Crypto-hackers have to play 'capture-the-flag in the cloud' to exploit victims' servers

Red spartan in multiplayer carrying flag
(Image credit: 343 Industries)

Illegal cryptocurrency mining outfits that hack servers for profit are having to fight each other for limited resources within the hijacked cloud space. So, on top of getting ahead of the hacked system's security, there's a silent battle ensuing behind the scenes between potential profiteers.

And while it may sound like great fun to watch cryptominers pathetically scuffling over server scraps, this is a fierce contest, one that encourages a certain level of innovation from the involved parties. Their in-fighting only makes them stronger, faster, more agile.

The use of malware to turn profit in the cryptocurrency space has been on the rise in recent years, with security reports in 2018 seeing a 4,000% rise, and it's only been getting more prevalent over the years. After all, why use your own resources when you can hack into someone else's?

As Trend Micro reports, more and more of these illicit cryptocurrency mining outfits are turning to cloud-based servers to maximise profit on wider, more powerful hardware arrays, but it's not always as simple as shouting "I'm in," and watching the zeros roll in.

Trend Micro's recent research paper (PDF warning) goes into more detail, but the crux (outlined in a blog post) is this: "The battle to take and retain control over a victim’s servers is a major driving force for the evolution of these groups' tools and techniques, prompting them to constantly improve their ability to remove competitors from compromised systems and, at the same time, resist their own removal."

The competing groups will utilise kill scripts to knock out rivals, 'obfuscate' code to make it harder to understand, and increase persistence mechanisms such as continual password updates to keep the competition at bay. All the while, batting off backlash from the hacked system's security protocols.

It seems illegal cryptocurrency miners have forgotten the fifth rule of fight club: One fight at a time, fellas.

Screen queens

(Image credit: Future)

Best gaming monitor: Pixel-perfect panels for your PC
Best high refresh rate monitor: Screaming quick screens
Best 4K monitor for gaming: When only high-res will do
Best 4K TV for gaming: Big-screen 4K PC gaming

With the competition being so hot, groups are continually churning out "new exploits that enable them to attack systems that their competitors cannot and, at the same time, they constantly improve both their ability to resist being deleted by competitors."

The report cites a rivalry between Kinsing and 8220, two groups who target WebLogic vulnerabilities, who are constantly found pushing back against one another within the infected system, "sometimes even several times a day."

Trend Micro is calling it "a sort of capture-the-flag in the cloud."

This kind of hacking commotion is only going to become more rampant as we move into a more cloud-based future. And this almost parodic dance illegal cryptocurrency miners have found themselves in—having to act as both attacker and defender—will only serve to improve their tactics.

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.

Read more
Hacker
$1.5 billion crypto heist could be the biggest yet, more than doubling the previous record, but don't worry: The affected firm says it can take the hit
Nvidia RTX 4090 Founders Edition graphics card
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
 In this photo illustration a novelty Bitcoin token is photographed on a US Dollar bank note, on January 4, 2025 in Bath, England. The Cryptocurrency market has recently received a significant boost by the election of Donald Trump with hopes of the start of a policy framework that could see Bitcoin as a strategic asset
Man charged with $65,000,000 worth of cryptocurrency heists was reportedly discovered through chatting on Discord with a company they allegedly stole from
AMD Epyc 4th gen server processor on motherboard
AMD sees record revenue of $25.8 billion in 2024 thanks to data center growth—gaming last seen tumbling into a ditch
A goblin with sharp teeth, wearing goggles, lets out a mischievous cackle in WoW's latest patch: Undermine(d).
The hooligan hacker guild that tore up WoW's newest raid (twice) just posted video evidence of the whole thing, and it's got me feeling weirdly nostalgic
A rendered concept image of an imaginary real Bitcoin against a stylized digital/electronic background
Bitcoin hits a new all-time high, $Trump is stymied by $Melania, and I'm over here having a full-blown existential crisis
Latest in Hardware
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR
The NES themed 8BitDo Retro mechanical gaming keyboard on a blue background
I love the 8BitDo Retro C64 keyboard but I'd pick its cheaper NES-themed model near its lowest price ever during Amazon's Big Spring Sale
The snazzy red and black HyperX Cloud Alpha wireless headphones float in a teal void. The microphone is attached to the headset.
The best wireless gaming headset is now even better in the Amazon Big Spring Sale, boasting a more than $50 discount
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node
Amazon box
Don't panic! The 'Do Not Send Voice Recordings' option Amazon just removed was only used by 0.03% of customers and they can still have it
Digital generated image of people surrounded by interactive transparent and glowing panels with data. Visualising smart technology, blockchain and artificial intelligence
Now I shall demand the cookies! Proposed new browsing agreement turns the tables and lets users dictate terms to websites
Latest in News
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event
A Viera looking confused in Final Fantasy 14.
Old armor continues to fall victim to Final Fantasy 14's bizarre two-channel dye system, unless you're super into changing the colour of teeny-tiny eyelets: 'Why even bother at this point?'
Starfield: Shattered Space
By the time Bethesda was on Starfield, you'd 'basically get in trouble' for breaking schedule, says former dev: 'A lot of the great stuff within Skyrim came from having the freedom to do what you want'