Crypto-Jacking” campaigns are a serious issue exposing infrastructure to resource depletion and exploitation. Not only do they provide a revenue source for Threat Groups but gone undetected, these targets remain at risk of further compromise. Malware and Ransomware as a service have gained some attention recently. They are gaining popularity among the threat actor community, emboldening crime groups who did not have access to these tools before. There are tell-tale signs of SSH brute forcing enterprise can monitor for and alert on. Multiple sustained attempts to log in to specific machines being the loudest and easiest to detect. A few adjustments to a machine’s sshd_config, such as limiting attempts and time for logins help. Crypto mining is notorious for siphoning resources and running out of norm processes and services that allow for detection.

https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html?m=1

https://www.bitdefender.com/blog/labs/how-we-tracked-a-threat-group-running-an-active-cryptojacking-campaign