Latin America. The cybersecurity company Akamai presented a new technique that allows illegal cryptomining operations to be disabled without affecting legitimate users, as revealed in the most recent publication of its Anatomy of Cryptominers series.
The strategy is based on employing the internal rules of the mining servers themselves. In its research, Akamai showed that by sending "bad shares" – invalid mining actions – the servers or wallets used by attackers can be automatically blocked by legitimate platforms.
"By running bad shares, we were able to get malicious mining proxies kicked out of the network, completely disrupting its operation," said Maor Dahan, principal security researcher at Akamai.
During testing, the company managed to reduce to zero the activity of a botnet that had been operating for six years at a rate of 3.3 million hashes per second.
Wallet locking: When proxies were not employed, the company identified the attacker's bank addresses and caused them to be automatically blocked, simulating multiple connection attempts simultaneously.
According to Akamai, this method makes it easy to disintegrate cryptojacking campaigns within the system without affecting legitimate mining activities. "We play by the attacker's rules," the company concludes in its report.
The full analysis, along with the technical description of the tactics used, is available on Akamai's official blog in the Anatomy of Cryptominers post. It details how these techniques
