Hackers like any good conmen are always looking for the next way to take advantage of a situation to make their next quick buck.
In contrast to what we see in Hollywood, today’s hackers are not looking to outdo each other with the next ingenious 0-day, but instead are seeking out easy ways to make a payday on the backs of their victims.
While massive data breaches like we saw in the Equifax hack back in September of 2017 netted the attackers the personally identifiable information belonging to some 145.9 million people that could be used for future fraud activities, some new hackers may have found a way to use their talents for a more direct kind of monetary generation.
Welcome to the Era of Cryptojacking
Last year cryptocurrencies like Bitcoin emerged from the niche hacker communities to go mainstream, drawing investments from the masses that pushed up its value and in part led to the growth of new kinds of cryptocurrencies that their creators hoped could make them overnight millionaires.
For those with only a passing familiarity with cryptocurrencies, they are created by “mining” wherein a computer is used to perform various puzzle solving functions that help to verify the transactions on the blockchain. The miner is then rewarded for using their device’s CPU efforts with tokens of the cryptocurrency, which they can use for their own transactions. This kind of work can be very taxing on a CPU, which is meant to help limit the amount of tokens (cryptocurrency) that a miner can generate, and thus keep inflation under control.
Cryptocurrencies have been a favorite of hackers and others in the black and grey markets since they represent an easy way to send payments for goods like lists of credit card numbers or other stolen data. The current favorite (since Bitcoin is for normies at this point) is a token called Monero. Its popularity among the hoodie-wearing folks stems from the obfuscation that blocks from view important blockchain details like who is sending money to whom, and how much. This keeps their transactions a bit more private than the public ledger-based Bitcoin.
Security researcher Troy Mursch has been closely following the developments in this space, reporting on cases like the targeting of the San Diego Zoo and the government of Chihuahua, Mexico with the Coinhive program.
Mursch found that hackers were using a remote execution exploit in the open source content management system software Drupal to inject the malicious code. Similar to web applications like WordPress, Drupal is believed to be used by over a million websites for uploading content. Despite the fact that this vulnerability — and a fix for protecting against the exploit —was reported back in March, Mursch reported in June that upwards of 115,000 websites were likely still vulnerable to hackers.
No More Freeloading for Hackers
While some may count themselves lucky that hackers targeting them with a cryptojacking attack are not taking the opportunity to use the breach to deface their websites, alter content in a way that harms their integrity or possibly worse in stealing their database of user information, there are still costs involved in this kind of breach. These freeloaders are sucking up valuable computing power which can slow down your web application and impact the user experience. Keeping your site up and running is difficult enough under regular circumstances. You do not need parasites slowing you down even more.
So how is the best way to defend against attacks like we have seen with the vulnerable Drupal software?
First and foremost is to know which software components you are using on your website. When it comes to open source components like Drupal, this can be a difficult task if you are not using the right kinds of technology.
As a third-party reusable open source software component, developers are unfortunately not always on top of what they are using and whether or not it is up to date. Developers depend on open source components for building their applications since it allows them to add powerful features without having to write the code themself, helping them meet those tight release deadlines.
The problem arises though when a new vulnerability is disclosed to the public security advisories and databases like the National Vulnerability Database (NVD). Hackers use the exploits in popular projects to target multiple victims who are using the same open source component in their applications. Unless they are constantly checking these databases and keeping up to date inventories of the components in their products, they are unlikely to be aware of the fact that they need to perform the fix.
However if they are using an application security testing tool like Software Composition Analysis (SCA) which is automatically and continuously updating their inventory lists by identifying new open source components, and following new vulnerability disclosures, then they can receive automated alerts when their products are at risk of exploit by hackers.
Staying a Step Ahead of the Hackers
Like we have seen in the case of the Drupal vulnerability, even when word of a vulnerability has made it out to the masses, far too many organizations have been simply too slow to patch their systems. Maintaining security for your organization is all about staying a step ahead of the hackers as they race to find victims who have been too slow to patch.
Developers depend on using open source software like Drupal to get the job done faster and more efficiently. However with great power comes great responsibility, and they need to use the right tools for the job and of course stay on top of updating their open source components when fixes become available.
Rami Sass is CEO and Co-Founder of WhiteSource, the leading open source security and compliance management platform. Rami is an experienced entrepreneur and executive with vast experience in defining innovative products, leading technology groups and growing companies from seed level to business maturity.