European supercomputers fall victim to crypto-mining hacks
Cyber criminals have targeted various supercomputers in Europe over the past few days. They used crypto-mining hacks to gain access to the giant computers. Fast mining with stolen computing power may not be the actual motive.
Crypto mining hacks are nothing new: back in 2018, cyber criminals attempted to gain access to supercomputers and their computing power via Flash updates in order to obtain external power for mining cryptocurrencies. However, last week's attacks attracted the attention of security researchers and cyber experts. In the attacks on the Scottish supercomputer ARCHER, on five clusters of mainframe computers in Baden-Württemberg and on a cluster at Munich's Ludwig Maximilian University, malware was infiltrated. The number of unauthorised accesses and the short period of time between them are unusual in themselves. But what raises the really big questions is the motive behind the offence: Was it to mine cryptos with other people's computers? Or did the thieves want the data from ongoing COVID-19 research?
Who is behind this?
Cado Security, a specialist in cyber security and digital forensics, has discovered that the attacks via secure shell logins originated from university accounts. The stolen logins originate from universities in Canada, China and Poland. The malware used in the hacks had identical file names, the same vulnerability and similar technical indicators. For this reason, the experts at Cado Security assume that all attacks were carried out by the same attacker. However, no evidence of this has yet been found.
Similar attacks were recently registered in Switzerland and Spain. Investigators found the same approach and the same malware. According to security researcher Felix von Leitner, a supercomputer in Barcelona and the Swiss National Supercomputing Centre in Lugano were attacked. All affected supercomputers or clusters have been shut down as a precautionary measure for further investigations. Although attacks of this kind are not new, this is the first time that cyber criminals could be behind them. Previous cases have always involved employees who had access to the resources of the supercomputers and misused them for personal purposes.
What are the intentions?
It is not only unclear whether this was actually an orchestrated attack on all targets, but also with what intentions the perpetrators may have acted. The "why" concerns those involved far more than the "who". On the one hand, it could have been criminals who wanted to make a personal profit from the operation. After all, with the gigantic computing power of supercomputers, mining cryptocurrencies is much faster than with conventional PCs. However, Cado Security suspects another, worrying motive: the cyber experts find it suspicious that the attacks took place at precisely the time when many companies were making the power of their supercomputers available for the fight against COVID-19. Did the attackers want to access the coronavirus research data or even sabotage it? Regardless of the motivation, the timing is extremely unfavourable and therefore extremely suspicious.
None of the organisations mentioned have yet published any revealing details about the attacks. The Computer Security Incident Response Team of the European Grid Infrastructure - an organisation that conducts research into European supercomputers - has published some examples of the malware used and initial indications of the network attacks. However, it is not yet possible to draw any definitive conclusions about the perpetrators or their motivation. According to Chris Doman, a co-founder of Cado Security, the cyber criminals first gained access to the supercomputers via the node, where they created a known vulnerability and then installed an app that mines Monero, a cryptocurrency.
Much is unclear and still very vague. But one thing is certain: these attacks will be a talking point for a long time to come. Be it crypto traders, cyber experts or conspiracy theorists: until the possible motive behind the attacks is found, one crazy scenario will follow the next. What do you think? Was someone trying to enrich themselves on a grand scale and secretly mine cryptos using other people's computing power? Or, in times of COVID-19 and the redistribution of computing power from supercomputers, is there something bigger behind it?
When I'm not stuffing my face with sweets, you'll catch me running around in the gym hall. I’m a passionate floorball player and coach. On rainy days, I tinker with my homebuilt PCs, robots or other gadgets. Music is always my trusted companion. I also enjoy tackling hilly terrain on my road bike and criss-crossing the country on my cross-country skis.