Cryptojacking Malware Hits 8 Australian Webhosting Companies
Monero mining malware is in full swing now, as eight Australian companies reported that they were compromised with malware. The cybercriminals were able to monetize their Monero mining malware to the tune of $3900 worth of Monero coins. The mining activities have been active since May 2018, and it took the companies to disclose the incident through the intervention of the Australian Cyber Security Center (ACSC).
Upon visiting the infected websites, it automatically installs Monero mining malware to the visitors’ computers without the knowledge of the users. This then mines Monero at the expense of the user’s computers, stealing cpu/gpu resources in the process. The eight companies have since cleaned-up their sites, removing the silent installation of malware to visitor’s vulnerable computers.
“While we will not be identifying the web hosting providers, it is important to note that all affected web hosting providers were advised to take remediation actions and we commend them for working collaboratively with us. The actor’s privilege escalation tools were all public proof of concepts (POC) and demonstrated an ability to quickly use new POC exploits. As of 18 June 2018, the actor had made a total of 22.57 XMR (Monero) with an approximate value of $3868 AUD,” exlained Alastair MacGibbon, ACSC head.
There are many misconfigured web servers serving millions of web pages today. They are like frozen gold mine for cybercriminals, as the longer these websites serve their customers and remaining online, the more profit cybercriminal earns. The most important thing to keep in mind at this point is that no one can guarantee the security of a web page 100%, that is, that is not compromised at some point in its life. It is a real possibility and unfortunately, it can touch anyone. It is not a situation that happens fixed by having a website, but we are all exposed to that circumstance. That is why a professional webmaster is responsible for reducing the probability of exploits against a site happening.
What a good professional webmaster can do is have a plan of action for containment and a plan B in case it happens what nobody wants to happen, that the website is compromised. For the containment and improvement of the security of a web page are usually applied directives that prevent access to certain sections of the page, divert attention from robots and people with dubious intentions and block any abnormal activity detected on the site. To do this the webmaster must carry out actions on web pages that are more or less complex internally, but which are usually effective in most cases.
As far as plan B is concerned, there are only two clear options, to have backups as close as possible to today and keep all the systems of the page up-to-date, both security and internal modules and issues. Of course the added value that gives a professional webmaster design and creation of web pages is the speed of action and the monitoring of any incident that arises, avoiding the damage to the owner of the website as far as possible, minimizing any impact that happens by any incident and favoring the restoration of the service as soon as possible.