After Tesla and Los Angeles Times, Oracle's vulnerabilities exploited by Miners
Mar 03, 2018 Posted / 4678 Views
Just days back when Tesla's Amazon public cloud server was found to be exploited by hackers for cryptocurrency mining, everyone was hazy as to how hackers remained a step ahead of the defenders and misused the loopholes. Now Trend Micro has come with its research and suggested that it has found an Oracle vulnerability abused by hackers in a new drive to convert servers into mining farms for Monero.
Hacking servers are used to mine cryptocurrency, and the other way is to generate power through the visitor's computers. This rage is on a high these days in hacking world and fosters of this idea remain a loop finding new vulnerabilities to target for their benefit.
Trend Micro report suggests that a vulnerability which was found in Oracle's WebLogic suite allows hackers to inject systems with mining software. WebLogic is a necessary element in Oracle servers for those who want to extend on Java applications.
The attackers could carry a payload of two situations of XMRig, an ordinary Monero miner. In one of the examples, it runs on a 32-bit architecture, and the second one employs the 64-bit architecture.
If we ask for any significant differentiation that the two miners may provide at any point in time, there could be none because if we talk about the 64-bit version, it would ultimately utilize the higher registers of the Central Processing Unit. Preferably, the malware analyses if the system is harmonious with 64-bit software. If it is otherwise, then the malware will download the 32-bit version and run it.
“A coin-mining malware tries to infect as many devices as possible since it takes an extraordinary amount of computing power to mine any cryptocurrency substantially. With two payload systems, both of which are capable of starting automatically and daily, the malware developers of this particular exploit have more chances to infect machines and use them for crypto-mining,” Trend Micro emphasizes in its report.
The new drive makes confident the mining software commences simultaneously with the servers. This makes it improbable for officials to resolve the issue by merely restarting the computing systems. In a more recent example of hackers targeting companies like Tesla who are running on Amazon Web Services (AWS).
Tesla was slumped and exploited when hackers used its password-free Kubernetes panel to obtain its AWS account to mine cryptocurrencies. In this specific occurrence, the aggressive attackers conceived their mining pool inside the third-party foundation.
In yet similar example, the Los Angeles Times had also been slapped with a similar hack just a few days ago. Its AWS cloud storage was exploited and captured to insert a script from Coinhive that mined Monero using website visitors’ computers.
Interestingly, this incident had an outlandish plot: the hacker left a generous note, stating the newspaper its settings left it vulnerable and asked it to “please fix this before a bad guy finds it.”
We are not sure how many more such incidents will occur before, there will be any possible inspection of the loopholes in the more prominent companies systems. Till then the hackers will enjoy their feast.
Applancer is an open platform for discussion on all things like Blockchain , Cryptocurrency and Ico news updates. As such, the opinions expressed in this article are the author's own and do not necessarily reflect the view of Applancer .
Hottest Blockchain Newsletter
For updates and exclusive offers, enter your e-mail below.