Dwarapala

Case Study

Unauthorized Cryptocurrency Mining Incident

As cryptocurrency mining gains popularity, unauthorized mining operations are increasingly targeting vulnerable systems to harness computing power. A client in the financial services sector recently reached out after detecting unusual resource usage on their servers.

What Happened?

A threat actor exploited a vulnerability in the client’s web application, gaining unauthorized access to their infrastructure. After infiltrating the system, the attacker installed cryptocurrency mining software (commonly known as cryptojacking) on the web server, redirecting valuable system resources to mine cryptocurrencies without the client's consent.

How Did Proteksi Siber Global Assist the Client in Resolving the Issue?

When a cryptojacking attack compromised the client’s systems, Proteksi Siber Global swiftly deployed a multi-faceted response. Our team followed NIST SP 800-86 guidelines while tailoring the solution to the unique aspects of this attack.

Here’s how we tackled the crisis:

  1. Immediate Containment: We isolated the infected servers to stop the cryptomining operation and prevent further damage.

  2. Forensic Investigation: A deep dive into the system revealed the vulnerability exploited by the attackers and uncovered hidden persistence mechanisms.

  3. Total Malware Removal: We eradicated all traces of the cryptojacking software, including rootkits and backdoors, ensuring a clean slate. 
  4. Procative Defense: We fortified the client’s defenses with advanced intrusion detection, vulnerability patching, stronger access controls, and real-time monitoring.

By combining rapid response with long-term prevention, Proteksi Siber Global not only neutralized the threat but also equipped the client to withstand future cyberattacks.

What Was the Impact of This Incident on the Client?

The impact of this incident can be classified into two main areas:

  • Operational Impact
    The unauthorized mining software significantly reduced the performance of the client’s servers, causing delays in critical services. Additionally, this covert operation went undetected for a period of time, affecting overall efficiency.

  • Financial Impact
    The excessive consumption of resources due to cryptomining led to increased operational costs, particularly in electricity and server maintenance, resulting in unforeseen expenses for the client.

Key Takeaways from the Incident

Following the incident, the client promptly applied security patches to all vulnerable systems and implemented more stringent monitoring processes to detect abnormal server activity early.

Ask about Proteksi Siber Global’s, services,
pricing, implementation, or anything else.

Our team of experts can help secure your
digital assets.