A newly identified malware, dubbed PG_MEM, is compromising PostgreSQL databases by exploiting weak passwords to install cryptocurrency mining software. According to Aqua, a cloud-native cybersecurity firm, this malware could potentially affect any of the over 800,000 PostgreSQL-managed databases worldwide if they are not adequately secured.
The PG_MEM malware initiates its attack through a brute-force method to decipher weak passwords of PostgreSQL databases—an open-source object-relational database management system widely used for internet-connected databases. Once access is gained, the malware sets up a new user with elevated privileges and downloads necessary files to initiate crypto mining operations. It also cleverly covers its tracks and blocks other potential attackers from accessing the compromised database’s computing power.
The United States and Poland are notably affected, hosting nearly 300,000 and over 100,000 PostgreSQL databases, respectively. The widespread issue of weak passwords, often resulting from configuration errors or inadequate identity controls, exposes numerous organizations to this threat. This vulnerability underscores a critical oversight in cybersecurity practices within many large and potentially smaller organizations.
Mechanics of Cryptojacking
Once active, PG_MEM connects the compromised database to a mining pool, leveraging the collective computing power of multiple infected hosts to enhance the probability of mining new cryptocurrency blocks. This practice, known as cryptojacking, is becoming increasingly common and represents a significant threat not only to organizational operations but also to individual users whose personal computers may be targeted.
Cryptojacking incidents have seen a dramatic increase, with attacks rising by 400% in the first half of 2023 alone, as reported by Cointelegraph. This surge highlights the growing allure of cryptocurrencies for cybercriminals who exploit unsecured or poorly secured systems to generate income through illicit mining operations.
Alternative Uses of Unused Computing Capacity
While malware exploits unused computing capacity for nefarious purposes, legitimate uses of this capacity are also prevalent. Companies like Aethir provide decentralized cloud infrastructure services, utilizing underused resources from tier 3 and tier 4 data centers. This GPU-as-a-service model offers cost-effective, scalable computing solutions, contrasting sharply with the unauthorized use of resources by malware such as PG_MEM.
The emergence of PG_MEM as a significant threat to PostgreSQL databases globally calls for heightened cybersecurity measures, particularly focusing on stronger password protocols and identity verification processes. Organizations are advised to review and strengthen their database security to prevent unauthorized access and potential exploitation.
The PG_MEM malware represents a growing trend in cyber threats where attackers exploit weak security practices to install crypto mining software. As organizations increasingly connect their databases to the internet, the need for robust cybersecurity measures has never been more critical. Addressing these vulnerabilities can help mitigate the risk of cryptojacking and safeguard valuable computing resources.