Written by the Akamai Threat Research Team
Akamai Threat Research has observed an increase in attacks attempting to exploit a recent Drupal vulnerability (CVE-2018-7600).
Much like recent vulnerabilities in Apache Struts, attackers have attempted to use this exploit for remote command injection attacks and to harness the power of the botnet to join a herd of coin-miners for profit.
While the attacker did not use a large number of machines for this, he did make a fair amount of money - almost $11,000 USD so far. It's not enough to quit his job and start a life full of luxury, but considering the time spent vs money received - the attacker will be encouraged to pursue his criminal activities in the future.