Story image

Data centres beware: New report predicts imminent attacks

26 Mar 18

Cybercrime is of course driven by the potential financial windfall, as well as the relative safety when compared to other more physical alternatives.

Cryptocurrency mining is the latest trend in illicit revenue generation by abusing the same age-old malware attack vectors previously associated with ransomware dissemination.

According to Bitdefender, cryptocurrency-enabled malware is increasingly outperforming ransomware with the rise in adoption surging over the past six months.

As an example, the number of coin miner reports increased from 9.47 percent in September 2017 to 17.54 percent in October 2017. In January this year the number sat at 21.79 percent.

Coinciding with this growth, ransomware attacks began to decrease after dropping 3.38 percentage points between November 2017 and December 2017 and continuing on a descending path.

The more cryptocurrency is mined, the more resource-intensive the process becomes, which means the current method that cybercriminals utilise to target and control pools of individual users is becoming unfeasible.

Because of this, Bitdefender expects large data centres and cloud infrastructure to be next in line as their “elastic computing power enables cybercriminals to virtually spawn and control large mining farms without paying any bills.”

It is common for data centres to allow organisations to scale their business by letting them optimise costs and computing resources based on their immediate requirements.

However, Bitdefender says this is a potential way in as if virtual infrastructures become compromised and cloud admins lose authentication credentials via searching attacks, social engineering, or unpatched security vulnerabilities, cybercriminals wrest control.

From there it’s a simple process of spooling up powerful and resource-intensive rogue virtual instances that come pre-installed with cryptocurrency mining malware.

“Since it may take several weeks – or until the bill comes in – to spot rogue virtual hosts, hackers would have already mined tens or hundreds of thousands worth of cryptocurrency while the affected organisation is left holding the power/services bill,” the report states.

Bitdefender says cybercriminals exploit new cryptojacking techniques by limiting the strain put on the CPU.

“By leveraging Powershell, scripts or advance exploits to avoid endpoint detection, attackers can effectively run mining software directly within the memory of the targeted server,” the report states.

“Because a server update is always a key business factor and because the attack does not fully throttle the CPU, it can remain undetected for a considerable time. Attackers have proven creative and can use any client or server-side attack techniques to deliver their payload and start mining away, consuming a company’s hardware resources.”

Bitdefender says it’s time (if not already) that data centres take cryptomining attacks seriously as there are a number of potentially disastrous outcomes.

Obviously, a confirmed and successful cryptojacking attack of a data centre can indicate the presence of a security gap that could be leveraged by further attacks – which could be devastating for a business’s continuity and reputation.

Bitdefender says mining for cryptocurrencies puts sustained stress on the hardware components being used – specifically CPU and GPU – which may degrade their capabilities a lot faster than estimated.

“Speeding up CPU cycles heavily impacts consolidation ratios and virtualisation density in your data centre. Which is why when workloads are infected by cryptojacking, most infrastructure admins or dev-ops quickly solve the situation by increasing resources on the workloads to bring services on-line,” the report states.

“At this point, some don’t investigate further, content that the problems are solved. Constant throttling of CPUs and GPU at 100 percent ultimately burns them out, rendering them useless. This directly translates into operational costs for the data centre as they need to be quickly replaced so as not to affect performance.”

And then there is power consumption. CPU’s under constant constrain will use more power equating to accumulated IaaS bills with no apparent cause, forcing data centres to purchase more resources to reestablish critical services.

According to Bitdefender, the amount of energy consumed is turning into a real economic problem as powerlines are becoming overburdened and hardware prices are going through the roof – particularly graphics cards.

On an interesting note, DigiConomis has estimated Bitcoin mining to be more energy-intensive and generate a larger carbon footprint than goldmining. Meanwhile, experts have predicted  that as early as 2020 cybercriminals will use the same amount of power in a year for mining as the rest of the world uses annually.

So the moral of the story? Data centres beware of mining.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.