Researchers Detect Crypto-Mining Worm to Steal AWS Credentials
Cybersecurity researchers now expect future cryptojackers to mimic this wormâ€™s ability to hack Amazon Web Services credentials.
Cybersecurity researchers have detected what they believe to be the first ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials.
The mining campaign was described as being relatively unsophisticated by Cado Security in their report on Aug. 17. In total, it seems so far to have only resulted in the attackers â€” who operate under the name TeamTNT â€” pocketing a paltry $300 in illicit profits.
What struck the researchersâ€™ attention was the crypto-mining wormâ€™s specific functionality for stealing AWS credentials.Â
Cado Security understands this as part of a wider trend, showing that hackers and attackers are adapting fast to the rising number of organizations that are migrating their computing resources to cloud and container environments.
Hacking the AWS credentials is relatively simple, the report indicates. TeamTNTâ€™s campaign has moreover recycled some of its code from another worm dubbed â€œKinsing,â€� which is designed to suspend Alibaba Cloud Security tools.Â
Based on these recycling patterns, the Cado report notes that researchers now expect to see future crypto-mining worms copying and pasting TeamTNTâ€™s code to hack AWS credentials in future.
As is frequently the case with stealth crypto mining campaigns TeamTNTâ€™s worm deploys the XMRig mining tool to mine Monero (XMR) for the attackersâ€™ profit.
Cado Security investigated MoneroOcean, one of the mining pools used by the attackers, and used it to compile a list of 119 compromised systems successfully targeted by the worm.
Stealth cryptocurrency mining attacks are alternately referred to as cryptojacking â€” an industry term for the practice of using a computerâ€™s processing power to mine for cryptocurrencies without the ownerâ€™s consent or knowledge.
This March, Singapore-based unicorn startup Acronis published the results of its latest cybersecurity survey, which revealed that 86% of IT professionals professed concern about the risks posed to their organizations by these attacks.
Powered by WPeMatico