Crypto attacks on cloud infrastructure on the rise
According to a new report made by AT&T Cybersecurity wing of the United States, many crypto attacks seem to be focused on cloud infrastructures. The report revealed that organizations of all sizes continue to face significant crypto mining attacks despite the ongoing bearish market.
Hackers seem to be using four main tactics to gain cryptocurrencies. These include control panel exploitation, spreading malicious Docker images, compromising container management platforms, and theft of application programming interfaces (APIs).
Compromising container management platforms involves hackers using unauthenticated management interfaces and APIs to compromise these platforms. This eventually allows hackers to mine crypto.
The report gave an example of an attack reported by security vendor RedLock. Hackers managed to compromise an open-source container management system Kubernetes. The hackers used the compromised Kubernetes server in Amazon Web Services to mine Monero (XMR). Additionally, hackers gained access to client data.
Some hackers prefer stealing APIs, which enables them to compromise the platform by the inside. , however, making use of malicious Docker images, which are files comprised of multiple layers that can execute code. These can be used to attack the companies.
The report elaborates that in all these instances, the cloud gets vulnerable allowing hackers to use them for their illegal activities. Reportedly, the rise in cloud attacks can be attributed to the potential power it posses.
In concluding the report, AT&T gave some recommendations that can be used to protect cloud structures from being illegally used to mine cryptocurrencies.
To check whether the system has been hacked, AT&T recommends to test for Stratum mining protocol over the network. People can also look for command line parameters that look similar to crypto mining tools such as xmrig. Also, they can use Yala rules to check for crypto mining software among other protocols.
Many companies have suffered at the expense of the hackers. Among the listed victims was Cryptopia, a New Zealand based crypto exchange. Reportedly, the exchange has lost about 9.4 percent of its entire holdings.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.