A hacker managed to get away with over $600,000 in cryptocurrency in just two months after exploiting unpatched vulnerabilities in Synology NAS boxes to mine Dogecoins, security researchers have claimed.
Users of Synology’s Network Attached Storage (NAS) boxes noticed they were performing slower than usual as far back as February, according to Dell SecureWorks analyst Peter Litke.
Internet Storm Center stats from February to May confirmed “a sharp rise in scanning traffic to port 5000”, which is the port used by the products.
After an investigation, it was discovered that malware had been downloaded to the affected NAS boxes and stored in a folder named “PWNED”.
“Synology NAS boxes are sought after for their simplicity in setup and usage. As a result, they have a large customer base, especially with home users,” explained Litke in a blog post.
“The DSM (DiskStation Manager), a custom Linux- based operating system designed for use on their products, had four unique vulnerabilities that allowed an attacker to breach the system and gain administrative privilege.”
Although Taiwan-based manufacturer Synology had issued a patch for the vulnerabilities in February this year, a large number remained open to infection by the malware – detected as CPUMiner and compiled specifically for the platform.
SecureWorks investigated further and found the hacker had used this malware to mine 500 million Dogecoins – a cryptocurrency similar to Bitcoin – with a value of $620,496, mainly over January and February.
Litke branded this incident “the single most profitable, illegitimate mining operation” to date and warned that cryptocurrencies would become an increasingly sought-after target as their popularity rockets.
As for the identity of the hacker, attribution has been typically problematic, but having looked at his BitBucket page and other info, SecureWorks strongly believes he is of German descent.