A malignant campaign has been observed that the blockchain-based Meson service for illegal profits use prior to the crypto-token unlocking planned before March 15.
The campaign, discovered by the Syig Threat Research Team (TRT), saw an attacker quickly make 6000 Meson network nodes using a compromised cloud account, which sets out alarms for multiple AWS users who are associated with exposed services within the infrastructure of Sysdig.
The attacker Modus Operandi Involved in the operation of CVE-2021-3129 in a laveral application and wrong configurations in WordPress to get initial access to the cloud account.
They then used automated exploration techniques to identify and exploit the privileges of compromised users, whereby many EC2 authorities are deported in several regions. The malignant activity culminated in the implementation of the Meson_CDN Binary, resulting in considerable costs for the accound entrepreneur.
“As a result of the attack, we estimate a cost of more than $ 2,000 a day for all Meson network nodes, even with the help of micro sizes. This does not count the potential costs for public IP addresses, which can run up to $ 22,000 a month for 6,000 nodes,” Sysig wrote in a advice published on Monday.
Interestingly, the Meson application, in contrast to traditional crypto-jacking incidents that are characterized by high CPU and memory use, showed a relatively low consumption of resources. The deviation is due to the inner operation of the Meson Network, a blockchain project that strives to set up an efficient bandwidthemmarkt on web3.
Read more about Web3 Cyber Security: Cyber attacks escape $ 1.84 billion from Web3 in 2023
In the context of Meson, miners are rewarded with Meson tokens based on bandwidth and storage contributions to the network, which emphasizes the shift in attacker priorities to resource-intensive activities instead of CPU-oriented cryptomining.
“For Meson, the attacker is more interested in storage space and high bandwidth instead of high-performance CPUs. This can be achieved with a large number of small authorities, but with a good amount of storage,” is the advice.
According to Sysd, the rise of the Meson network in the blockchain domain, in particular post-initial coins offers (ICO), indicates a new limit for attackers who want to operate storage space and high bandwidth for financial profit.
“To prevent your resources from being packed in one of these attacks and thousands of dollars for consumption of resources, it is crucial to keep your software up-to-date and to check your environments for suspicious activities,” concludes the technical description.