Cloud Applications

Hackers exploit hole in Amazon Cloud to mine bitcoins

Hackers appear to have found a new way to make money – by mining bitcoins at other people’s expense. According to security researchers, the cyber-thieves are manipulating a chink in the armor of virtual business computers in Amazon's AWS Cloud.

18 Oct. 2017 Source: t3n Jörn Brien
Bitcoin_1
Hackers exploit outside cloud resources to mine the crypto-currency

Mining bitcoins in the cloud – at other people's expense

In mid-September the torrent site The Pirate Bay vexed its users by running a live test which used their computing power to mine the Monero crypto-currency. According to a recent BBC report, the manipulative software in question, which was created by Coinhive, can now be found on many websites, including schools and charity websites – illegally installed by hackers. According to Redblock's security researchers, hackers have also developed an even more promising method: bitcoin mining in the cloud.

The reason for this misuse of outside computers to "dig" or "mine" cryptocurrencies is that these so-called mines require a great deal of computing power and therefore also electricity, adding up to enormous costs. The hackers pass these costs along by using other computers – all they need to do is reap the rewards in the form of bitcoins or other crypto-currencies.

Protection gaps: Hackers skimming bitcoin and Co.

According to the Redblock report , hackers have latched on to corporate resources in the Amazon AWS cloud solution to mine bitcoins. According to the security researchers, the companies affected included British insurance group Aviva and Dutch SIM card manufacturer Gemalto. What was special about these attacks: Hacker access was greatly facilitated by neglecting to install password protection on the administration consoles for the affected cloud computers

In the unprotected AWS instances, hackers found access keys and secret tokens in plain text, allowing them to gain access to critical infrastructure, according to the Redblock report. Companies using cloud solutions like AWS, Microsoft's Azure or Google Cloud will need to rely on monitoring tools to alert them to any unusual activities, say the security researchers. Of course, secure passwords and alternative authentication methods are also a must.

Cloud Applications eCommerce CEBIT RSS Feed