Businesses Increasingly See Crypto Mining Attacks in Cloud Infrastructures

Published at: March 15, 2019

Cryptocurrency mining is reportedly one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, according to a report by AT&T Cybersecurity on March 14.

The cybersecurity wing of United States telecoms firm AT&T stated that organizations of all sizes continue to face major crypto mining attacks despite the ongoing bear market.

In the new report, AT&T examined the most significant forms of cryptojacking associated with mining attacks on organizations’ cloud infrastructure.

AT&T outlined four major cryptojacking tactics used by hackers such as compromising container management platforms, control panel exploitation, theft of application programming interfaces (APIs), as well as spreading malicious Docker images.

Container management is a major process deployed by enterprise systems, which includes all necessary components to run software, including files and libraries. AT&T researchers have found that crypto jackers were using unauthenticated management interfaces and opened APIs to compromise container management platforms for illicit cryptocurrency mining.

In this regard, AT&T cited an attack reported by security vendor RedLock, where an attacker compromised open-source container management system Kubernetes. The attackers used the compromised Kubernetes server in Amazon Web Services to mine Monero (XMR) and take over access to client data.

After providing a detailed description of hackers’ strategies to mine crypto through cloud structures, AT&T provided a number of recommendations for detecting mining attacks on cloud systems.

Recently, crypto mining service Coinhive announced its closure, as the platform has reportedly become economically inefficient. It reportedly had to shut down its services amidst a 50 percent decline in hash rate following the last Monero hard fork. The firm said its would halt operations on March 8, 2019, while users’ dashboards will be accessible until April 30, 2019.

Following the news, researchers from Canadian Concordia University reported that Coinhive script was placed on more than 30,000 websites, representing 92 percent of all websites based on JavaScript cryptocurrency mining scripts.

Tags
Cryptocurrencies
Hackers
Mining
Cloud Services
Research
Cybersecurity
Monero
Bitcoin Scams
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Cybercriminals Sneak in Crypto Mining Malware via Confluence Software Exploit
Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …
Altcoin / May 7, 2019
Kim Jong Un May Be Using Stolen Crypto to Offset Economic Fallout
North Korean leader, Kim Jong-un, is reportedly backing a group of hackers. Their goal? Stealing cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts in an attempt to prevent a financial meltdown amid the COVID-19 crisis. A report published on May 13 by the U.K. Mirror claims that the Lazarus group, a hacking syndicate with alleged ties to the North Korean state, could be launching a cybercrime campaign of advanced persistent threat, or APT, attacks. Experts from Seoul-based firm, ESTsecurity, state that Lazarus is “increasingly engaging” in cybercrime activities in and out …
Bitcoin / May 14, 2020
XMR Cryptojacking Malware Smominru Updated, Now Targeting User Data
Malware Smominru mines Monero (XMR) on at least half a million infected computers and now also steals sensitive personal data. An updated malware Cybersecurity company Carbon Black claimed that its Threat Analysis Unit “uncovered a secondary component in a well-known cryptomining campaign” in a report published on Aug. 7. According to the firm, the malware has now been updated to “also steal system access information for possible sale on the dark web.” Per the report, the update is part of a broader trend in malware development: “This discovery indicates a bigger trend of commodity malware evolving to mask a darker …
Hackers / Aug. 10, 2019
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022