This week researchers discovered that hackers have been scanning websites searching for those that currently run the Ethereum mining script, ethos. The hackers targeted software that was using ethOS default SSH credentials. According to reports, hackers have been exploiting the SSH credentials to infiltrate the mining system and replace the site owner's Ethereum wallet with their own. After switching the wallet IDs, funds were sent to the hackers and not to the rightful owner.
The attack was launched this past Monday but was soon reported by the Romania-based cybersecurity company, Bitdefender. According to the firm’s honeypot logs, hackers tried two different SSH login credential combos: ethos:live and root:live. After conducting an investigation, the researchers at Bitdefender were able to trace these two combinations to ethOS. This is a mining software featuring a 64-bit stripped-down Linux distro which specializes in Graphics Processing Units (GPU) cryptocurrency mining. The software mainly mines Ethereum, Monero, and Zcash, as well as several lesser-known altcoins.
According to ethOS, over 38,000 mining rigs are currently running and active on their operating system. However, depending on the administrator’s security measures, some rigs are more vulnerable than others. The moment the rig owner changes the ethOS default credentials and creates a firewall, they are more protected from hackers.
According to a senior security analyst from the security firm, Bogdan Botezatu, the team was successful in tracing the responsible hacker’s wallet ID. In addition, the team confirmed that during the entirety of their campaign, the hackers only managed to get away with 10 Ethereum transactions totaling $601 USD.
Botezatu warned all ethOS mining rig owners to immediately change the default login credentials and set up a firewall to prevent malicious attacks. Moreover, all ethOS users should double-check whether the correct wallet ID is still in place.
Cryptocurrency users have experienced increased attacks in the past year. A report, published by Rapid7's National Exposure Index, revealed that over 20 million devices with SSH ports are currently vulnerable to attack and accessible online. In September, researchers from ESET detected an attacker targeting Monero mining scripts. To date, the attacker generated over $63,000. In addition, the Kaspersky Lab discovered earlier this week that attackers were utilizing the CryptoShuffler Trojan which allowed them to monitor PC clipboards and switch wallet IDs with their own. To date, the unknown attackers have stolen over $150,000 worth of cryptocurrency.
In August, cybersecurity researcher, Victor Gevers, discovered 3,000 unsecured and vulnerable Bitcoin mining scripts. Most of these scripts were traced to China. Earlier this year, cybersecurity experts detected a backdoor in Bitmain’s Antminer ,which left its mining rigs’ information vulnerable. Since its discovery, Bitmain has addressed the concern.
The security firm, Wordfence, also confirmed that hackers have targeted WordPress for websites that contained SSH private keys. This report emphasized the huge failure of site administrators worldwide to implement proper SSH security measures.
The attack was launched this past Monday but was soon reported by the Romania-based cybersecurity company, Bitdefender. According to the firm’s honeypot logs, hackers tried two different SSH login credential combos: ethos:live and root:live. After conducting an investigation, the researchers at Bitdefender were able to trace these two combinations to ethOS. This is a mining software featuring a 64-bit stripped-down Linux distro which specializes in Graphics Processing Units (GPU) cryptocurrency mining. The software mainly mines Ethereum, Monero, and Zcash, as well as several lesser-known altcoins.
According to ethOS, over 38,000 mining rigs are currently running and active on their operating system. However, depending on the administrator’s security measures, some rigs are more vulnerable than others. The moment the rig owner changes the ethOS default credentials and creates a firewall, they are more protected from hackers.
According to a senior security analyst from the security firm, Bogdan Botezatu, the team was successful in tracing the responsible hacker’s wallet ID. In addition, the team confirmed that during the entirety of their campaign, the hackers only managed to get away with 10 Ethereum transactions totaling $601 USD.
Botezatu warned all ethOS mining rig owners to immediately change the default login credentials and set up a firewall to prevent malicious attacks. Moreover, all ethOS users should double-check whether the correct wallet ID is still in place.
Cryptocurrency users have experienced increased attacks in the past year. A report, published by Rapid7's National Exposure Index, revealed that over 20 million devices with SSH ports are currently vulnerable to attack and accessible online. In September, researchers from ESET detected an attacker targeting Monero mining scripts. To date, the attacker generated over $63,000. In addition, the Kaspersky Lab discovered earlier this week that attackers were utilizing the CryptoShuffler Trojan which allowed them to monitor PC clipboards and switch wallet IDs with their own. To date, the unknown attackers have stolen over $150,000 worth of cryptocurrency.
In August, cybersecurity researcher, Victor Gevers, discovered 3,000 unsecured and vulnerable Bitcoin mining scripts. Most of these scripts were traced to China. Earlier this year, cybersecurity experts detected a backdoor in Bitmain’s Antminer ,which left its mining rigs’ information vulnerable. Since its discovery, Bitmain has addressed the concern.
The security firm, Wordfence, also confirmed that hackers have targeted WordPress for websites that contained SSH private keys. This report emphasized the huge failure of site administrators worldwide to implement proper SSH security measures.