Monday , 18 November 2024
Home Kripto Cryptocurrency Mining Malware Targets PostgreSQL Databases with Weak Passwords
Kripto

Cryptocurrency Mining Malware Targets PostgreSQL Databases with Weak Passwords

Cryptocurrency Mining Malware Targets PostgreSQL Databases with Weak Passwords

A newly identified malware, dubbed PG_MEM, is compromising PostgreSQL databases by exploiting weak passwords to install cryptocurrency mining software. According to Aqua, a cloud-native cybersecurity firm, this malware could potentially affect any of the over 800,000 PostgreSQL-managed databases worldwide if they are not adequately secured.

The PG_MEM malware initiates its attack through a brute-force method to decipher weak passwords of PostgreSQL databases—an open-source object-relational database management system widely used for internet-connected databases. Once access is gained, the malware sets up a new user with elevated privileges and downloads necessary files to initiate crypto mining operations. It also cleverly covers its tracks and blocks other potential attackers from accessing the compromised database’s computing power.

The United States and Poland are notably affected, hosting nearly 300,000 and over 100,000 PostgreSQL databases, respectively. The widespread issue of weak passwords, often resulting from configuration errors or inadequate identity controls, exposes numerous organizations to this threat. This vulnerability underscores a critical oversight in cybersecurity practices within many large and potentially smaller organizations.

Mechanics of Cryptojacking

Once active, PG_MEM connects the compromised database to a mining pool, leveraging the collective computing power of multiple infected hosts to enhance the probability of mining new cryptocurrency blocks. This practice, known as cryptojacking, is becoming increasingly common and represents a significant threat not only to organizational operations but also to individual users whose personal computers may be targeted.

Cryptojacking incidents have seen a dramatic increase, with attacks rising by 400% in the first half of 2023 alone, as reported by Cointelegraph. This surge highlights the growing allure of cryptocurrencies for cybercriminals who exploit unsecured or poorly secured systems to generate income through illicit mining operations.

Alternative Uses of Unused Computing Capacity

While malware exploits unused computing capacity for nefarious purposes, legitimate uses of this capacity are also prevalent. Companies like Aethir provide decentralized cloud infrastructure services, utilizing underused resources from tier 3 and tier 4 data centers. This GPU-as-a-service model offers cost-effective, scalable computing solutions, contrasting sharply with the unauthorized use of resources by malware such as PG_MEM.

The emergence of PG_MEM as a significant threat to PostgreSQL databases globally calls for heightened cybersecurity measures, particularly focusing on stronger password protocols and identity verification processes. Organizations are advised to review and strengthen their database security to prevent unauthorized access and potential exploitation.

The PG_MEM malware represents a growing trend in cyber threats where attackers exploit weak security practices to install crypto mining software. As organizations increasingly connect their databases to the internet, the need for robust cybersecurity measures has never been more critical. Addressing these vulnerabilities can help mitigate the risk of cryptojacking and safeguard valuable computing resources.

Related Articles

McDonald’s Partners with Doodles for Collector Cups and Digital Promotion
Kripto

McDonald’s Partners with Doodles for Collector Cups and Digital Promotion

McDonald‘s has announced its latest collaboration with Doodles, a media franchise that...

SEC Chair Gensler Reaffirms Crypto Stance Amid Threat of Trump Removal
Kripto

SEC Chair Gensler Reaffirms Crypto Stance Amid Threat of Trump Removal

Gary Gensler, the chair of the U.S. Securities and Exchange Commission (SEC),...

Sen. Warren Assumes Role as Leading Democrat on Key Senate Committee for Cryptocurrency Policy
Kripto

Sen. Warren Assumes Role as Leading Democrat on Key Senate Committee for Cryptocurrency Policy

Massachusetts Senator Elizabeth Warren, following her reelection victory over Republican challenger John...

Trump Nominates Pro-Bitcoin Matt Gaetz as U.S. Attorney General
Kripto

Trump Nominates Pro-Bitcoin Matt Gaetz as U.S. Attorney General

On November 13, President-elect Donald Trump announced the nomination of Representative Matt...