WebLogic Vulnerability Still Allows Hackers to Mine Cryptocurrency

Cryptomining Marketplace NiceHash Targeted By Hackers This Week

Hackers are still taking advantage of a known WebLogic vulnerability to mine cryptocurrency from unpatched systems. Hackers are reportedly launching attacks from all around the world, with hundreds of devices having already been affected.

A known issue with Oracle’s WebLogic servers is still causing headaches for many users worldwide. The vulnerability known as CVE-2017-10271 was partially fixed by Oracle a few months, however, that didn’t stop hackers from continuing to exploit it according to a new report by the SANS Technology Institute. As its often the case nowadays, hackers took advantage of the vulnerability to set up miners and mine cryptocurrency. In this case, Monero. While Oracle’s patch did solve the issue for most users, it was discovered that unpatched devices are still very much susceptible to a potential attack.

According to the SANS Technology Institute’s Johannes B Ullrich, the number of attacks has increased since December when Chinese security expert Lian Zhang made the vulnerability widely known. While Zhang’s intent was to warn users of Oracle WebLogic vulnerabilities, Ullrich believes that the report could have also led several hackers to take advantage of the information provided and use it for their own gain. Hijackers are reportedly able to kill existing miners using this exploit, including legitimate ones, and replace them with their own.

While the hackers seem to mostly go for Monero, this wasn’t the only cryptocurrency that was being mined from affected systems. One user reportedly earned around $6,000 in AEON, a more recent and less known currency. The currency of choice for a lot of the hackers, however, was indeed the increasingly popular Monero. Security experts revealed that one hacker managed to mine as many as 611 Monero coins so far from WebLogic and PeopleSoft servers. At current conversion rates, that comes in at more than $240,000 or almost £180,000. At the time of this writing, unpatched systems are still vulnerable to attack so it’s possible for that sum to grow even larger.

Researchers believe that about 722 WebLogic and PeopleSoft systems have been affected so far and that figure may yet continue to grow. Experts also discovered that the attacks are coming from a number of countries around the world, which lead them to believe that this is not a targeted attack. Rather, hackers are apparently taking advantage of the situation and hitting whichever servers they find to be vulnerable, with cloud services being their targets of choice.

Interestingly enough, it seems like the hackers weren’t afraid to attack large cloud service providers such as Oracle Cloud, Google Cloud, Microsoft Azure and Amazon Web Services, among others. According to Ullrich, it’s not surprising that hackers are targeting these major companies as many of them are transferring more and more of their important data to the cloud. While this move does have its advantages, Ullrich notes that this also makes them a lot more vulnerable to hacking attempts and secret cryptocurrency mining.