Security News > 2021 > November > Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals.
Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.
While disabling security isn't a new tactic, in this case the attackers are using a small piece of specific code in the cryptomining malware to create new firewall rules, instructing security filters to drop incoming packets from IP ranges belonging to internal Alibaba zones and regions.
Targeting of Alibaba is on the rise, the researchers added, thanks to a few unique features of the service, researchers noted, and the way cloud instances can be configured.
"Given this feature, it comes as no surprise that multiple threat actors target Alibaba Cloud ECS simply by inserting a code snippet for removing software found only in Alibaba ECS," concluded the analysis.
To protect themselves from threat actors stealing cloud resources, users should create a less privileged user for running applications and services within each Alibaba ECS instance, researchers recommended.
News URL
https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/
Related news
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Cybercriminals capitalize on poorly configured cloud environments (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)