LA Times AWS Server Cryptojacked
In what is starting to become a regular occurrence these days, the LA Times suffered from a cryptojacking attack due to an unsecured AWS server.
A poorly fortified S3 bucket, what else?
Researchers at the Bad Packet Repot noticed a week or so back, revealing that The Homicide Report offered by the LA Times was running a Coinhive Monero miner. This, in case you’re unaware, is an interactive map of city murders offered by the newspaper.
The threat has been present since February 9 actually, with the mining throttled to run at a CPU level of under 30% in the hopes that it would go on undiscovered longer.
Speaking of discoveries, someone even left a message after they found open access:
“Hello, this is a friendly warning that your Amazon AWS S3 bucket settings are wrong. Anyone can write to this bucket. Please fix this before a bad guy finds it.”
Ironically, what led the researchers to the its presence was not what was happening on the website, but the AWS S3 bucket itself, which was left in an unsecured state with public write permissions turned on.
Good grief!
Both the bucket and the website were eventually cleaned by LA Times after they received the bad news from the researchers. But not before it was allegedly used to earn the attackers the grand sum of $24 from the time the miner was hiding on the LA Times website — or a single page, rather.
Goes to show just how simple compromising a large organization can be these days.
Unnoticed, at that.
More AWS Articles
Unprotected AWS Bucket Exposes 50 GB Financial Data
AWS Makes Its S3 Status Checking Tool Available For Free
BuckHacker Tool Helps You Find Unsecure AWS Buckets
Open AWS S3 Bucket Exposes 123 Million US Households
Massive US Pentagon Data Left Exposed On AWS S3
Lacework Can Now Identify Leaky S3 Buckets
Accenture Exposes Private Client Information On AWS
Verizon Too With A Leaky AWS S3 Bucket
0 comments