Supercomputers across Europe hacked for cryptomining

'Every endpoint, device, network segment, infrastructure, and information is a resource that some criminal somewhere will find useful for personal gain.'
19 May 2020

The ATOS supercomputer Joliot-Curie at the CEA ‘Atomic Energy Commission’ in 2019. Source: AFP

  • Cyptomining attacks have taken place on supercomputer systems across European academic organizations
  • Some of those high-performance systems were tasked on finding vaccines for COVID-19 and pandemic modelling 
  • The attacks raise questions over the cybersecurity practices of higher education institutions where such systems are housed

Cryptojacking – where a computer system is hacked to mine cryptocurrency – remains rampant, but it’s usually reserved for run-of-mill PCs, often in networked clusters where security may be easier to compromise, such as internet cafes.

That said, attackers are ready to target whatever devices and computing power is available to build crypto-mining farms, whether it’s smart devices, home assistants – or even some of the world’s largest supercomputers. 

Originally reported by ZDNet, multiple supercomputers across Europe were this week infected with cryptocurrency mining malware, and subsequently forced to shut down while researchers investigated the intrusions. 

That caused interruptions to the programming of high-performance tasks which included the search for a COVID-19 vaccine. 

Incidents were reported in multiple supercomputer systems in Germany, UK and Switzerland, and potentially also in Spain. Hackers gained entry via stolen Secure Shell (SSH) remote access credentials from those who were authorized to operate the machines. 

Chris Doman, co-founder of Cado Security, told ZDNet that the malware was designed to use the supercomputers’ processing power to mine Monero. 

The first report of an attack came on May 11 from the University of Edinburgh, which reported a “security exploitation” on its ARCHER supercomputer, disabling access to authorized users. The system – which had recently installed a pandemic modelling tool – was shut down to investigate and SSH passwords were reset. 

Other reports quickly followed, with five supercomputer systems owned by German research group bwHPC faced by similar incidents. 

Staff in Edinburgh said they were working with the National Cyber Security Centre (NSCC) to restore the system. The NSCC said it believed the multiple attacks to be “a major issue across the academic community as several computers have been compromised in the UK and elsewhere in Europe.”

Jamie Akhtar, CEO and co-founder of CyberSmart said the spate of attacks highlighted the “very serious concern” of cybersecurity in institutes of higher education where these supercomputers tend to be housed, and where a lot of high-performance research is taking place. 

“Universities are home to some of the most advanced research projects in the world across many disciplines- including computer science- but they are also notoriously vulnerable to attack if they are connected to the wider university network,” Akhtar said. 

Akhtar noted that last year, the Higher Education Policy Institute commissioned a study to test the reliability of UK university security systems. Of 50 institutions, they had a 100 percent success rate in breaking into their systems within two hours to access student and employee information, institutional records, and research data.

Commenting, Javvad Malik, Security Awareness Advocate at KnowBe4, said: “The digital and connected nature of today’s world means that every endpoint, device, network segment, infrastructure, and information is a resource that some criminal somewhere will find useful for personal gain.

“Therefore, all organisations of all sizes, and across all industries need to take steps to secure digital assets, and raise awareness of security amongst staff so that they can make better security risk-decisions in their day to day lives.”