Security News > 2021 > November > Alibaba ECS instances actively hijacked by cryptomining malware
Threat actors are hijacking Alibaba Elastic Computing Service instances to install cryptominer malware and harness the available server resources for their own profit.
Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent.
According to a report by Trend Micro, one of the issues with Alibaba ECS is the lack of different privilege levels configured on an instance, with all instances offering root access by default.
Given how easy it is to plant kernel module rootkits and cryptojacking malware due to the elevated privileges, it is no surprise that multiple threat actors compete to take over Alibaba Cloud ECS instances.
Alibaba ECS is yet another case of a cloud service targeted by cryptominers, with other notable recent campaigns targeting Docker and Huawei Cloud.
In the case of ECS, its built-in malware protection isn't enough, so adding a second layer of detection for malware and vulnerabilities on the cloud environment should be part of your standard security practice.