SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Data centres beware: New report predicts imminent attacks
Mon, 26th Mar 2018
FYI, this story is more than a year old

Cybercrime is of course driven by the potential financial windfall, as well as the relative safety when compared to other more physical alternatives.

Cryptocurrency mining is the latest trend in illicit revenue generation by abusing the same age-old malware attack vectors previously associated with ransomware dissemination.

According to Bitdefender, cryptocurrency-enabled malware is increasingly outperforming ransomware with the rise in adoption surging over the past six months.

As an example, the number of coin miner reports increased from 9.47 percent in September 2017 to 17.54 percent in October 2017. In January this year the number sat at 21.79 percent.

Coinciding with this growth, ransomware attacks began to decrease after dropping 3.38 percentage points between November 2017 and December 2017 and continuing on a descending path.

The more cryptocurrency is mined, the more resource-intensive the process becomes, which means the current method that cybercriminals utilise to target and control pools of individual users is becoming unfeasible.

Because of this, Bitdefender expects large data centers and cloud infrastructure to be next in line as their “elastic computing power enables cybercriminals to virtually spawn and control large mining farms without paying any bills.

It is common for data centers to allow organisations to scale their business by letting them optimise costs and computing resources based on their immediate requirements.

However, Bitdefender says this is a potential way in as if virtual infrastructures become compromised and cloud admins lose authentication credentials via searching attacks, social engineering, or unpatched security vulnerabilities, cybercriminals wrest control.

From there it's a simple process of spooling up powerful and resource-intensive rogue virtual instances that come pre-installed with cryptocurrency mining malware.

“Since it may take several weeks – or until the bill comes in – to spot rogue virtual hosts, hackers would have already mined tens or hundreds of thousands worth of cryptocurrency while the affected organisation is left holding the power/services bill,” the report states.

Bitdefender says cybercriminals exploit new cryptojacking techniques by limiting the strain put on the CPU.

“By leveraging Powershell, scripts or advance exploits to avoid endpoint detection, attackers can effectively run mining software directly within the memory of the targeted server,” the report states.

“Because a server update is always a key business factor and because the attack does not fully throttle the CPU, it can remain undetected for a considerable time. Attackers have proven creative and can use any client or server-side attack techniques to deliver their payload and start mining away, consuming a company's hardware resources.

Bitdefender says it's time (if not already) that data centers take cryptomining attacks seriously as there are a number of potentially disastrous outcomes.

Obviously, a confirmed and successful cryptojacking attack of a data center can indicate the presence of a security gap that could be leveraged by further attacks – which could be devastating for a business's continuity and reputation.

Bitdefender says mining for cryptocurrencies puts sustained stress on the hardware components being used – specifically CPU and GPU – which may degrade their capabilities a lot faster than estimated.

“Speeding up CPU cycles heavily impacts consolidation ratios and virtualisation density in your data center. Which is why when workloads are infected by cryptojacking, most infrastructure admins or dev-ops quickly solve the situation by increasing resources on the workloads to bring services on-line,” the report states.

“At this point, some don't investigate further, content that the problems are solved. Constant throttling of CPUs and GPU at 100 percent ultimately burns them out, rendering them useless. This directly translates into operational costs for the data center as they need to be quickly replaced so as not to affect performance.

And then there is power consumption. CPU's under constant constrain will use more power equating to accumulated IaaS bills with no apparent cause, forcing data centers to purchase more resources to reestablish critical services.

According to Bitdefender, the amount of energy consumed is turning into a real economic problem as powerlines are becoming overburdened and hardware prices are going through the roof – particularly graphics cards.

On an interesting note, DigiConomis has estimated Bitcoin mining to be more energy-intensive and generate a larger carbon footprint than goldmining. Meanwhile, experts have predicted  that as early as 2020 cybercriminals will use the same amount of power in a year for mining as the rest of the world uses annually.

So the moral of the story? Data Centers beware of mining.