Enjoy priority support and immediate help for your WordPress sites!

EXPOSED: The biggest brute force attack of 2017

The biggest brute force attack of 2017

This December, we wrote about:

1.4 Billion Credential Pairs Discovered

that lead to this:

BREAKING NEWS: 14 million attacks per hour and rising!

NOW its time to find out what was the purpose of this massive spike in brute force attacks on WordPress sites!

ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.

Attack Campaign Strategy:

  1. Gain access: via brute force, testing the credential pairs (latest and historical list).
  2. Infect host account: based on the traffic and analysis, malware appears to be a variant of "Tsunami" or "Kaiten".
  3. Create foothold: compromised accounts connected to 8 remote Command & Control Servers, used to receive further "orders".
    • 66.70.190.236:9090 muhstik.ovh1
    • 142.44.163.168:9090 muhstik.ovh2
    • 192.99.71.250:9090 muhstik.ovh3
    • 142.44.240.14:9090 muhstik.ovh4
    • 202.165.193.211:8080 x.1
    • 202.165.193.212:8080 x.2
    • 211.103.199.98:8080 x.4
    • 121.128.171.44:9090 muhstik.ras1
  4. Expand attack front: The malware receives instructions via private messages to attack further WordPress and hosting server, executing thousands of connections from the compromised server going out trough port 80. This hides intial attack IP and Command & Control Servers.
  5. End-Game: Cryptocurrency Mining - The reason for the frenzied brute-force attacks.
    • Mining Proxy: 185.61.149.22 on port 8080.
    • Malware on compromised servers installed XMRig, a Monero Cryptocurrency mining software.
    • The attacker configured it to run through several proxies to hide the wallet address associated with the miners.
    • At the beginning of December, the price of Monero Cryptocurrency was around $200.
    • This value skyrocketed, reaching $378 after the attacks.

What is Cryptocurrency?
Cryptocurrency is a digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets.

What is Cryptocurrency Mining?
People are sending Cryptocurrency to each other over the Cryptocurrency network all the time, but unless someone keeps a record of all these transactions, no-one would be able to keep track of who had paid what. The Cryptocurrency network deals with this by collecting all of the transactions made during a set period into a list, called a block. It’s the miners’ job to confirm those transactions and write them into a general ledger. This general ledger is a long list of blocks, known as the 'blockchain'. A constantly updated copy of the block is given to everyone who participates so that they know what is going on.

Ideas implemented from constrained points of view (biased developers, designers, sysadmins) will NOT BENEFIT YOUR online strategies, harming your long-term competitiveness.

Related Posts

Leave a comment