Researchers Uncover Operation Prowli: A Traffic Manipulation and Cryptocurrency Mining Campaign
A recent discovery by researchers has revealed a sophisticated traffic manipulation and cryptocurrency mining campaign known as Operation Prowli. This campaign has been infecting a wide range of organizations across various industries including finance, education, and government. Reports indicate that over 40,000 machines have already been compromised by this malicious campaign.
Methods Used by Attackers
The GuardiCore Labs team found that the attackers behind Operation Prowli have been using a combination of exploits, password-brute-force attacks, and weak configurations to successfully spread malware and malicious code. The campaign targets a diverse array of platforms including CMS servers hosting popular websites, backup servers running HP Data Protector, DSL modems, and even IoT devices.
Victims of Operation Prowli
More than 9,000 companies have fallen victim to the Operation Prowli campaign. The attackers are engaging in traffic monetization fraud by redirecting unsuspecting users to fake websites through tech support scams and malicious browser extensions. This tactic has proven to be highly effective in luring users away from legitimate websites.
Discovery and Analysis
The campaign was first identified on April 4th when a series of secure-shell (SSH) attacks were found communicating with a command-and-control (C&C) server. These attacks were downloading attack tools and a cryptocurrency miner named r2r2. The researchers were able to trace the campaign across multiple networks and industries, highlighting the widespread nature of the attacks.
Protecting Against Crypto-Jacking Attacks
Experts emphasize the importance of automated patching, continuous assessment, and remediation to prevent these types of attacks. Dan Hubbard, chief security architect at Lacework, warns that attackers are increasingly targeting mobile devices and public cloud computing environments to launch high-performance GPU workloads. Monitoring network traffic, implementing segmentation, and regularly reviewing access controls are crucial steps in safeguarding against crypto-jacking attacks.
Overall, the discovery of Operation Prowli serves as a stark reminder of the evolving threat landscape facing organizations today. Vigilance, proactive security measures, and a thorough understanding of the tactics used by cybercriminals are essential in defending against such malicious campaigns.