Researchers at Guardicore Labs have dubbed this malware attack as Operation Prowli.
Guardicore Labs researchers have discovered a new malicious campaign focused on monetizing rather than hacking has been discovered. The malware campaign, dubbed Operation Prowli, has infected over 40,000 IoT devices and servers.
It targets IoT devices, DSL modems, backup servers running HP Data Protector, and WordPress sites and forces them to conduct profit-making tasks like crypto mining and traffic-hijacking.
Cyber attackers guessed credentials and took advantage of known vulnerabilities. They used a variety of methods to monetize victims’ machines, employing digital currencies and traffic redirection.
Researchers say that these all too common traffic monetization frauds redirect website visitors from legitimate destinations to websites that advertise:
- Malicious browser extensions
- Tech support scam services
- Fake services
- Other phishing services
See also: Ixia sees malware clouds in the cloud in 2018
The researchers first discovered the campaign in April when they detected SSH attacks contacting a command and control server set up as a honeypot. They believe the campaign has been live since early 2018. The attacks apparently share identical behavior, connecting to the same C&C server and downloading the same attack tools and a cryptocurrency miner. They’ve detected attacks across several networks in multiple countries.
“Over a period of three weeks, we captured dozens of such attacks per day coming from over 180 IPs from a variety of countries and organizations,” researchers say. “These attacks led us to investigate the attackers’ infrastructure and discover a wide-ranging operation attacking multiple services.”
Researchers urge IoT device owners and those who use modems and servers to keep their firmware or software up to date and use strong passwords that they changed regularly.
Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.
Best Practices for Deploying and Scaling Industrial AIArtificial Intelligence (AI) is transforming industrial operations, helping organizations optimize workflows, reduce downtime, and enhance productivity. Different industry verticals leverage AI in unique ways.Link to The Center for Adaptive Edge Intelligence
The Center for Adaptive Edge IntelligenceAdaptive edge intelligence brings real-time decision-making to the point of data creation, whether from sensors, machines, or cameras.Link to The Value of Vehicle Electrification
The Value of Vehicle ElectrificationElectric vehicles (EVs) present automakers with many design, engineering, and manufactu ring challenges.Link to Accelerating Manufacturing Digital Transformation with Industrial Connectivity and IoT
Accelerating Manufacturing Digital Transformation with Industrial Connectivity and IoTDigital transformation is empowering industrial organizations to deliver sustainable innovation, disruption-proof products and services, and continuous operational improvement.Link to Smart Manufacturing for Automotive
Smart Manufacturing for AutomotiveLeading a transportation revolution in autonomous, electric, shared mobility and connectivity with the next generation of design and development tools.Link to Center for Data Pipeline Automation
Center for Data Pipeline AutomationAs businesses become data-driven and rely more heavily on analytics to operate, getting high-quality, trusted data to the right data user at the right time is essential.Link to Center for Automated Integration
Center for Automated IntegrationThe goal of automated integration is to enable applications and systems that were built separately to easily share data and work together, resulting in new capabilities and efficiencies that cut costs, uncover insights, and much more.Link to Continuous Intelligence: Insights
Continuous Intelligence: InsightsDigital transformation requires continuous intelligence (CI). Today’s digital businesses are leveraging this new category of software which includes real-time analytics and insights from a single, cloud-native platform across multiple use cases to speed decision-making, and drive world-class customer experiences.
