Operation Prowli Compromised 40,000+ Devices from Various Sectors’ Organizations

Researchers recently found a malicious campaign that manipulated traffic and mined crypto-currency after contaminating organizations of various sectors such as education, finance to even government. They dubbed the campaign 'Operation Prowli' that spread malicious codes and other malware onto websites and servers worldwide, while reportedly infecting over 40,000 machines.

The researchers group from GuardiCore Labs discovered that by employing attack codes, brute-force to crack passwords, as well as taking advantage of weak configurations, the Prowli attack scheme attained widespread success. The variously functioning operation after targeting CMS servers running widely-visited online sites, backup servers that serviced HP Data Protector as well as DSL modems, also targeted Internet-of-Thing devices.

Reportedly, the hijacked machines contracted infection from Worm r2r2 and one Monero (XMR) crypto currency miner. The malicious program runs SSH brute-force assaults kicked off from the compromised machines, while instigates the Prowli towards attaining fresh victims. Alternatively, r2r2 worm, by arbitrarily creating Internet Protocol address blocks, attempts brute-force entry into SSH logins using one username-password lexicon, while following entry, executes several commands serially on victimized users. The victims are diverted onto one bogus site where they're tricked to pursue rogue browser extensions. In their report, GuardiCore researchers state Prowli was successful in compromising over 9,000 organizations. Cointelegraph.com posted this, June 7, 2018.

Meanwhile, Chief Security Architect Dan Hubbard at Lacework says the current crypto-jacking assaults show a trend of escalation. Attackers further use mobile devices or even compromise A/Cs within public cloud systems of large-scale so they can launch specified GPU workload kind of high-performance attacks.

In May, one fresh crypto-jacking malicious program utilized one-half million PCs for garnering 133 Monero coins within 3 days. According to 360 Total Security a cyber-security company, the malware called WinstarNssmMiner imposes one new challenge to people using it because of its ability for not only mining but also causing infected devices to crash.

End-users can know if they have been infected by watching network traffic. GuardiCore further urges to do segmentation, while regularly examining what and who're capable of reaching the servers is another good practice. Moreover, IoT appliances should be paid special attention because their credentials can't be altered.

» SPAMfighter News - 6/18/2018