"Autom Cryptomining Campaign Launched 125 Attacks in the Wild in Q3 2021"

Over the past three years, Team Nautilus researchers at Aqua Security have been tracking a cryptomining campaign dubbed Autom using honeypots. According to the researchers, the attackers behind the campaign have changed their tactics over the three-year period. They have shifted from attacking the honeypots to launching attacks in the wild. A Shodan search found that they executed 125 attacks in the wild during the third quarter of 2021. In 2019, the attackers did not apply any special techniques to hide their cryptomining. In 2020, they hid themselves and disabled various security mechanisms, including Uncomplicated Firewall (UFW) and Non-Maskable Interrupt (NMI). This year, the attackers downloaded and obfuscated shell script from a remote server to hide the cryptomining campaign. To prevent security tools from understanding their intentions, the attackers encoded the script in base64 five times. The attackers' continued improvement and sophistication of their methods and campaigns further emphasize the importance of exploring behavior-based detection and other advanced detection capabilities. This article continues to discuss changes made by the attackers behind the Autom cryptomining campaign observed over the past three years. 

SC Magazine reports "Autom Cryptomining Campaign Launched 125 Attacks in the Wild in Q3 2021"