New AT&T Cybersecurity Crypto Malware Report: “Making it Rain, Bitcoin Mining Cloud Attacks”
There have been several hackers that stole users’ spare computing power to mine virtual currencies. Other attackers targeted large websites and injected crypto mining software to steal users’ computing power when they were visiting the site. However, cybercriminals continue to find new ways to mine virtual currencies. This time, attackers have targeted servers and cloud infrastructures.
Attackers Focus On Cloud Infrastructures And Servers
Hackers and attackers tend to focus on servers and cloud infrastructures of companies with the intention to mine cryptocurrencies. This information was released by the cybersecurity branch of the American telecoms operator AT&T.
As per a research paper that was published by cybersecurity experts working at AT&T, hackers tend to target large and small businesses with the intention of using their computing power and mine cryptocurrencies. It is possible to do so through container management platforms, control panel exploitation, stealing application programming interfaces (APIs) or spreading Docker images that are infected with malicious code.
Using compromised open APIs and management interfaces, the attackers hacked container management platforms and installed scripts running in the background. With the power stolen, they were able to mine different cryptocurrencies. To mine digital assets, large amounts of energy are required, which is very expensive for those that want to enter the mining market.
At the same time, attackers scan websites such as GitHub for publicly available API keys and use them to get access to business systems and operations. Moreover, with infected docker images, it is possible for malicious hackers to generate income for themselves at the expense of the users that downloaded the docker images with the mining software.
Hackers were able to breach a server in Amazon Web Services, according to AT&T researchers. In his way, the attackers were able to mine Monero (XMR) and steal customers’ data. They have performed the same action with Tesla when they ran a hidden cryptojacking campaign on the company’s Amazon Web Services cloud infrastructure.
One of the most popular software used by attackers is the so-called CoinHive, that can be injected in websites with large traffic and start mining digital assets with the power provided by visitors. LA Times readers had to mine Monero for them after they infected the site with a CoinHive script.
Although CoinHive can be used to steal computing power from users, the main idea behind it is to change the way in which sites are monetized. For example, websites could activate with the permission of the visitors the mining software and reduce the ads displayed on the site. UNICEF is one of the companies that allows users to mine digital assets with their computing power when they enter their site. The funds gathered by UNICEF are donated to improve the life quality of many individuals around the world.