While trying to install a Monero mining application, more than 1000 computers used for business have been attacked.
Between 2019 and now, the Blue Mockingbird malware group have been responsible for the attack on 1000+ business computers that comes from Monero mining malware.
Red Canary, a cloud security company, recently uncovered the hidden activities of this group of hackers.
In their report, they showed how the group does this. It was discovered that the hackers target servers that operate the ASP.NET applications. The malware finds a weak point on the server and installs a web shell on it making it easy to access the server and change its settings like an administrator would do.
Once this is achieved, the group adds a XMRRig application to the server. This one has the capacity to make use of the computers’ tools. Red Canary mentioned that many of the systems affected belong to big companies but they did not give any name.
The weaknesses of Remote Desktop Protocol’s
Just like attacks are successful with the use of Trojan, hackers also find it easy to breach the security of systems by capitalizing on the vulnerabilities of the Remote Desktop Protocol in Windows.
It may be difficult to say the exact number of systems affected but one that that is obvious is that they are so many because it takes few minutes to achieve the aim.
Red Canary wants every company to be on guard, especially those that think their level of security is high.
Brett Callow has this to say on the recent attacks on business systems:
“Cybercriminals specifically seek out weaknesses in the internet-facing systems and, when found, exploit them. Companies can significantly reduce their risk factor by following well-established best practices such as timely patching, using MFA, disabling PowerShell when not needed, etc. If those best practices are not adhered to and the internet-facing servers are left vulnerable, it’s significantly more likely that a company will experience a crypto-mining, ransomware, data exfiltration or other security event.”
XMRRig attacks that happened not long ago
Hackers have been taking advantage of the unauthorized use of the XMRRig crypto mining app to perpetrate their evil.
Towards the end of last year, hackers began their attempt to attack the Monero mining app and get a hold of systems.
Few weeks afterwards, Symantec and BlackBerry Cyclance, two important cybersecurity companies, discouraged the use of XMRRig app and warned that they could even be transferred to systems through music files.