LA Times Hit with Crypto-Mining Software
The LA Times website was found to be hosting crypto-mining software as a result of a hack.
According to Troy Mursch, a security researcher at the Bad Packets Report, attackers were able to exploit an improperly configured Amazon Web Services (AWS) S3 cloud storage bucket to gain access to the site, injecting the Coinhive software script into the proceedings. The affected page was the Homicide Report, which reports on those murdered in the last 12 months in Los Angeles county.
In this case, the script was set to mine at non-maximum levels, thus consuming less compute power and allowing it to go undetected, possibly for as long as two weeks, according to the researcher.
"Last year, we saw a spate of breaches where hackers went after valuable data in the public cloud. But data is not the only valuable asset in the cloud,” he said. “Now we're starting to see hackers steal compute cycles for crypto-mining. By flying under the radar, these illegal mining operations can go undetected for months, racking up the public cloud bill and costing millions."
Carl Wright, chief revenue officer, AttackIQ, pointed out that the frequency of cloud misconfiguration incidents should be putting companies on notice to lock down their infrastructure. “This is seriously getting ridiculous,” he said via email.
“It’s another all-too-common tale for organizations – and it could have been avoided,” he said. “The attack surface has significantly expanded for many enterprises – without any guarantee of uniform security controls and processes. Consequently, it’s even more imperative that organizations assume attackers are constantly testing security controls for misconfigurations. If organizations are not continuously validating their security controls at this stage of the game, they are going to end up a headline. How many more epic failures that could have been prevented will it take before people start testing?”
Source: Information Security Magazine