Attackers Exploit Decentralized CDN for Crypto Rewards

Security researchers have exposed a crafty attack campaign manipulating a decentralized content delivery network (CDN) to reap quick profits ahead of an upcoming cryptocurrency release. The attackers compromised cloud accounts and hijacked resources on a massive scale.

The Target: Meson Network

Image: Sysdig Threat Research Team

The Meson Network is an enticing new player in the Web3 arena. This blockchain-based project aims to replace traditional cloud storage giants like Google Drive and Amazon S3, touting lower costs, greater decentralization, and user privacy. It does this by incentivizing users to share their bandwidth and storage space. The Sysdig Threat Research Team (TRT) unveiled a meticulously planned assault that attempted to hijack 6,000 Meson Network nodes using a compromised cloud account, signaling a new era of cyber threats powered by blockchain.

How the Attack Unfolded

• The Foothold: The infiltration was orchestrated through a sophisticated exploitation of CVE-2021-3129 in a Laravel application and a misconfiguration in WordPress. These initial breaches enabled the attacker to deploy automated reconnaissance, swiftly mapping out the digital terrain of the compromised cloud account. What followed was a rapid deployment of EC2 instances, executed through commands that mirrored instructions from the official Meson network documentation.
• Rapid Recon: Using automation, attackers instantly scanned the environment and identified available privileges.
• Massive Resource Grab: Abusing those privileges, they spawned almost 6,000 micro-instances across multiple cloud regions.
• The Meson Play: Each instance downloaded and executed the Meson CDN software, effectively joining the Meson Network as a node.

The Payoff (For the Hackers)

Meson rewards contributors with Meson Network Tokens (MSN). The more bandwidth and storage you provide, the greater your potential rewards. While exact profit is hard to estimate because MSN hasn’t been publicly traded yet, the sheer scale of the attack signals the attackers’ belief in its earning potential.

The Cost (For the Victim)

• Huge Bills: The financial ramifications of this attack are staggering, with the compromised account incurring an estimated cost of over $2,000 per day due to the unauthorized creation of Meson network nodes. This figure balloons further when considering the potential costs associated with public IP addresses, potentially reaching $22,000 a month for 6,000 nodes. This incident underscores the sophisticated economic strategies underpinning modern cyber attacks, where the exploitation of technological infrastructures can lead to significant financial burdens for victims.
• Victimized Reputation: The flood of seemingly legitimate Meson traffic from compromised accounts hurts the reputation of the cloud account owner.

Beyond Cryptomining – A New Threat

The Meson Network represents a leap towards realizing the vision of Web3, a decentralized internet where blockchain, cryptocurrencies, and NFTs democratize digital ownership and governance. By facilitating an efficient bandwidth marketplace, the Meson Network challenges traditional cloud storage solutions, offering a glimpse into a future where decentralization and privacy reign supreme.

This attack, however, highlights the double-edged sword of innovation. While the Meson Network offers promising avenues for bandwidth and storage optimization, it also presents lucrative opportunities for cybercriminals. The exploitation did not follow the conventional path of cryptojacking, which primarily drains CPU resources. Instead, the attacker sought to harness storage space and bandwidth, capitalizing on the Meson Network’s unique rewards system.

As blockchain technologies like the Meson Network gain traction, so too do the strategies of cyber adversaries. This incident reveals a pivot from traditional cryptomining attacks to more nuanced strategies that exploit the specific resources valued within the blockchain ecosystem. The Sysdig TRT’s findings indicate a growing interest in services that prioritize storage and bandwidth over computational power, presenting a new frontier for cyber defense strategies.