Security analysts have uncovered a new malware campaign named “Nansh0u,” the new campaign infected company’s servers to use the processing power of a victim’s servers to mine for cryptocurrency. Researchers have identified approximately 50,000 servers worldwide that belong to in the healthcare, Media, telecommunications and IT fields that have been affected. The attackers are using port scanners to identify open ports, then they use brute force attack tools to gain access to the servers and give themselves administrator-level access, Once a successful hack has been completed, the attackers infect the server with malicious payloads that utilize the server for the crypto mining. Normally these style attacks were only carried out by highly skilled hackers but the tools being seen used appear to be available to less than top-notch hackers. It is believed that that this campaign originated in China due to the fact that the servers used to launch Nansh0u were based in China and that the log files and binaries have Chinese strings.
Companies should have a system or service, such as the Security Operations Center at Binary Defense, that regularly monitors the user’s servers for attacks such as these. Also, organizations should employ virus detection software that is capable of detecting and stopping such attacks from happening.