The Sysdig Threat Research Team (TRT) recently discovered a malicious campaign exploiting the blockchain-based Meson service for illicit gains.
Description
The attacker attempted to create 6000 Meson Network nodes using a compromised cloud account [1] [2], taking advantage of CVE-2021-3129 in a Laveral application and misconfigurations in WordPress for initial access [2]. This activity resulted in significant costs for the account owner [2], estimated at over $2,000 per day [2]. Unlike traditional crypto-jacking incidents [2], the Meson application exhibited low resource consumption due to its focus on storage space and high bandwidth [2]. The rise of the Meson network post-ICO presents a new frontier for attackers seeking financial gains through exploiting storage space and high bandwidth [2]. Meson Network is a decentralized content delivery network (CDN) operating in Web3 [1], utilizing blockchain technology to establish a bandwidth marketplace [1].
Conclusion
This incident highlights the importance of robust cybersecurity measures to protect against such malicious campaigns. Organizations should regularly update their software and configurations to prevent vulnerabilities from being exploited. The use of blockchain technology in services like Meson Network opens up new opportunities for attackers, making it crucial for security professionals to stay vigilant and adapt their defenses accordingly.
References
[1] https://allinfosecnews.com/item/cloud-threats-deploying-crypto-cdn-2024-03-11/
[2] https://www.infosecurity-magazine.com/news/cloud-attack-targets-crypto-cdn/
