An oil transportation company discovered someone had installed Monero-mining software on its systems without its authorization.

On 14 December, Vladimir Rushailo, vice president of the Russian state-owned transport monopoly Transneft, revealed that the company had found that one of its computers had automatically downloaded software designed to mine the Bitcoin rival. As quoted in a statement provided to Reuters:

Incidents where the company’s hardware was used to manufacture cryptocurrency have been found. It could have a negative impact on the productivity of our processing capacity.

The company subsequently deleted the program from the computer. It also implemented “programs to block such downloads in the future.”

Transneft has not provided any details about what caused the computer to download the cryptocurrency miner, including whether a malicious insider or external actor might have hacked the workstation. What is clear, however, is that these types of attacks are growing in frequency. Pavel Lutsik, a head of information security projects with Croc IT firm, agrees:

More and more people have learn[ed] that, in fact, they do not even need to stand up from the sofa to make money – if they are not caught.

Transneft logo. (Source: Twitter)

In recent months, several organizations including Ultimate Fighting Championship and Showtime have removed CoinHive and other Monero miners that slowed down visitors’ computers from their websites. Attackers have also gone after companies’ internal networks directly in order to mine cryptocurrencies. F5 threat researchers detected one such campaign dubbed “Zealot” that leverages the Apache Struts Jakarta Multipart Parser attack as well as a flaw affecting the DotNetNuke (DNN) content management system to compromise vulnerable systems. It then leverages EternalSynergy and EternalBlue, the same Microsoft vulnerability exploited by WannaCry and NotPetya, to move laterally inside the network, find Windows and Linux computers, and seize them for (Read more...)