Getting your Trinity Audio player ready... |
This week, a 29-year-old man from Ukraine was taken into custody for creating one million virtual servers through the use of compromised accounts, which were then used to mine $2 million in cryptocurrency.
According to what Europol announced, the suspect is thought to be the brains behind a massive cryptojacking operation that involves stealing cloud computing resources in order to mine cryptocurrency.
Cybercriminals can profit at the expense of compromised organizations by mining cryptocurrency on other people’s servers using their computational resources, which degrades the performance of their CPU and GPU.
The damage for on-premise breaches includes paying for higher electricity consumption, typically produced by miners.
The damage caused by cryptojacking, according to a 2022 Sysdig report, is estimated to be around $53 for every $1 that cybercriminal mine on compromised devices to obtain Monero (XMR).
The first source of information about the cryptojacking attack, according to Europol, came from a cloud service provider looking into hacked cloud accounts on their platform in January 2023.
The cloud provider, the Ukrainian police, and Europol collaborated to produce operation intelligence that could be utilized to locate and identify the hacker.
After seizing computer equipment, bank and SIM cards, electronic media, and other evidence of illicit activity, the police claim to have arrested the hacker on January 9.
The suspect has been active since 2021, according to a separate report from the Ukrainian cyberpolice, when he used automated tools to brute force the passwords of 1,500 accounts belonging to a subsidiary of one of the biggest e-commerce companies in the world.
The e-commerce business and its affiliate have not been identified by Europol or Ukraine.
Subsequently, the threat actor created over a million virtual computers for the crypto mining scheme by using these accounts to obtain administrative privileges.
The suspect moved the illicit proceeds using TONNE cryptocurrency wallets, according to confirmation from Ukrainian authorities. The transactions totaled about $2 million.
Part 5 of Art. 361 of the Criminal Code of Ukraine (unauthorized interference in the work of information, electronic communication, and electronic communication networks) now charges the arrested person with a crime.
Threat actors frequently target cloud services in an attempt to command processing power for illegitimate bitcoin mining.
Using endpoint protection and intrusion detection systems, keeping an eye out for odd activity such as sudden spikes in resource usage, and restricting administrative privileges and access to vital resources to those needing them are some strategies to thwart crypto-jacking attacks.
To get a first compromise, cryptojackers frequently take advantage of known vulnerabilities in cloud computing platforms. Thus, it is essential to update all software on a regular basis to ensure that systems are safe from outside threats.
Lastly, in case their login credentials are compromised, 2FA ought to be enabled on all administrative accounts.
1 million virtual servers are spun up by hackers
In recent months, certain groups engaged in cryptocurrency mining have shifted from targeting and seizing unpatched servers to misusing cloud computing platforms’ free tiers.
Gangs have been operating by creating accounts on particular platforms, utilizing the provider’s free tier infrastructure to run cryptocurrency mining apps, and registering for a free tier.
The groups create new accounts and begin from the beginning when trial periods or free credits run out, which keeps the provider’s servers at maximum utilization and slows down regular operations.
We have been monitoring and investigating this phenomenon since discovering this strategy was being misused on GitHub six weeks ago.
Since then, businesses have come forward to relate similar experiences of abuse, and developers have shared their own tales of seeing similar mistreatment on other platforms.
Services like GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto are among those that have been misused in this manner.
This week, authorities in Ukraine detained a 29-year-old man who had created one million virtual servers to mine $2 million in cryptocurrency using compromised accounts.
The suspect is thought to be the brains behind a massive cryptojacking scheme that involves stealing cloud computing resources for cryptocurrency mining, as revealed by Europol today.
Cybercriminals can profit from the compromised organizations’ CPU and GPU performance, which is negatively impacted by mining cryptocurrency using the computational resources of other people’s servers.
Crypto-mining gangs have discovered that they can take advantage of this process to insert their own code, have the CI virtual machine mine cryptocurrencies, and then collect the meagre profits before the VM’s allotted time runs out and the cloud provider shuts it down.
This is the method by which cryptocurrency mining groups have been misusing GitHub’s Actions feature, which gives users access to CI capabilities, to exploit the website and mine cryptocurrency on GitHub’s own servers.