viernes, 3 julio 2020
Visitas totales a la web: 85853678

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Supercomputers hacked across Europe to mine cryptocurrency

Catalin Cimpanu

Confirmed infections have been reported in the UK, Germany, and Switzerland. Another suspected infection was reported in Spain.

Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions.

Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.

The first report of an attack came to light on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported “security exploitation on the ARCHER login nodes,” shut down the ARCHER system to investigate, and reset SSH passwords to prevent further intrusions.

The bwHPC, the organization that coordinates research projects across supercomputers in the state of Baden-Württemberg, Germany, also announced on Monday that five of its high-performance computing clusters had to be shut down due to similar “security incidents.” This included:

  • The Hawk supercomputer at the High-Performance Computing Center Stuttgart (HLRS) at the University of Stuttgart
  • The bwUniCluster 2.0 and ForHLR II clusters at the Karlsruhe Institute of Technology (KIT)
  • The bwForCluster JUSTUS chemistry and quantum science supercomputer at the Ulm University
  • The bwForCluster BinAC bioinformatics supercomputer at the Tübingen University

Reports continued on Wednesday when security researcher Felix von Leitner claimed in a blog post that a supercomputer housed in Barcelona, Spain, was also impacted by a security issue and had been shut down as a result.

More incidents surfaced the next day, on Thursday. The first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.

The LRZ announcement was followed later in the day by another from the Julich Research Center in the town of Julich, Germany. Officials said they had to shut down the JURECA, JUDAC, and JUWELS supercomputers following an “IT security incident.” And so has the Technical University in Dresden, which announced they had to shut down their Taurus supercomputer as well.

New incidents also came to light today, on Saturday. German scientist Robert Helling published an analysis on the malware that infected a high-performance computing cluster at the Faculty of Physics at the Ludwig-Maximilians University in Munich, Germany.

The Swiss Center of Scientific Computations (CSCS) in Zurich, Switzerland also shut down external access to its supercomputer infrastructure following a “cyber-incident” and “until having restored a safe environment.”

Attackers gained  access via compromise SSH logins

None of the organizations above published any details about the intrusions. However, earlier today, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI), a pan-European organization that coordinates research on supercomputers across Europe, has released malware samples and network compromise indicators from some of these incidents.

The malware samples were reviewed earlier today by Cado Security, a UK-based cyber-security firm. The company said the attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials.

The credentials appear to have been stolen from university members given access to the supercomputers to run computing jobs. The hijacked SSH logins belonged to universities in Canada, China, and Poland.

Chris Doman, Co-Founder of Cado Security, told ZDNet today that while there is no official evidence to confirm that all the intrusions have been carried out by the same group, evidence like similar malware file names and network indicators suggests this might be the same threat actor.

According to Doman’s analysis, once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.

Making matters worse, many of the organizations that had supercomputers go down this week had announced in previous weeks that they were prioritizing research on the COVID-19 outbreak, which has now most likely been hampered as a result of the intrusion and subsequent downtime.

Not the first incident of its kind

These incidents aren’t the first time that crypto-mining malware has been installed on a supercomputer. However, this marks the first time when hackers did this. In previous incidents, it was usually an employee who installed the cryptocurrency miner, for their own personal gain.

For example, in February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency’s supercomputer to mine cryptocurrency.

A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used the agency’s supercomputer to mine cryptocurrency.

FuenteZDNet
Fecha de publicaciónmayo 16, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

UME, para servir

Uno se pregunta, al ver las estadísticas de bajas, por qué no funcionarán los gobernantes con la misma prontitud y eficacia que los militares. Circula un video en el que un general, a pesar de la mascarilla, explica claramente el funcionamiento de las Unidades militares; una perfecta organización en la que un estado mayor planea y dirige las operaciones en curso, mientras otro va programando las operaciones futuras. Todo un engranaje funcionando con eficacia, en silencio y sin alardes, donde cada elemento sabe lo que tiene que hacer y cómo hacerlo, sacando el máximo rendimiento de sus escasos medios, y a pesar de lo imprevisto y desconocido de un enemigo que dio la cara cuando ya estaba dentro.

La increíble historia de los 5 amigos que han traído a España los robots antiCovid-19

Cinco amigos empezaron a pensar el 13 de marzo qué podían hacer para combatir al coronavirus, y...

Últimas noticias

La seguridad y la salud como materia de enseñanza en la educacion infantil. Guía para el profesorado. Año 2013

La Estrategia Española de la Seguridad y Salud en el Trabajo (2007-2012). (pdf, 412 Kbytes) abordaba, en su Objetivo 6...

Retos 2020

Retos 2020 (Javier Candau, Jefe Departamento Ciberseguridad, CCN) - YouTube ' . /* Most common used flex styles*/ /* Basic flexbox reverse...

“Sanidad quería que quitásemos las mascarillas a los policías”

Después de 36 años de servicio a la Policía, de imprevisto, fue cesado el pasado 13 de marzo, sin explicaciones claras y...

El análisis de riesgos en la ciberseguridad

La calidad de las grandes decisiones sobre la ciberseguridad que tienen que ver con las medidas que se toman frente a los...

¿Qué ventajas aporta a la empresa la implantación de la ISO 45001?

¿Qué ventajas aporta a la empresa la implantación de la ISO 45001? Aunque queramos parar el reloj, el tiempo avanza y la...