ACSC Exploited Vulnerabilities of Cryptojacking Malware Attacks

Australian Cyber Security Center (ACSC) revealed that cybercriminals were vulnerable to attacks using cryptojacking malware.

29 June, 2020 | AtoZ Markets – ACSC is the Australian Government lead agency that prevents and combat cybersecurity threats. A group of cybercriminals hacked the Australian network last week. Attackers are targeting publicly-facing infrastructure for remote code execution exploits, often picking an unpatched version of the Telerik user interface (UI).

ACSC Exploited Four Critical Vulnerabilities on Cyberattack 

However, ACSC exploited four important vulnerabilities of cryptojacking malware attacks in the Telerik user interface. They are CVE-2019-18935, CVE-2017-9248, CVE-2017-11317, and CVE-2017-11357. Exploit code has been open for some time.

CVE-2019-18935 is being leveraged by multiple threat groups, for cryptocurrency mining purposes. One of them is Blue Mockingbird which recently infected Monero (XMR) mining software. But it does not indicate that such a gang participated in a cyber-attack on Australia. ACSC said:

 “Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; the payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the webroot and wrote that path to a file within the web root.”

Some Australian officials believe that China may be behind a large-scale cyberattack. They also cited foreign affairs between the two countries and suggested such a possibility. Based on the investigation, ACSC also made recommendations on how to reduce the risk of a hack. One of the best ways is “prompt patching of internet-facing software, operating systems, and devices.” This includes using the latest versions of software and operating systems.

“Australian organizations must be alert to this threat and take steps to enhance the resilience of their networks,” the ACSC warned. “Cybersecurity is everyone’s responsibility.”

Think we missed something? Let us know in the comment section below.

Share Your Opinion, Write a Comment