Aditya Birla Group, one of India’s top business conglomerates is the first victim of a “cryptojacking” attack that occurred In April 2018. The attack was first detected in some of the conglomerates overseas subsidiary’s, but it quickly spread to manufacturing and other companies closer to home within days.
First in India, but Illicit Mining Is a Long-Standing Problem
Over 2,000 computers were affected in this new form of malicious activities, where the victim computers saw their processing power used to mine cryptocurrency for the hackers. Not only was processing power used, but the electricity subsequently as well, leading to virtually free tokens for the pirates.
The hackers mined Monero (XMR) – a cryptocurrency that has gained widespread usage on the dark web due to its anonymity. Compared to bitcoin, it is still under the radar, allowing hackers to transact XMR freely.
Monero could be used for transactions or exchanged for other cryptocurrencies that are more widely accepted such as bitcoin and litecoin (LTC). There is no word on how much Monero the hackers mined.
Furthermore, no data was stolen or corrupted, which shows that hackers had a purely financial incentive. Business was not disrupted, and means operations can go back to return to normal. A spokesperson reported that they “also ascertained that there was no data loss due to this activity. As an added assurance, we initiated a detailed forensic investigation which is nearing conclusion in respect of root cause analysis and preventive actions.”
The cryptojacking incident could’ve been worse, but thankfully the organization had advanced threat management systems in place that helped limit the spread of the attack and quickly handled the situation after detection.
The conglomerate’s spokesperson said:
“Aditya Birla Group has advanced threat management systems that are constantly monitoring and protecting business-critical applications and infrastructure in all Businesses. Recently, the advanced threat detection systems of our Group alerted us of suspicious activity on some desktop systems. Based on this, our internal team immediately carried out an investigation and deployed countermeasures to isolate and eliminate the cause of this activity.”
These events follow a massive cryptojacking campaign, where over 300 websites were manipulated into mining Monero as well. While the problem is not as big as ransomware, where documents are encrypted, and the password is only given once cryptocurrency is sent, this scaled attack does show the problem is growing.