Cloud systems under attack Crypto Mining

Cloud systems under attack Crypto Mining
Edited by LineaEDP 04/04/2022

This was revealed by a new Trend Micro research, which reveals the dangers associated with the increase in attack surfaces in relation to CPU-mining

Cloud systems are under attack by Crypto Mining and cybercriminal groups dedicated to crypto currency mining are competing to grab as many resources as possible. The figure emerges from “A Floating Battleground. Navigating the Landscape of Cloud-Based Cryptocurrency Mining “, the latest research from Trend Micro, a global leader in cybersecurity.
As underlined right from the start of an official note by Salvatore Marcis, Technical Director of Trend Micro Italia: «Even a few hours of compromise could translate into profits for cybercriminals. This is why we are witnessing an ongoing struggle for cloud computational resources. Threats like this require organized and distributed security to make sure the bad guys have nowhere to hide. The right platform supports teams in maintaining visibility and control of their cloud infrastructure, mapping the attack surface, assessing its risks and applying the right protection without adding excessive runtime costs. ”
Cybercriminals increasingly seek to find and exploit exposed instances, as well as constantly search for weak SecureShell (SSH) access through brute force attacks, with the aim of compromising cloud assets for cryptocurrency mining. The goals are often characterized by having outdated software, a non-compliant cloud security posture and inadequate knowledge on how to secure cloud services, all of which are exploited by cybercriminals to gain access to systems.
Cloud computing investments increased during the pandemic, but the ease with which assets can be deployed left many cloud instances exposed online unpatched, or misconfigured, more than they should.
The additional computational costs caused by mining threaten to slow down key user services within victim organizations, as well as increase operating costs by up to 600% on each infected system.
Cryptocurrency mining can also be the alarm of a more serious compromise. Many cybercriminals implement mining software to get extra revenue before online shoppers buy access for ransomware, data theft and more.
Trend Micro research uncovers the activities of several cybercriminal groups in this area, such as:
Outlaw, which compromises IoT devices and Linux cloud servers by exploiting known vulnerabilities or through SSH brute force attacks
TeamTNT, which exploits vulnerable software to compromise hosts before stealing credentials for other services, with the aim of reaching new hosts and taking advantage of any badly configured service
Kingsing, which sets up an XMRig kit for Monero mining and ejects other miners out of the victim system
8220, which was seen clashing with Kinsing over the same assets. These groups usually kick each other off a host and install their own cryptocurrency miners
Kek Security, which has been associated with IoT malware and running botnet services
To mitigate the threats resulting from cloud cryptocurrency mining attacks, Trend Micro recommends:
• Make sure systems are up to date and run only required services
• Implement firewalls, IDS / IPS and a security cloud endpoint to limit and filter outgoing and incoming network traffic
• Eliminate configuration errors through Cloud Security Posture Management tools
• Monitor inbound and outbound cloud instance connections and filter domains associated with known mining pools
• Set up rules to monitor open ports, changes to DNS routing and the use of CPU resources from a cost point of view
Further information is available at this link
The full report “A Floating Battleground. Navigating the Landscape of Cloud-Based Cryptocurrency Mining ”is available at this link

COMMENT: crypto mining is an octopus that not only consumes electricity as important nation states, but also appropriates other people’s hardware resources with illegal operations. We need regulation and the choice by states and central banks of our CBDC solution. tertium non datur, the Latins said. There is no third way.

cloud systems