Press Center

The spate of attacks against HPC systems in 2020 highlights a growing threat facing the financial services sector

Commonly hailed as the first supercomputer, the CDC 6600 engineered by Seymour Cray in 1964 trailblazed the monocomputer era of supercomputers. Monocomputers were powerful, single machines that used one or more processors and a single, shared memory. Cray’s supercomputers gripped the imagination of the public as the world’s fastest, demonstrating increasingly higher computational speeds throughout the next two and a half decades.

Then, in 1993, the multicomputer era of supercomputers was kicked off by the idea of connecting multiple, independent computers via ultra-speed links as a way to increase computational speeds dramatically. In order to provide a standard reference for comparing supercomputers, the TOP500 list was developed that pitted supercomputers against each other using the LINPACK benchmark – essentially, a system of mathematical problems to solve – and determined their ranking according to best performance.

In June 2020, the TOP500 list heralded a new fastest supercomputer in the world, Japan’s Fugaku, which surpasses the now second-fastest supercomputer, IBM’s Summit, by a factor of almost three.

Figure 1: Fugaku, the world's fastest supercomputer as of June 2020. Source: RIKEN.

While supercomputers bear a hefty price tag, one of the effects of the movement to cloud-based services has been a democratization of access to supercomputer power via the cloud. Various companies, including Amazon, Google, IBM, Microsoft, Oracle and Rackspace, offer access to high-performance computing (HPC) systems in the cloud, allowing businesses of all sizes to satisfy their “need for speed.”

Supercomputers keeping money safe and growing
While the applications for supercomputers are wide-ranging, perhaps one of the most crucial for protecting global and local economies is payment fraud detection. Nowadays, customers are often accustomed to the satisfaction of instantly processed and approved payments, but that also means that fraud can happen almost instantly, at least without the appropriate security controls in place.

So, to defend against fraud in real time, payment processing and fraud detection analysis need to happen equally fast. Achieving real-time speeds becomes a more challenging prospect, however, when heaps of transactions need to be processed per second. High demands like these can only be addressed by supercomputers with super-processing powers.

Accordingly, financial services companies like Mastercard and Visa invest heavily in the HPC game, leveraging the power of high-performance computers to run data mining, machine learning, and fraud detection technologies on thousands of financial transactions per second. Financial technology companies are also active in the payment fraud detection space, offering machine learning technologies that aim to bolster fraud detection systems.

In addition to protecting money, supercomputers can also be employed to discover new opportunities to grow money via trading platforms. Supercomputers can process high volumes of trading data by using algorithms, to drive automated and high-frequency trading. Such trading algorithms essentially work to pinpoint, with mathematical ferocity, the most attractive opportunities in the market for buying and selling.

The Breogan “supercomputer” – which looks more like a rack of servers – tracks currency exchange rates in order to discover small discrepancies in stock prices between different currencies and make automated, profitable trades. This is a practice known as arbitrage.

Cryptojacking supercomputer powers
While the super-processing power of supercomputers offers a new edge for financial growth, criminals who target financial institutions are just as “in the know” about the lucrative opportunities. Triggered by the birth of cryptocurrencies, starting with Bitcoin in 2009, a new economy emerged in which high-performance computing rigs for cryptomining could offer new value to cryptominers willing to trade their investments into computer hardware and operating costs for valuable cryptocurrency rewards. As long as the trade-off remains profitable, miners continue their activities.

In 2020, cryptojacking malware, which secretly hijacks computer resources for cryptomining, plagued supercomputers across Europe. In a flurry of attacks, multiple supercomputers were affected, including the UK’s National Supercomputing Service ARCHER, Baden-Württemberg High Performance Computing, the Leibniz Supercomputing Centre, the Jülich Supercomputing Centre, and the Swiss National Super Computing Centre.

The actors behind these attacks targeted supercomputers completely remotely – something that has happened for the first time – likely by stealing secure shell (SSH) login credentials in some cases. Previously, attacks against supercomputers normally involved insiders who would install the cryptomining malware on-site. Since it is not, apparently, an unusual practice for users from different HPC centers to have logins for other centers, pivoting to other HPC sites with these stolen credentials would be much easier for attackers.

Kobalos – sophisticated malware targeting supercomputers
In the latest saga of the HPC hacks sweeping Europe in 2020, ESET researchers discovered previously unknown malware they’ve named Kobalos and that targets Linux, FreeBSD and Solaris systems used at HPC centers across Europe, among other victims throughout the world. Just to get an idea of the kind of supercomputer power targeted by Kobalos, one of the victimized HPC machines boasts no less than 512 gigabytes of RAM and almost a petabyte of storage.

When deployed, Kobalos malware gives full access both to the file system of the compromised host and to a remote terminal that allows the attackers to run arbitrary commands. In addition, ESET researchers discovered that most systems compromised by Kobalos also have an SSH credential stealer – likely used to propagate Kobalos.

As Kobalos makes no apparent attempts to abuse the compromised HPC systems for cryptomining, nor to conduct any other computationally significant tasks, the jury is still out on the ultimate intentions of the threat actors. ESET security products detect Kobalos as Linux/Agent.IV.

Recommendations to protect supercomputers
What Kobalos and the other waves of attacks against supercomputers in 2020 revealed are the risks of using legacy computer systems and the security gaps introduced by poor authentication practices.

Here are some recommendations to defend against malware targeting HPC infrastructure:

1. Keep all systems patched to help protect against attackers exploiting vulnerabilities.
2. Set up a login policy that requires all users to use two-factor authentication to access HPC services, for example, an SSH private key, protected with a passphrase, in addition to the usual username and password.
3. Implement security tools that can provide detailed forensics data in the event of an attack.
4. Make sure you have a tried and tested incident response plan in place.

As supercomputer power offers a lot to lose or gain for money, whether via payment transactions, cryptomining or automated trading, securing its use will become an increasingly important part of building trust that money is safe.