One of the affected Synology devices.
A hacker generated digital coins worth more than $620,000 by hijacking a popular type of Internet-connected storage device from Synology, security researchers said.
The incident, which was documented in a research report published Tuesday by Dell SecureWorks, is only the latest hack to steal other people’s computing resources to perform the computationally intense process of digital currency mining. The cryptographic operations behind the process often draw large amounts of power and produce lots of heat. People looking to acquire a large war chest of digital coins typically must pour large amounts of money and effort into the endeavor. One way malicious actors get by this requirement is by compromising large numbers of devices operated by other people. The devices then perform the work at the expense of the unsuspecting end users and pass on the proceeds to the attacker.
According to researchers from SecureWorks Counter Threat Unit, the attackers exploited four separate vulnerabilities contained in the software of Synology network-attached storage boxes. The vulnerabilities were documented in September and fixed in February by Synology. By then, large numbers of people began complaining their Synology devices were running sluggishly and extremely hot. It turns out that at least some of them were running software that mined large sums of the Dogecoin cryptocurrency.
Read 5 remaining paragraphs | Comments