Cybercrime , Endpoint Security , Fraud Management, Cybercrime

Aditya Birla Group Hit by Cryptojacking Attack

Attack Infects 2,000 Computers; What Can Others Do to Mitigate Risks?
Aditya Birla Group Hit by Cryptojacking Attack

Aditya Birla Group, one of the largest conglomerates in India, has been cryptojacked, with more than 2,000 computers of various companies within the group affected, the Economic Times reports.

See Also: Live Webinar | Benchmarking Your Organization's Security Performance with Security Ratings

Cryptojacking is the infiltration of malware to enable browser-based mining of cryptocurrencies on infected websites (see Cryptojacking: Mitigating the Impact).

The attack was first detected about a month ago at one of the group's overseas subsidiaries. Within days, the malware found its way into some of the group's manufacturing and other services companies, the Economic Times reports.

In a statement, a company spokesperson says: "Aditya Birla Group has advance threat management systems that are constantly monitoring and protecting business critical applications and infrastructure in all businesses. Recently, the advanced threat detection systems of our group alerted us of suspicious activity on some desktop systems. Based on this, our internal team immediately carried out an investigation and deployed countermeasures to isolate and eliminate the cause of this activity."

The countermeasures limited the spread of the malware, the company states. "We also ascertained that there was no data loss due to this activity," according to the statement. "As an added assurance, we initiated a detailed forensic investigation which is nearing conclusion in respect of root cause analysis and preventive actions."

The incident is believed to be the first major cryptojacking attack in India.

"Crytojacking is a relatively new phenomenon. It has been on the rise since the middle of 2017. Though countries in the West have been impacted, it's surely a first for India if we consider the scale of attack," says a Pune-based security practitioner, who did not wish to be named.

The digital currency that was mined in the attack apparently was Monero. "Monero is relatively less scrutinized when compared to bitcoins. This could be the reason behind it being mostly used in cryptojacking," the practitioner says.

Cryptojacking is gaining traction as a profitable and anonymous attack that requires minimal effort. Since September 2017, more than 5,000 websites have been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by hijacking site visitors' CPU power, tweets Kelly S, a Canadian computer consultant.

Cryptojacking Attack Process

Cryptojacking involves using the computing power of a targeted device to mine cryptocurrency. Mining refers to solving computationally intensive mathematical tasks, which are used to verify the blockchain, or public ledger, of transactions. As an incentive, anyone who mines for cryptocurrency has a chance of getting some cryptocurrency back as a reward.

"For a criminal, the motive behind cryptomining is using computing power of victims to make money while victims foot the electricity bill," says Jiten Jain, CEO at Voyager InfoSec, a software consultancy firm.

Not Easily Detectable

Apart from power usage, cryptojacking doesn't directly cause any harm to victims. "Affected users will notice their device slowing down due to the high CPU usage in addition to higher electricity bills. This process also generates a lot of heat, and we've seen physical damage of devices," says Vijay Nair, manager, forensics technology at KPMG Vietnam.

Detecting a cryptojacking attack can be difficult. "Even employee training is less effective in such cases," Nair says. "There are no particular sites which we can ask employees not to visit or anything in particular we can ask them not to do. Though when an attack is discovered, IT admins could temporarily ban the infected webpage until the fault gets rectified."

Jain explains: "It's very difficult to detect and stop modern cryptojacking attacks as they use harmless looking Java scripts. Since Java scripts are used by almost all websites and enabled by default in all browsers, it's easy to carry out cryptojacking attacks."

Mitigation Steps

Among the key mitigation steps that can be taken are: using browser extensions that block mining scripts, adopting the browser isolation model and carefully monitoring endpoint devices' use of resources.

In a browser-based cryptojacking, a cryptocurrency mining code is embedded into a website, and site visitors run the mining code via their browser. So companies need to regularly review scripts run on their systems.


About the Author

Suparna Goswami

Suparna Goswami

Principal Correspondent, ISMG

Suparna Goswami is principal correspondent at ISMG Asia and has more than 10 years of experience in the field of journalism. She has covered a variety of beats ranging from global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine, and leading Indian newspapers like DNA and Times of India.




Around the Network