Numerous threat actors are reportedly fighting over access to limited cloud computing power that they can use for cryptocurrency mining activities.
A Trend Micro report describing, “A floating battlefield navigating the cloud-based cryptocurrency mining landscape,” states that there is an “hour by hour” battle between multiple groups over who can use cryptocurrencies. committed. cloud servers as miners.
“Just a few hours of compromise could make money for the perpetrators. That’s why we’re seeing an ongoing fight for CPU resources in the cloud. It’s similar to capturing the flag in real life, with the cloud infrastructure of the victim as a battlefield,” said Stephen Hilt, senior threat researcher at Trend Micro.
“Threats like this need joint platform-based security to ensure criminals have nowhere to hide. The right platform will help teams map their attack surface, assess risk, and order the right protection without adding excessive overhead.” .
Cloud computing power is excessive, but not all of it is available to cybercriminals. Trend Micro says that groups can only exploit exposed instances, which typically have outdated cloud software, poor cloud security hygiene, or are run by people with inadequate knowledge of how to protect services.
Brute-force SecureShell (SSH) credentials are also sometimes used, the researchers added.
Cloud computing has proven to be critical to the survival of many businesses during the pandemic. But some have been left online longer than necessary, the report states, meaning they are now unpatched and misconfigured.
Compromised systems will not only slow down key user-facing services for targeted organizations, but can also increase their operating costs by up to 600%. After all, a cryptocurrency miner needs significant computing resources, as well as electricity and a stable internet connection.
Trend Micro also says that some pools use miners as “side work,” to earn a few extra bucks while they wait for a customer willing to buy access to compromised endpoints.
To stay secure, the researchers advise companies to always keep their systems up-to-date, run only required services, implement firewallsIDS/IPS and cloud endpoint security solutions to eliminate misconfigurations, monitor traffic to and from cloud instances, and implement rules that monitor open ports, DNS routing changes, and server utilization. CPU resources from a cost perspective.