Cyrptocurrency usage is expected to explode this year as individuals and organizations embrace multiple online legal tender types and the open-ledger technologies that support them. Somewhere between 2.9 million and 5.8 million people worldwide now maintain digital wallets filled with as many as 150 different varieties of cryptocurrency, according to research from the University of Cambridge. This number will surely rise over the next 11 months. Unfortunately, as the cryptocurrency movement matures, so do the numerous hacking tools cybercriminals can use to infiltrate web-based wallets and vaults. In fact, developing and deploying these online weapons in so-called cryptojacking schemes is reportedly the top objective among hackers in 2018, according to the data security firm Malwarebytes.
Interestingly, the nefarious code these external actors deploy relies entirely on faulty website architecture and unsuspecting internet users. This malware uses botnets to surreptitiously mine cryptocurrency via websites that users with robust digital assets visit, Trend Micro reported. In most cases, these programs are concealed in backdoor-heavy site infrastructure prone to neglect. While most web portals are vulnerable to these problematic assets, Java-based fixtures present particularly tough challenges for the internal information technology teams and external data security firms tasked with defending both businesses and users from attackers specializing in cryptojacking.
Morphus Labs Chief Research Officer Renato Marinho recently covered this issue in a report for the SANS Technology Institute, according to Ars Technica. Marinho's research revealed the existence of an international cryptojacking ring centered on multiple Java-driven programs from Oracle, which supports an estimated 430,000 customers in 175 countries and works with 25,000 partners across the globe to market and deploy its solutions.
Cryptojacking the world over
Marinho discovered that cybercriminals infiltrated PeopleSoft and WebLogic servers and implanted these data storage spaces with cryptojacking malware designed to illegally mine Monero coins, which are worth approximately $308 per specie, according to the World Coin Index. This initiative resulted in the loss of roughly 611 Monero coins valued at more than $250,000, Johannes Ullrich, dean of research at the SANS Technology Institute, learned in a series of follow-up impact studies.
How exactly did the individuals responsible for this scheme gain access to secure Oracle severs? A Java security vulnerability. This past September, Oracle published a patch to address a relatively obscure web application loophole. This posting brought attention to the vulnerability and led hackers to create exploitative software, which was used in December to install cryptojacking malware in PeopleSoft and WebLogic servers across the globe. These attacks were traced to multiple servers, meaning numerous hackers had used this attack methodology to mine cryptocurrency, banking on the fact that many internal IT departments would fail to implement the published patch in time.
"The victims are distributed worldwide," Ullrich told Ars Technica. "This isn't a targeted attack. Once the exploit was published, anybody with limited scripting skills was able to participate in taking down WebLogic and PeopleSoft servers."
Java security struggles continue
This scenario comes as no surprise to those familiar with the numerous security risks that accompany enterprise Java deployments. An estimated 88 percent of Java-based applications contain security vulnerabilities that leave them open to attacks of all kinds, according to research from Burlington, Massachusetts-based data security firm Veracode. This unfortunate state of affairs does not bode well for enterprises with extensive Java-driven IT infrastructure that wish to take advantage of cryptocurrency, as Marinho's recent research revealed.