A malicious traffic manipulation and cryptocurrency mining campaign which uses various dark web techniques like exploits and password bruteforcing have affected machines all over the world.
According to the GuardiCore security team, over 40,000 machines in different businesses such as education and finance have been affected.
Guardicore focuses on effective ways to stop threats in the cyber world through real-time breach detection and responses. It consists of top cybersecurity experts in their field.
The report indicated that Monero (XMR) miner and an r2r2 worm which is a worm that executed SSH brute force is infected into the compromised devices. These devices include web servers, modems and even the more advanced Internet of Things (IoT).
The GuardiCore wrote:
“The attacks all behaved in the same fashion, communicating with the same C&C server to download a number of attack tools named r2r2 along with a cryptocurrency miner.”
When Prowli accesses the server, it redirects web traffic to malicious sites.
The best way to secure your server if you are a business is by using strong passwords, with firewalls to close ports that do not need to be accessed externally. Also, ensure that the software used is up to date and thus security will be updated.
As for systems already infected, the best solution would be a change of password and a security audit. Once this is done, stop all currently running malicious processes and remove their binaries.
Monero is growing to become a threat and useful tool for cybercrime. Monero is easily mineable on consumer CPUs and untraceable in nature which makes it the first choice for the notorious hackers.
Last month, a crypto jacking malware used half a million computers to mine 133 Monero in 3 days.
According to 360 Total Security, a Cybersecurity firm the challenging part about the attacks are its use of crashing infecting machines along with the ability to mine.
Share with your friends