New Crypto Mining Attacks Discovered by Researchers

Points

• Researchers have discovered new crypto mining attacks exploiting Jenkins CI servers.
• Misconfigured Jenkins deployments are prime targets for cryptojackers.
• Attackers use the Groovy script console to deploy malicious scripts.
• The scripts kill off CPU-intensive processes and install crypto mining software.
• Unpatched versions of Jenkins are particularly vulnerable.

Researchers have uncovered new crypto mining attacks targeting Jenkins CI servers. These attacks exploit misconfigured deployments of Jenkins, an open-source continuous integration （CI） server popular among developers for its ability to streamline code integration across globally distributed teams.

Jenkins features a Groovy script console that allows administrators to run arbitrary scripts for troubleshooting and diagnostics. However, this feature can be weaponized by bad actors if the servers are misconfigured or unpatched. Unauthorized users cannot gain access to the script console, but misconfigured Jenkins deployments are prime targets for cryptojackers.

Cryptojackers deploy malicious scripts via the Groovy console. These scripts kill off all CPU-intensive processes and proceed to install crypto mining software, which hijacks server resources to mine cryptocurrencies without the owners’ consent. The exploitation of these vulnerabilities can lead to significant financial and operational damage.

解説

• Security Vulnerabilities: The discovery of these attacks highlights the critical importance of maintaining secure configurations and regularly updating software to protect against exploits.
• Impact of Cryptojacking: Cryptojacking not only steals computational resources but can also cause increased electricity costs, reduced performance, and potential hardware damage.
• Mitigation Strategies: To mitigate these risks, administrators should ensure Jenkins servers are properly configured and patched. Regular security audits and monitoring can help detect and prevent unauthorized access.
• Industry Implications: The rise in cryptojacking incidents underscores the need for heightened awareness and proactive security measures within the tech industry to safeguard infrastructure against evolving threats.