As valuations soar, attackers find ever more powerful CPUs to covertly conscript.
The sky-high valuations of cryptocurrencies isn't lost on hackers, who are responding with increasingly sophisticated attacks that covertly harness the computers and electricity of unwitting people to generate digital coins worth large sums of money.
One example is a recently uncovered mass hack of servers that has mined about $6,000 worth of the cryptocurrency known as AEON in the past 23 days. Based on the rate the underlying cryptographic hashes are being generated, Morphus Labs Chief Research Officer Renato Marinho estimated that about 450 separate conscripted machines are participating. Marinho analyzed one of the servers and found that attackers gained control over it by exploiting CVE-2017-10271, a critical vulnerability in Oracle's WebLogic package that was patched in October. The owner of the compromised server, however, had yet to install the fix."The exploit is pretty simple to execute and comes with a Bash script to make it easy to scan for potential victims," Marinho wrote in a blog post published Sunday. "In this case, the campaign objective is to mine cryptocurrencies, but, of course, the vulnerability and exploit can be used for other purposes."
The post said the currency being mined is known as Monero. On Monday, however, the researcher told Ars he finally gained access to the attackers' mining pool, which showed the currency was, in fact, AEON.
The exploit used on the machine Marinho examined shut down WebLogic, presumably in an attempt to reduce the load put on the CPUs of the compromised machine. Killing WebLogic makes it easy for victims to know when they have been compromised, but the exploit the researcher reviewed could easily have been modified in later attacks to ensure WebLogic continues to operate normally. The number of coins generated over the past 23 days suggests many operators remain unaware their servers have been hacked.
Researchers from security firm F5 documented a slightly more elaborate campaign in December that, as of December 15, had generated more than $8,500 in Monero. The attack code used in that case exploited servers running outdated versions of the DotNetNuke content management system and the Apache Struts 2 Web application framework.
The latter vulnerability, by the way, was CVE-2017-5638, the same flaw that attackers used to hack Equifax and steal data for as many as 143 million US consumers.
For added effectiveness, the attack also incorporated two exploits developed by the National Security Agency before they were stolen and published in April by a mysterious group known as the Shadow Brokers. Codenamed "EternalBlue" and "EternalSynergy," the NSA-developed Windows exploits allowed infections to spread from infected DotNetNuke or Apache Struts 2 servers to Windows computers inside compromised networks, as long as the Windows machines hadn't installed a patch Microsoft released in March.
The campaigns documented by Morphus and F5 follow the discovery in October of a surge of sites and malicious apps that covertly mine cryptocurrencies. The devices targeted in those attacks were mostly low-powered phones and consumer computers. By targeting higher-powered servers, the newer campaigns have the potential to generate larger amounts of digital coins. Given the number of unpatched servers and the irrationally sharp increase in currency market capitalizations in recent months, similar campaigns are likely to increase.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to
ReplyDelete(hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.
Contact him now and thank me later.