In the new report, AT&T examined the most significant forms of cryptojacking associated with mining attacks on organizations’ cloud infrastructure.
AT&T outlined four major cryptojacking tactics used by hackers such as
- compromising container management platforms
- control panel exploitation
- theft of application programming interfaces (APIs)
- spreading malicious Docker images
Container management is a major process deployed by enterprise systems, which includes all necessary components to run software, including files and libraries. AT&T researchers have found that crypto jackers were using unauthenticated management interfaces and opened APIs to compromise container management platforms for illicit cryptocurrency mining.
In this regard, AT&T cited an attack reported by security vendor RedLock, where an attacker compromised open-source container management system Kubernetes. The attackers used the compromised Kubernetes server in Amazon Web Services to mine Monero (XMR) and take over access to client data.
After providing a detailed description of hackers’ strategies to mine crypto through cloud structures, AT&T provided a number of recommendations for detecting mining attacks on cloud systems.
Recently, crypto mining service Coinhive announced its closure, as the platform has reportedly become economically inefficient. It reportedly had to shut down its services amidst a 50 percent decline in hash rate following the last Monero hard fork. The firm said its would halt operations on March 8, 2019, while users’ dashboards will be accessible until April 30, 2019.