will only get worse as cryptocurrency like Bitcoin will gain fame.
Logix Cisco’s Talos Enabled Email ATP have advanced threat protection capabilities to prevent you and your organization from the known and unknown threats like LemonDuck Malware / Cryptominer.
Get in touch with our team to know more on Cisco Email Security offering: