Story image

Data centres beware: New report predicts imminent attacks

26 Mar 18

Cybercrime is of course driven by the potential financial windfall, as well as the relative safety when compared to other more physical alternatives.

Cryptocurrency mining is the latest trend in illicit revenue generation by abusing the same age-old malware attack vectors previously associated with ransomware dissemination.

According to Bitdefender, cryptocurrency-enabled malware is increasingly outperforming ransomware with the rise in adoption surging over the past six months.

As an example, the number of coin miner reports increased from 9.47 percent in September 2017 to 17.54 percent in October 2017. In January this year the number sat at 21.79 percent.

Coinciding with this growth, ransomware attacks began to decrease after dropping 3.38 percentage points between November 2017 and December 2017 and continuing on a descending path.

The more cryptocurrency is mined, the more resource-intensive the process becomes, which means the current method that cybercriminals utilise to target and control pools of individual users is becoming unfeasible.

Because of this, Bitdefender expects large data centres and cloud infrastructure to be next in line as their “elastic computing power enables cybercriminals to virtually spawn and control large mining farms without paying any bills.”

It is common for data centres to allow organisations to scale their business by letting them optimise costs and computing resources based on their immediate requirements.

However, Bitdefender says this is a potential way in as if virtual infrastructures become compromised and cloud admins lose authentication credentials via searching attacks, social engineering, or unpatched security vulnerabilities, cybercriminals wrest control.

From there it’s a simple process of spooling up powerful and resource-intensive rogue virtual instances that come pre-installed with cryptocurrency mining malware.

“Since it may take several weeks – or until the bill comes in – to spot rogue virtual hosts, hackers would have already mined tens or hundreds of thousands worth of cryptocurrency while the affected organisation is left holding the power/services bill,” the report states.

Bitdefender says cybercriminals exploit new cryptojacking techniques by limiting the strain put on the CPU.

“By leveraging Powershell, scripts or advance exploits to avoid endpoint detection, attackers can effectively run mining software directly within the memory of the targeted server,” the report states.

“Because a server update is always a key business factor and because the attack does not fully throttle the CPU, it can remain undetected for a considerable time. Attackers have proven creative and can use any client or server-side attack techniques to deliver their payload and start mining away, consuming a company’s hardware resources.”

Bitdefender says it’s time (if not already) that data centres take cryptomining attacks seriously as there are a number of potentially disastrous outcomes.

Obviously, a confirmed and successful cryptojacking attack of a data centre can indicate the presence of a security gap that could be leveraged by further attacks – which could be devastating for a business’s continuity and reputation.

Bitdefender says mining for cryptocurrencies puts sustained stress on the hardware components being used – specifically CPU and GPU – which may degrade their capabilities a lot faster than estimated.

“Speeding up CPU cycles heavily impacts consolidation ratios and virtualisation density in your data centre. Which is why when workloads are infected by cryptojacking, most infrastructure admins or dev-ops quickly solve the situation by increasing resources on the workloads to bring services on-line,” the report states.

“At this point, some don’t investigate further, content that the problems are solved. Constant throttling of CPUs and GPU at 100 percent ultimately burns them out, rendering them useless. This directly translates into operational costs for the data centre as they need to be quickly replaced so as not to affect performance.”

And then there is power consumption. CPU’s under constant constrain will use more power equating to accumulated IaaS bills with no apparent cause, forcing data centres to purchase more resources to reestablish critical services.

According to Bitdefender, the amount of energy consumed is turning into a real economic problem as powerlines are becoming overburdened and hardware prices are going through the roof – particularly graphics cards.

On an interesting note, DigiConomis has estimated Bitcoin mining to be more energy-intensive and generate a larger carbon footprint than goldmining. Meanwhile, experts have predicted  that as early as 2020 cybercriminals will use the same amount of power in a year for mining as the rest of the world uses annually.

So the moral of the story? Data centres beware of mining.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.