Security News > 2021 > November > Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals.
Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.
While disabling security isn't a new tactic, in this case the attackers are using a small piece of specific code in the cryptomining malware to create new firewall rules, instructing security filters to drop incoming packets from IP ranges belonging to internal Alibaba zones and regions.
Targeting of Alibaba is on the rise, the researchers added, thanks to a few unique features of the service, researchers noted, and the way cloud instances can be configured.
"Given this feature, it comes as no surprise that multiple threat actors target Alibaba Cloud ECS simply by inserting a code snippet for removing software found only in Alibaba ECS," concluded the analysis.
To protect themselves from threat actors stealing cloud resources, users should create a less privileged user for running applications and services within each Alibaba ECS instance, researchers recommended.
News URL
https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/
Related news
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Cybercriminals used a gaming engine to create undetectable malware loader (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)