Many threat actors would compete for access to limited cloud computing power that they can use for cryptocurrency mining activities.
A Trend Micro report describing “A Floating Battleground Navigating the Cloud-Based Cryptocurrency Mining Landscape” claims that there is an “hour to hour” battle between various groups over who gets to use cloud servers. engaged as miners.
“Just a few hours of engagement could translate into profit for authors. That is why we are witnessing a continuous fight for cloud processor resources. It's similar to a real-life capture of the flag, with the victim's cloud infrastructure as the battleground," said Stephen Hilt, principal threat researcher at Trend Micro.
cost increase
"Threats like this require built-in platform-based security to ensure criminals have nowhere to hide. The right platform will help teams map their attack surface, assess risks, and request the right protection without adding undue overhead." .
Cloud computing power is excessive, but not fully available to cybercriminals. Trend Micro says groups can only operate exposed instances, which typically have outdated cloud software, poor cloud security hygiene, or are managed by people with insufficient knowledge of how to protect services.
Brutal SecureShell (SSH) credentials are also sometimes used, the researchers added.
Cloud computing has proven essential to the survival of many businesses during the pandemic. But some stayed online longer than necessary, according to the report, meaning they are no longer patched or misconfigured.
Compromised systems will not only slow down key user-facing services for targeted organizations, but can also increase their operating costs by up to 600%. After all, a cryptocurrency miner needs significant computing resources, as well as electricity and a stable internet connection.
Trend Micro also says that some pools are using miners as a "side job," to earn a few extra bucks while they wait for a customer to want to buy access to compromised endpoints.
To stay secure, the researchers advise companies to always keep their systems up to date, run only necessary services, implement firewalls, IDS/IPS, and cloud endpoint security solutions, eliminate misconfigurations, control traffic to and from from cloud instances and implement rules that control open ports, DNS routing changes, and CPU resource usage from a cost perspective.