One of our 2018 sayings here in the SecureWorld newsroom is this: "It's all about the crypto."
And here comes example number 259—or something like that. And it's only February.
Illicit cryptominers will seemingly put code anywhere possible. In this case, it was an Los Angeles Times S3 bucket that tracked homicides around southern California. Graham Cluley has a good write-up on this one:
Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon AWS S3 bucket belonging to the LA Times had been left wide open, granting global write-access to anyone who fancied dropping their code on the server.
An unauthorised third party had taken advantage of the sloppy cloud security, and meddled with a Javascript file. In this way, Coinhive cryptomining code was added to an LA Times website called “The Homicide Report”, which lives at homicide.latimes.com.
And the hacker responsible tried an interesting strategy so visitors to this website noticed less of a performance hit. The hacker throttled the amount of crypto-mining that each visiting machine would do.
