Breaking Down a Costly Hack Attack

Wednesday, June 18, 2014 @ 10:06 AM gHale


A hacker found, and took advantage of, vulnerabilities in the DiskStation Manager (DSM) operating system running Synology network access storage boxes and made off with $600,000 in crypto currency.

The security flaws ended up disclosed by security researcher Andrea Fabrizi back in September last year. Those flaws allowed the hacker to gain unauthorized administrative privileges on the network access storage (NAS) boxes.

RELATED STORIES
Attackers Eye Cloud Systems
Attackers Exploit Privileged Accounts
Highway Sign Fix: Change Default Password
SCADA Hack Uncovered
Utility Attacked

NAS are devices intended to operate as a file server in a network that allows the sharing of files between computers.

Synology released a fix for an issue in DSM that permitted unauthorized remote reading and writing on the NAS devices in 2013 and another update that targeted the symptoms caused by the hidden crypto mining utility.

An analysis conducted by Dell SecureWorks showed the configuration file of the threat, placed in a folder called “PWNED,” contained plenty of parameters hinting at a crypto currency mining.

The malware used in this case was CPUMiner, but the attackers modified it a bit to work on this specific type of devices.

Since mining for digital currency requires large amounts of resources, the symptoms of the infection consisted in high CPU usage.

“CPUMiner connected out to a server located at ‘178.254.21.142’ on port 8332. This address was not known to any publically available mining pools, and was thus likely a private pool used by the threat actor for personal gain,” notes the SecureWorks report.

The researchers ended up finding an encoded representation of a block chain, which revealed the objective of the attacker was not to create bitcoins, but an equivalent called Dogecoin.

Dogecoin is also a decentralized, peer-to-peer digital currency used for sending money online.

SecureWorks researchers found the attacker’s public key that corresponded to a specific Dogecoin wallet address.

“By exploring the Dogecoin block chain … we were able to tally a total mined value of over 500 Million Doge, or roughly $620,496 (the bulk of which was earned in January and February of this year),” the researchers said.



Leave a Reply

You must be logged in to post a comment.