A recent malicious campaign has been uncovered, targeting the blockchain-based Meson service in anticipation of the crypto token unlock scheduled for March 15. The Sysdig Threat Research Team (TRT) identified this campaign, which involved an attacker rapidly creating 6000 Meson Network nodes through a compromised cloud account. This activity raised alarms for multiple AWS users linked to exposed services within Sysdig’s infrastructure.
The attacker’s approach included exploiting CVE-2021-3129 in a Laveral application and misconfigurations in WordPress to gain initial access to the cloud account. Subsequently, they employed automated reconnaissance techniques to exploit compromised users’ privileges, resulting in the deployment of numerous EC2 instances across various regions. The culmination of this malicious activity was the execution of the meson_cdn binary, leading to substantial costs for the account owner.
Sysdig estimated the cost of this attack to exceed $2,000 per day for all the Meson network nodes created, even with just micro sizes. Additionally, potential costs for public IP addresses could reach up to $22,000 per month for 6,000 nodes. Unlike typical crypto-jacking incidents characterized by high CPU and memory usage, the Meson application demonstrated relatively low resource consumption due to the unique nature of the Meson Network.
In the Meson Network, miners receive Meson tokens based on their contributions to bandwidth and storage, showcasing a shift in attacker focus towards resource-intensive operations rather than CPU-centric cryptomining. The advisory from Sysdig emphasized the attacker’s interest in storage space and high bandwidth, achievable through a large number of small instances with substantial storage capacity.
With the increasing prominence of the Meson network in the blockchain sector, particularly post-initial coin offerings (ICO), attackers are exploring new avenues to exploit storage space and high bandwidth for financial gain. To safeguard resources from being entangled in such attacks and avoid substantial financial losses, it is crucial to maintain up-to-date software and monitor environments for any suspicious activity.
In conclusion, staying vigilant and proactive in maintaining cybersecurity measures is essential to mitigate the risks posed by malicious campaigns targeting blockchain-based services like Meson. By remaining informed and implementing robust security practices, individuals and organizations can safeguard their assets and prevent falling victim to costly attacks.