• XRATOR
  • Our Experts
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Malware

Cryptojacking: the Emerging Threat that is Targetting Cloud Attack Surface

Exploring the Risks and Evasion Techniques of Cryptojacking Campaigns Targetting Cloud Infrastructure and Protection Measure.

Gwendal SmithbyGwendal Smith
January 30, 2023
in Articles, Cyber Attacks, Cybercrime, Malware
0
Cryptojacking: the Emerging Threat that is Targetting Cloud Attack Surface

As the world becomes increasingly digital, the use of cloud services has skyrocketed. In the wake of the pandemic, cloud adoption has accelerated even further, making it a critical infrastructure for many organizations. However, with this increased adoption comes a new category of security threats – cryptojacking.

It is reported that the number of cryptojacking attacks targeting cloud infrastructure has been steadily increasing over the past year, with a significant spike in attacks during the pandemic as more businesses shifted to remote work and increased their reliance on cloud services. According to a report by Cybersecurity Ventures, the global cost of cryptojacking is projected to reach $11.5 billion by 2023, highlighting the need for organizations to take proactive measures to protect themselves.

Risks of Cryptojacking in the Cloud

Cryptojacking, also known as crypto mining, is the unauthorized use of an individual’s or organization’s computing power to mine for cryptocurrency. This type of cyberattack is becoming increasingly prevalent in cloud threat landscape and is exploiting misconfigured cloud-account settings to siphon computing power for monetization.

Though cryptojacking campaigns are not yet causing the same level of disruption and destruction as other cyberattacks such as wiper, they are a growing concern for cloud providers and adopters alike. In this article, we will explore the risks and evasion techniques of cryptojacking campaigns targeting cloud infrastructure and the protection measures that are available to defend against them.

The primary risk of cryptojacking in the cloud is the unauthorized use of an organization’s computing power and resources. This can lead to increased costs for cloud services and a decrease in overall performance. Additionally, cryptojacking operation can also lead to data breaches and the exfiltration of sensitive information by monetizing compromised hosts.

 

Evasion Techniques of Cryptojacking Campaigns

Cryptojacking campaigns are becoming increasingly sophisticated, with attackers using a variety of evasion techniques to avoid detection. Some of the most common evasion techniques include:

  • Misconfigured Cloud Settings: Attackers are exploiting misconfigured cloud settings to gain access to an organization’s computing power and resources. This can include weak default security settings and unsecured cloud accounts.
  • Serverless Computing and Containers: Cryptojacking campaigns are targeting serverless computing and containers for some years now, as the ease of which cloud resources can be compromised makes them an easy target.
  • DNS over HTTPS (DoH): The Denonia malware, for example, employs a protocol that implements DNS over HTTPS (DoH), which sends DNS queries over HTTPS to DoH-based resolver servers. This allows attackers to hide within encrypted traffic, making it difficult for cloud providers to view their malicious DNS lookups.
  • Timestamp Manipulation: CoinStomp, a cloud-native malware, uses timestamp manipulation as an anti-forensics technique to evade detection.

Cryptojacking malware can also rely on traditionnal evasion techniques used by other malware families, such as steganography, DLL hijacking or binary padding.

Protection Measures

Despite the growing sophistication of cryptojacking campaigns, there are several protection measures available to defend against them. These include:

  • Cloud Workload Protection Platforms (CWPPs): CWPPs are designed for the detection and response of cloud-based threats. They can monitor cloud environments for suspicious activity and provide real-time alerts of potential threats.
  • Cloud Security Posture Management (CSPM): CSPM solutions are designed to proactively identify and remediate security issues in cloud environments. They can detect misconfigured cloud settings and provide recommendations for secure configuration.

Cloud providers such as Amazon and Microsoft also include security features and functions in their services, such as encryption, identity and access management, and threat detection and response.

Conclusion

The rise of cryptojacking campaigns targeting cloud infrastructure is a growing concern for both cloud providers and adopters. The ease of access to cloud services, combined with weak default security settings and the lack of understanding about the specific risks in the cloud, have made it a prime target for threat actors looking to monetize computing power.

The threat actors are becoming more sophisticated and likely will move from cryptomining to more lucrative attacks in the future, it’s essential for organizations to stay aware of the evolving threat landscape.

Tags: Cloud SecurityCryptojackingCryptominer

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    0 shares
    Share 0 Tweet 0
  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0
  • Three Social Impacts of Ransomware Operations

    0 shares
    Share 0 Tweet 0
  • Methods to Conduct an Insider Threat Risk Assessment

    0 shares
    Share 0 Tweet 0
  • Why Lockbit does fake cyberattacks ?

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}