Trend Micro, Cloud Systems Are Under Crypto Mining Attack
According to Trend Micro research, systems cloud I am attacked Cryptocurrency mining and cybercriminal groups dedicated to cryptocurrency mining compete to grab as many resources as possible.
“Even a few hours of compromise could translate into profits for cybercriminals. That's why we see a constant struggle for cloud computing resources". He stated Salvatore Marcistechnical director of Trend Micro Italy. “Threats like this require organized and distributed security to ensure the bad guys have nowhere to hide. The right platform helps teams maintain visibility and control of their cloud infrastructure, map the attack surface, assess its risk, and apply the right protection without adding excessive execution costs."
Cybercriminals are increasingly looking to find and exploit exposed instances, as well as constantly scanning for weak SecureShell (SSH) connections via Brute force, with the aim of compromising cloud assets for cryptocurrency mining. The targets are often characterized by outdated software, a non-compliant cloud security posture, and insufficient knowledge of how to secure cloud services, all of which are exploited by cybercriminals to gain access to systems.
Investments in cloud computing have increased during the pandemicbut the ease with which assets can be deployed has left many cloud instances exposed online without them patchor misconfigured, more than necessary.
The additional computational costs of mining threaten to slow down key user-facing services within victim organizations, as well as increasing operational costs by up to 600% on each infected system.
Cryptocurrency mining can also be the alarm of a more serious compromise. Many cyber criminals implement mining software to get extra revenue before online shoppers buy access for ransomware, data theft, etc.
Some of the cybercriminal activities identified by Trend Micro research
Outlawwhich compromises the devices IoT and Linux cloud servers by exploiting known vulnerabilities or via SSH brute force attacks
TeamTNTwhich exploits vulnerable software to compromise hosts before stealing credentials for other services, with the aim of reaching new hosts and taking advantage of any misconfigured services
Kingsingwhich sets up an XMRig kit for Monero mining and kicks other miners out of the victimized system
8220, which has been seen in dispute with Kinsing over the same assets. These groups usually launch each other on a host and install their own cryptocurrency miners
Kek Security, which was associated with malware IoT and running services botnet
Tips for Mitigating Cyber Threats
Trend Micro has compiled a number of helpful advocacy tips for organizations:
- Make sure your systems are up to date and only run required services
- Implement firewall, IDS/IPS and security cloud period to limit and filter outgoing and incoming network traffic
- Eliminate misconfigurations with Cloud Security Posture Management tools
- Monitor inbound and outbound cloud instance connections and filter domains associated with known mining pools
- Configure rules to monitor open ports, routing changes DNS and use of resources CPU from a cost point of view