Red Canary – Monero Malware Has Infected Over 1000 Enterprise Systems
Since the beginning of this year, the Blue Mockingbird malware gang has affected over 1000 enterprise systems with Monero cryptocurrency mining malware.
The worldwide reach of the hacker group’s operations was disclosed by cloud security company Red Canary.
The document outlined the group’s strategy. The malware affects servers running ASP.NET applications and misuses a bug to deploy a web shell on the hacked system and gain administrator-level access to amend the server settings.
Following that, the cybercriminals will deploy the XMRRig application to benefit from the resources of the infected system.
A major portion of the infected systems are owned by large enterprises, even though Red Canary did not disclose any names.
Similar to ransomware attacks utilizing Trojans that happened in recent times, hackers capitalized on the vulnerability of the Remote Desktop Protocol in Windows to breach protection.
The document underlines that even though it is complicated to evaluate the aggregate number of infections, these attacks happened in a comparatively short period of time.
Red Canary also cautions that enterprises that believe to be secure from such offensives are in fact at huge risk of facing a security breach in the form of malware infection.
Brett Callow, threat analyst at malware lab Emsisoft, opined about the prevailing susceptibilities of computers to aforementioned attacks:
“Cybercriminals specifically seek out weaknesses in the internet-facing systems and, when found, exploit them. Companies can significantly reduce their risk factor by following well-established best practices such as timely patching, using MFA, disabling PowerShell when not needed, etc. If those best practices are not adhered to and the internet-facing servers are left vulnerable, it’s significantly more likely that a company will experience a crypto-mining, ransomware, data exfiltration or other security event.”
Using XMRRig app for illegal cryptocurrency mining has started only recently by several hacking groups.
It can be remembered that in November 2019, a malware aimed at susceptible Docker instances to install the Monero mining app.
Also in 2019, cybersecurity firms BlackBerry Cylance and Symantec cautioned about the installation of XMRRig app into systems via music files.