Blogging Platform Ghost Fights Off Crypto-Mining Malware Attack

  • It took around 24 hours to completely clean servers from the malware.
  • The firm is now working on rebuilding its entire network, and on cycling all sessions, passwords and keys as a precautionary measure.

Blogging platform Ghost had a rough 24 hours as a hacking group exploited a vulnerability in their Salt-based server to plant a crypto mining malware.

According to the platform’s status page, the attack was noticed on 3 May, around 1:30 a.m. UTC, when their development team started “investigating the cause of an outage”. The team was not only able to identify the issue within hours, but also remove the mining malware from Ghost’s servers, and added new firewall configurations.

The incident report reads:

“Our investigation indicates that a critical vulnerability in our server management infrastructure (Saltstack, CVE-2020-11651 CVE-2020-11652) was used in an attempt to mine cryptocurrency on our servers. The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately.”

The blogging platform was also quick in reassuring its users that no credit card information was stolen, and that they do not store credentials in plain text. With all traces of the crypto-mining virus gone, the team is now working hard on cleaning and rebuilding the entire network, and is also cycling all sessions, passwords and keys as a precautionary measure. The firm has also said it will publish a post-mortem of the incident later this week.

Developed by SaltStack, Salt is an open-source framework which manages and automates parts of a company’s servers. The company actually warned its clients a couple of weeks back that there was a “critical vulnerability” in their latest version of Salt, which could allow a “remote user to access some methods without authentication”. On 23 April the company also released a software update which fixed the flaw.

Crypto-mining malware attacks are actually more common than people believe them to be. According to a report from cybersecurity expert group Guardicore Labs, published last year, over 50,000 company servers worldwide had been infected with a malware, which had the servers mine a privacy-focused cryptocurrency called Turtlecoin (TRTL).

Discussion
Related Coverage
Sam Bankman-Fried Found Guilty on All Charges
  • The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
  • Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
November 3, 2023, 8:54 AM
sbf

Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock

DoJ Requests SBF’s Expert Witnesses be Barred From Testifying
  • The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
  • The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.
U.S. Prosecutors File Fraud Charges Against Do Kwon
  • Do Kwon was charged with conspiracy to defraud, commodities fraud, securities fraud, wire fraud, and conspiracy to engage in market manipulation.
  • A spokesperson for the Manhattan U.S. attorney’s office, which brought the charges against Do Kwon, said the Department of Justice (DoJ) will seek his extradition.