Cybercriminals have started targeting servers running on the Alibaba Cloud with the aim of using them to mine cryptocurrencies.
Cryptojacking, in which an attacker takes control of an organization's servers to mine cryptocurrency, is not new, but Trend Micro has noticed that cybercriminals are increasingly targeting Alibaba's cloud infrastructure to exploit Monero because they don't. can be found.
Alibaba Elastic Computing Service (ECS) instances are especially valuable to cybercriminals because they have an autoscaling feature that enables the service to automatically adjust IT resources based on the volume of user requests, according to a new company report. cybersecurity. While this feature is provided to Alibaba customers at no additional cost, the increased use of resources ultimately results in additional costs for your customers.
The cryptojacking landscape is shared by several threat actors, including Kinsing and TeamTNT, although their code shares common characteristics, such as the ability to remove competing players who are also searching for cryptocurrencies and disable security features found on the victim machine.
Go to Alibaba ECS Instances
Alibaba's ECS instances come with a pre-installed security shield that cybercriminals often attempt to disable immediately after accessing a customer's server.
During its recent investigation, Trend Micro discovered specific code in the malware used by attackers to create firewall rules to drop incoming packets from IP address ranges belonging to internal zones and regions of Ali Baba. Al mismo tiempo, la instancia predeterminada de Alibaba ECS proporciona acceso de root, lo que facilita mucho a los ciberdelincuentes el uso de sus servidores en la nube para el cryptojacking.
With the highest possible privilege already available in the event of a compromise, an attacker can deploy advanced payloads, such as kernel module rootkits, and gain persistence on the victim's Alibaba ECS instance. This could be one of the reasons that cybercriminals have started specifically targeting the Chinese company's cloud computing service over competitors like AWS or Microsoft Azure.
For organizations using Alibaba Cloud, Trend Micro recommends that they practice a shared responsibility model in which CSPs and users are responsible for ensuring security configurations of workloads, projects and environments, customizing functionality, security of projects and workloads in the cloud and follow the principle of least privilege when the number of users with the highest access privileges is limited.
Also check out the best endpoint protection software, the best cloud firewall, and the best malware removal software.