"Cybercriminals Fighting Over Cloud Workloads for Cryptomining"

Threat actors are infiltrating cloud accounts to create distributed workloads for cryptomining. According to researchers, the threat actors are hacking misconfigured and vulnerable cloud instances to carry out Distributed Denial-of-Service (DDoS) attacks and abuse trial accounts from DevOps service providers. Outlaw is the name of a Romanian group that seeks to compromise Internet of Things (IoT) devices, Linux servers, and containers through the exploitation of known vulnerabilities and use of stolen or default credentials to mine the Monero digital currency or launch DDoS attacks. TeamTNT is a highly sophisticated group that targets vulnerable software services. The Kinsing group is known to have a considerable number of cloud exploits. The attacks executed by these groups call on companies to increase efforts towards strengthening their security controls in the cloud. Stephen Hilt, a senior threat researcher with Trend Micro, says these malicious groups are taking advantage of the large amount of poorly configured cloud instances. Other attack groups have discovered ways to exploit the free tier of Continuous Integration and Continuous Deployment (CI/CD) pipeline services, such as Azure DevOps, BitBucket, CircleCI, GitHub, GitLab, and TravisCI. They have also found ways to combine the transient workloads into a cryptomining cloud service. For example, an attacker used multiple six-hour build steps to add processor cycles to a pooled mining service. Different cybercriminal groups have also been competing for cloud services. For instance, TeamTNT has targeted systems compromised by Kinsing, a rival cryptocurrency mining group. This article continues to discuss recent findings regarding cybercriminal groups' use of cloud resources for cryptomining. 

Dark Reading reports "Cybercriminals Fighting Over Cloud Workloads for Cryptomining"