The Blue Mockingbird malware group has infected the systems of more than 1,000 companies with Monero (XMR) mining malware since December 2019.
The global security scale of the hacker group was announced by the cloud security company Red canary this May 26th.
The report described the group’s methodology. Malware attacks servers Run ASP.NET applications and exploit a vulnerability to install a web shell on the compromised computer and gain administrator access to Change server settings.
Next up are cyber criminals Install the XMRRig app use the resources of infected machines. Most infected computers they belong to big companies, although Red Canary didn’t reveal any names.
Vulnerabilities in the Remote Desktop Protocol
As with the recent ransomware attacks with Trojans, criminals have exploited Remote Desktop Protocol errors in Windows penetrate the systems.
However, the report highlights this it’s difficult to quantify the total number of infections These attacks took place in a relatively short time.
Red Canary also warns that companies who believe they are safe from such attacks are at high risk of being infected by a malware infection.
Talk to Cointelegraph Brett Callow, threat analyst In the Emsisoft malware laboratory, he commented on the current security vulnerabilities of systems against such attacks:
“Cybercriminals specifically look for errors and weaknesses and take advantage of them when they find them. Companies can significantly reduce their risk factor by following best practices, such as: For example, deploying patches in a timely manner, using MFA, disabling PowerShell when they are not needed, etc. If these best practices are not followed and servers connected to the Internet are vulnerable, a company is likely to get malware , Ransomware, exfiltration or another security event is attacked significantly higher. “
Recent XMRRig attacks
Use the XMRRig app for unauthorized crypto mining It is a new phenomenon It has been used by various groups of hackers.
Cointelegraph reported in November 2019 that malware targeted vulnerable Docker instances to implement Monero mining.
In the same year, reports from cyber security companies Symantec and BlackBerry Cylance warned against injecting the XMRRig application into music via music files.