Hackers ramp up attacks on mining rigs



[ad_1]

Hackers have set off in motion to massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment, ZDNet has learned today.

The mass-scan campaign has been raging for at least a week, since December 3, Troy Mursch, co-founder of Bad Packets LLC told ZDNet.

Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many ethereal wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information.

In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces. Furthermore, this JSON-RPC interface, when enabled, also does not come with a password in the default configurations and relies on users setting one.

If the Ethereum wallet or equipment has been left exposed on the Internet,

However, the problem with port is 8545 is not new. Back in August 2015, the Ethereum team sent a security advisory to the Ethereum about the dangers of using the mining equipment and the Ethereum software that exposes this API or using a firewall to filter incoming traffic for port 8545.

Many mining vendors and wallet app makers have taken precautions to limit port 8545 exposure, or have removed the JSON-RPC interface altogether. Unfortunately, this was not an industry-concerted effort, and many devices are still exposed online.

But despite warnings from the Ethereum team, many users have failed to check.

While he was not a big hassle, he became a member of the Ethereum clients. Massive scans targeting port 8545 have been reported in November 2017, January 2018, May 2018, and June 2018.

Chinese cyber-security firm Qihoo 360 Netlab said that one particular group behind these scans stole Ethereum worth over $ 20 million, at June 2018's exchange rate.

The problem was that of having one thing in common, and reaching the number of shares in those periods, reaching a whopping $ 1,377 in January 2018.

This issue has not been filled in since the beginning of the month.

"Despite the price of cryptocurrency crashing into the gutter, even if it's pennies a day," Mursch told ZDNet in an interview earlier today.

According to a chart Mursch shared with ZDNet, the scan activity tripled, when compared to last month.

bad-packets-scans.png

Image: Troy Mursch

The same tripling of scan activity can also be seen in a public chart based on the honeypot ISC SANS project and another chart shared by ZeroBS, a German data security company.

isc-sans-scans.png "data-original =" https://zdnet4.cbsistatic.com/hub/i/2018/12/10/efbda6d6-e3ae-4be6-b0d5-fccb8ee1471d/c623d12201bb3aec2aa0c585a6101d5f/isc-sans-scans .png

Source: Screengrab from ISC SANS website

zerobs-scans.jpg "data-original =" https://zdnet3.cbsistatic.com/hub/i/2018/12/10/179d3304-b907-4313-a98e-6a4c2255616b/5feca53d188f78001a73f85be4d24f78/zerobs-scans.jpg

Image: ZeroBS

A quick Shodan search shows that nearly 4,700 devices –most of which are Geth mining equipment and Parity wallets – are currently exposing their 8545 port.

Furthermore, there are also free tools available for exploiting and automating scans and attacks on Ethereum clients via port 8545.

The ethereal exchange rate might be down, but that does not mean the cryptocurrency is worthless. Users should take this article as a warning to their mining equipment or wallet's configurations before they find they've been robbed overnight.

More security news:

[ad_2]
Source link