Hackers break into PostgreSQL servers to mine cryptocurrency
By ForGeeks Hundreds of companies around the world are facing a massive cyberattack, with hackers breaking into poorly secured PostgreSQL servers to use their power to mine cryptocurrency. According to Wiz Threat Research, attackers have already taken over 1,500 systems, deploying a modified version of the XMRig-C3 miner.
According to experts at Wiz Threat Research, the attackers have already taken over 1,500 systems, deploying a modified version of the XMRig-C3 miner on them.
Simple attack scheme
A group of hackers known as JINX-0126 scans the network looking for PostgreSQL servers that are misconfigured. If the administrator password is weak (such as “admin” or “12345”), attackers can easily infiltrate the system. Once compromised, they download the XMRig-C3 program, a popular tool for mining Monero. This cryptocurrency was chosen for a reason: it is almost untraceable, unlike Bitcoin. The resources of hijacked systems are almost entirely spent on block generation, which leads to a sharp increase in electricity bills and service freezes. Hackers convert the Monero they earn into regular money or invest it in new attacks.
Why are attacks hard to detect?
The scheme was first spotted by Aqua Security, but hackers have since refined the methods. Now the miner works without saving files to disk – this helps avoid detection. Each compromised server gets a unique identifier in the mining system, which makes it easy for hackers to count the number of victims. According to Wiz, 90% of companies self-manage PostgreSQL servers, and a third of them mistakenly access the databases over the Internet, making such systems easy prey.
