Hackers Turn to Cloud-Based Infrastructure to Mine Crypto

With the advance in technology, many businesses and organizations are turning to Cloud-Based Infrastructure to run and maintain their systems. However, while the latter are advancing how they do business, hackers have also found a new avenue to generate income from unsuspecting victims, and in this case, they are firms and organizations using cloud-computing. To kick off their attacks, the hackers use several ways to inject malware into the cloud computing infrastructure in place then generate income without your knowledge. Some of the loopholes they use are listed below.

Docker Containers

Docker containers across the globe are used by several users to save some time while downloading images through using Docker containers and are prebuilt. However, it presents hackers with an avenue to mine crypto. Reports show they were used when mining Monero on Docker containers but were also used in Luoxk.

Use of API Keys

API keys are easily accessible online through the use of various tools and scanning software such as GitHub which enable the users to get their hands on the API keys. Through the latter, the cloud computing systems are compromised leading to hackers mining crypto. A case in example is of January 2018 where AWS keys were stolen leading to criminals mining Monero.

Container Management Platforms

Another avenue that can be used to mine crypto without the user knowledge is by compromising container management platform by using unauthenticated management interfaces and APIs. A case in examples is when xaxaxa[.]eu which was compromised in February 2018. Per a report from RedLock Kubernetes infrastructure, the platform behind electric car company was compromised and malicious scripts injected. For Kubernetes its Amazon Web Services were comprised leading to the culprit mining Monero. Through compromising the container management platform, the cybercriminals can do more damage since they have access to customer’s data.

Assuming Control of Web Services by Taking over the Control Panel

Similar to the above, cybercriminals can also take over control of the control panel which grants them ultimate control over all web services. For instance, in Kubernetes case, the cybercriminals manipulated loopholes in VestaCP. Through manipulating VestaCP, the cybercriminals were able to inject sysroot followed by installing XMRig which was used to mine Monero.

While all the above attacks led to the mining of crypto, administrators can use various tools such as USM Anywhere to sniff out the mining activities and put a stop to them.