Cloud systems are now a major target for cryptocurrency miners
Trend Micro Incorporated has announced the publication of a new research report on the relentless and relentless battle waged by cryptocurrency mining groups to divert resources from cloud infrastructures.
In this report, titled ‘A Floating Battleground Navigating the Landscape of Cloud-Based Cryptocurrency Mining’, Trend Micro describes the modus operandi of several groups of attackers with the aim of paying attention to the impact and damage they can discuss. further cloud- dependent organizations, and deliver practical advice on how to defend against these attacks.
“Today, several hours of compromise are needed for criminals to profit from their attacks. This is why we are witnessing the ongoing struggle to access cloud resources,” explained Nicolas Arpagian, Director of Cybersecurity Strategy, Trend Micro. “It’s similar to a ‘Capture The Flag’ challenge, where the victim’s cloud infrastructure is an asset that can be won to conduct more profitable operations.”
According to the Trend Micro report, the actor’s threats are increasingly seeking these exposed opportunities, exploiting them, and brutally forcing SecureShell (SSH) credentials to compromise cloud assets in order to mine cryptocurrencies. . Their targets generally have obsolete software in their Cloud infrastructure, an ideal Cloud security system, or even insufficient knowledge of the security practices to be applied to Cloud services: the vulnerabilities are therefore easy exploited by attackers who seek to access systems and compromise them.
Companies specifically invested in the Cloud during the pandemic. However, the simplicity with which new resources can be deployed has also left many opportunities online, unpatched and misconfigured for too long. thus more strongly exposed organizations. On the one hand, this additional IT workload threatens to slow down services for users of victim organizations, on the other hand, it generates an increase in operating costs of almost 600% for each infected system.
In addition, cryptocurrency mining can also be the prelude to a more serious compromise. Many threat actors actually deploy mining software to generate additional revenue before online consumers buy access for ransomware, data theft, etc.
The Trend Micro report details the activity of several groups of malicious actors involved in cryptocurrency mining, including:
• Outlaw, which compromises IoT devices and Linux cloud servers by exploiting known vulnerabilities or conducting SSH brute force attacks.
• TeamTNT, which takes advantage of weak software to compromise hosts before stealing credentials from other services to help it migrate to new hosts and abuse any misconfigured services.
• Kinsing, which sets up the XMRig kit for Monero mining and removes all other miners in the victim system.
• 8220, who was observed fighting Kinsing for both resources. They often drive each other away from a host and then install their own cryptocurrency miners.
• Kek Security, which is associated with IoT malware and running botnet services.
To mitigate the threat of cloud cryptocurrency mining attacks,
Trend Micro recommends that organizations take the following steps:
• Ensure systems are up to date and running only necessary services.
• Deploy firewall, IDS/IPS, and endpoint security in the cloud to limit and filter network traffic to and from known rogue hosts.
• Eliminate incorrect configurations using cloud security posture management tools.
• Track traffic to and from the cloud instance and filter domains associated with known mining pools.
• Deploy rules that track open ports, DNS routing changes, and CPU resource usage.
“Threats of this type require specific security, relying on a centralized platform that allows teams to map their attacks, assess risks and use ad hoc protection strategies without having to of excessive overhead. », Concludes Nicolas Arpagian.