In mid-September the torrent site The Pirate Bay vexed its users by running a live test which used their computing power to mine the Monero crypto-currency. According to a recent BBC report, the manipulative software in question, which was created by Coinhive, can now be found on many websites, including schools and charity websites – illegally installed by hackers. According to Redblock's security researchers, hackers have also developed an even more promising method: bitcoin mining in the cloud.
The reason for this misuse of outside computers to "dig" or "mine" cryptocurrencies is that these so-called mines require a great deal of computing power and therefore also electricity, adding up to enormous costs. The hackers pass these costs along by using other computers – all they need to do is reap the rewards in the form of bitcoins or other crypto-currencies.
According to the Redblock report , hackers have latched on to corporate resources in the Amazon AWS cloud solution to mine bitcoins. According to the security researchers, the companies affected included British insurance group Aviva and Dutch SIM card manufacturer Gemalto. What was special about these attacks: Hacker access was greatly facilitated by neglecting to install password protection on the administration consoles for the affected cloud computers
In the unprotected AWS instances, hackers found access keys and secret tokens in plain text, allowing them to gain access to critical infrastructure, according to the Redblock report. Companies using cloud solutions like AWS, Microsoft's Azure or Google Cloud will need to rely on monitoring tools to alert them to any unusual activities, say the security researchers. Of course, secure passwords and alternative authentication methods are also a must.