Security News > 2021 > November > Cybercriminals Target Alibaba Cloud for Cryptomining, Malware

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware
2021-11-15 20:10

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals.

Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

While disabling security isn't a new tactic, in this case the attackers are using a small piece of specific code in the cryptomining malware to create new firewall rules, instructing security filters to drop incoming packets from IP ranges belonging to internal Alibaba zones and regions.

Targeting of Alibaba is on the rise, the researchers added, thanks to a few unique features of the service, researchers noted, and the way cloud instances can be configured.

"Given this feature, it comes as no surprise that multiple threat actors target Alibaba Cloud ECS simply by inserting a code snippet for removing software found only in Alibaba ECS," concluded the analysis.

To protect themselves from threat actors stealing cloud resources, users should create a less privileged user for running applications and services within each Alibaba ECS instance, researchers recommended.


News URL

https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Alibaba 4 0 2 4 3 9