Compromised Amazon Cloud accounts used for cryptocurrency mining

Compromised Amazon Cloud accounts used for cryptocurrency mining

Hackers are taking control of Amazon’s cloud accounts and using them to mine cryptocurrencies. According to a recent Business Insider report, some Amazon cloud users have seen their account increase more than 500 times due to hackers.

In one case, a Seattle developer named Chris Chin saw his Amazon Web Services account incur a bill of over $ 53,000, which was much higher than his usual $ 100 to $ 150 bill. Chin suspected he was hacked by cryptocurrency miners after seeing the bill.
According to the Business Insider report, cloud service providers such as Google Cloud, AWS, and Microsoft Azure usually shift the responsibility to customers for such hacks. According to these cloud service providers, the blame lies directly with users for their inability to properly configure their security settings. In the report, a Google spokesperson said nearly 75 percent of the hacks were the result of bad security practices and vulnerable third-party software.
For his part, AWS emphasized its shared responsibility model and stated that his accounts were secure by default. The company also stated that while it was responsible for the infrastructure, customers were responsible for security. For users, this provides no consolation. In essence, one-off mistakes can put them in a crippling lifetime debt.
Photo credit – Depositphotos.com
While cloud service account hacking has been around for over a decade, the growing value of cryptocurrencies has made the illegal practice more profitable. For example, in November 2021, the value of BTC reached a new all-time high of $ 69,000. At the same time, the mining difficulty has increased, which means that hackers need even more mining power to mine BTC.
The matter is already on the table in the federal court. In one case, a Missouri-based tech company filed a federal lawsuit after it was charged $ 760,000 for cryptojacking. In most cases, AWS typically waives hacker fees. However, navigating AWS customer support to get invoice exemption can be tricky, according to the Business Insider report.
For now, there doesn’t seem to be an easy solution to the problem. However, users can take the most basic security measures to protect their accounts. For example, they might use strong passwords and enable 2FA. Furthermore, they should carefully review the third-party applications they install in their accounts. Finally, customers of cloud services should always contact customer support to obtain an exemption from the invoice. The process can be daunting, but it’s definitely better than paying a bill of tens of thousands of dollars.

ACCOUNT ARTICLE