Researchers detect the Crypto-Mining worm to steal AWS credentials

[ad_2][ad_1]

Cybersecurity researchers have detected what they believe to be the first ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials.

The mining campaign was described as relatively unsophisticated by Cado Security in their Aug.17 report. In total, it appears that so far only the attackers – operating under the TeamTNT name – have pocketed a measly $ 300 in illicit profits.

What caught the researchers’ attention was the crypto-mining worm’s specific functionality for AWS credential theft.

Cado Security understands this as part of a broader trend, demonstrating that hackers and attackers are rapidly adapting to the growing number of organizations that are migrating their compute resources into cloud and container environments.

Hacking AWS credentials is relatively straightforward, the report indicates. TeamTNT’s campaign also recycled some of its code from another worm called “Kinsing,” designed to suspend Alibaba Cloud Security tools.

Based on these recycling models, the Cado report notes that researchers now expect to see future cryptocurrency mining worms copy and paste TeamTNT’s code to hack AWS credentials in the future.

As is often the case with stealth cryptocurrency mining campaigns, the TeamTNT worm deploys the XMRig mining tool to mine Monero (XMR) for the profit of attackers.

Cado Security analyzed MoneroOcean, one of the mining pools used by the attackers, and used it to compile a list of 119 compromised systems successfully targeted by the worm.

Stealth cryptocurrency mining attacks are alternately referred to as cryptojacking, an industry term for the practice of using the processing power of a computer to mine cryptocurrencies without the owner’s consent or knowledge.

Last March, Singapore-based unicorn startup Acronis released the results of its latest cybersecurity survey, which revealed that 86% of IT professionals expressed concern about the risks posed to their organizations by these attacks.

[ad_2]Source link