Israeli security research reveals a global hacking operation

Researchers Liad Modkowitz and Ofir Harpaz discovered a cyberattack that targeted multiple organizations and compromised servers to mine cryptocurrencies or gain access to data, according to the Israel Morning Post. About 2,000 companies were attacked and used their servers as launch platforms to target more organizations, making them harder to track because the attacks were decentralized.

The main targets of cyber attacks are mainly commercial and institutional servers in the media, tourism, health and education industries in India, Vietnam and the United States. The ultimate goal of these cyberattacks on Windows servers is to mine digital currency or infect them with malware or Trojans and steal sensitive information stored there. Interestingly, the hackers removed other malicious agents’ malware and employed more sophisticated methods to ensure their exclusive access to the machine. In addition, they also removed their own Trojans and malware as a precautionary measure after they were given access.

The servers were compromised by attacking the SMB protocol developed by Microsoft. These intrusions allow cybercriminals to repeatedly access the network and subsequently sell stolen credentials on the dark web. Each compromised Windows server is estimated to be worth around $300, so multiplying that number by 2,000 organizations yields a profit of $600,000, which is a very impressive gain.

Researchers from Guardicore have released a tool that allows cybersecurity leaders to determine if their organization’s systems are vulnerable to cyberattacks, and what actions they should take to protect their systems from similar cyberattacks.