A prolonged bear market plagues the market — but cybercriminals still find cryptocurrency mining attacks on business cloud infrastructures worth the effort.
Hackers attack servers and cloud infrastructures of companies primarily with the aim of mining cryptocurrency, the cybersecurity branch of the American telecoms operator AT&T revealed. According to a research paper published by cybersecurity experts of the company, attackers target businesses of all sizes with the aim of exploiting their computing power for digital currency mining purposes.
Hackers use four major strategies to get their hands on enterprise computer systems:
- Through container management platforms
- Through control panel exploitation
- Through stealing application programming interfaces (APIs)
- Via spreading Docker images infected with malicious code
While the implementations may be different, the essence is the same — to intercept control over web services and cloud infrastructures to run malicious mining code and potentially get access to user data.
Attackers use compromised open APIs and unauthenticated management interfaces to hack container management platforms or control panes and install scripts that will run in the background and mine digital coins. Individuals often leave public API keys publicly accessible — which is akin to having the door of your house wide open while inviting burglars to come in and help themselves.
Hackers automatically scan web sites and public resources like GitHub for publicly available API keys and use them to get access to business systems and operations.
Infected docker images is another tool used by hackers to run mining software and generate income for themselves at the expense of users who download prebuilt docker images with containers operating a mining software.
There are numerous ways to detect illicit mining activity on business cloud infrastructures. AT&T offers several recommendations that will reveal mining attacks on cloud systems, including monitoring command line parameters that might look like crypto-mining tools such as xmrig.
However, you should understand that something goes wrong — even before you see a suspicious process is running on the background. Cryptocurrency mining is a power-intensive activity, so servers performance is likely to fall while dragging down the efficiency of the operations in general.
According to AT&T, hackers breached a server in Amazon Web Services and got unrestricted access to a company’s servers to mine Monero (XMR) and potentially steal customers data. The same story happened to Tesla, where hackers ran a well-hidden cryptojacking campaign on some of the company’s Amazon Web Services cloud infrastructure.
Also, an unknown hacker made LA Times readers mine Monero for them by infiltrating a CoinHive script into the newspaper’s Amazon S3 bucket. The attacker even left a message for LA’s server admin, asking them to renew the AWS S3 bucket settings to prevent access.
Have you ever fallen victim to cryptojacking? What do you do to protect yourself from cryptocurrency hackers? Let us know in the comments below.