EXECUTIVE SUMMARY:

Enterprise servers are in danger. A cyber criminal group known as Blue Mockingbird has exploited a new, hard-to-patch vulnerability, known as CVE-2019-18935, across thousands of systems.

Once hackers gain full access into servers, they download and install a version of XMRRig, a popular cryptomining currency app.

Organizations with public-facing web servers should be concerned about this type of security incident. Affected enterprises range from IT service providers, to healthcare organizations. No industry vertical is immune.

How to avoid infection?

Computer applications that are out of date can expose companies to this type of attack. “In many cases, organizations may not have an option to update their vulnerable apps. In these cases…companies would need to ensure that they block exploitation attempts…at their firewall level,” reports ZDNet.

Organizations are also advised to examine signs of potential compromise at the server and workstation level.

In addition, security researchers suggest patching all web servers, web applications and dependencies of the applications to prevent breaches. “Most of the techniques used by Blue Mockingbird will bypass whitelisting technologies, so the best route will be to inhibit initial access,” state cyber security researchers.

For more information on this story, visit ZDNet.