Guide for Bitcoin & Litecoin mining
5 stars based on
46 reviews
But hackers probably have less desire than most to be in the public eye and sensationalized ransomware headlines bring them unwanted attention. His client had mentioned to him in the middle of the week that the applications on one of his test servers was running slow. While my friend was intrigued, he did not at the time give it much thought.
This client was not using his managed services offering which meant that he was not necessarily responsible for troubleshooting their performance issues. Then the next day his client called him back and said that now all his servers hosting this application — test, dev, client acceptance, and production — were running slow.
This piqued his interest, so he offered resources to help troubleshoot the issue. The client then allowed Cloud Shift to log into these servers to investigate the issue. This did not seem right, especially considering that it was early on a Saturday morning when the applications should mostly be idle. After doing a little more digging around on each server, they discovered a mysterious multi-threaded process running on each server that was consuming all their CPU resources.
Further, the process also had opened up a networking port to a server located in Europe. Even more curious, the executable that launched the process had been deleted after the process started. It was as if someone was trying to cover their tracks. At this point, suspecting the servers had all been hacked, Cloud Shift checked to see if there were any recent security alerts. On March 28,Drupal issued a security advisory that if you were not running Drupal 7. To help their client, Cloud Shift killed the bitcoin mining process on each of these servers before calling his client to advise them to patch Drupal ASAP.
The story does not end there. In this case, his client did not patch Drupal quickly enough. Sometime after Cloud Shift killed the bitcoin mining processes, another hacker leveraged that same Drupal security flaw and performed the same hack. By the time his client came to work on Monday, there were bitcoin mining processes running on those servers that again consumed all their CPU cycles. What Cloud Shift found especially interesting was how the executable file that the new hackers had installed worked.
In reviewing their code, the first thing it did was to kill any pre-existing bitcoin mining processes started by other hackers. This freed all the CPU resources to handle bitcoin mining processes started by the new hackers.
Everyone is rightfully worried about ransomware but bitcoin mining may not hit corporate radar screens. A bitcoin mining hack may go unnoticed for long periods of time and may not be reported by companies or prosecuted by these criminal justice agencies even when reported because it is easy to perceive this type of hack as a victimless crime. Further, one should assume hackers will only become more sophisticated going forward.
Expect hackers to figure out how to install bitcoin mining processes that run without consuming all CPU cycles so these processes remain running and unnoticed for longer periods of time. Hosting your data and processes in the cloud does not protect your data and your processes against these types of attacks.
AWS has all the utilities available to monitor and detect these rogue processes. That said, organizations still need someone to implement these tools and then monitor and manage them. Companies may be relieved to hear that some hackers have stopped targeting their data and are instead targeting their processors to use them for bitcoin mining. However, there are no victimless crimes. Your pocket book will still get hit in cases like this as Amazon will bill you for using these resources.
In cases like this, if companies start to see their AWS bills going through the roof, it may not be the result of their businesses. To avoid this scenario, companies should ensure they have the right internal people and processes in place to keep their applications up-to-date, to protect infrastructure from attacks, and to monitor their infrastructures whether hosted on-premise or in the cloud. Wendt founded the company in September