Cybercriminals Target Alibaba Cloud for Cryptomining, Malware

2021-11-15 20:10

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals.

Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

While disabling security isn't a new tactic, in this case the attackers are using a small piece of specific code in the cryptomining malware to create new firewall rules, instructing security filters to drop incoming packets from IP ranges belonging to internal Alibaba zones and regions.

Targeting of Alibaba is on the rise, the researchers added, thanks to a few unique features of the service, researchers noted, and the way cloud instances can be configured.

"Given this feature, it comes as no surprise that multiple threat actors target Alibaba Cloud ECS simply by inserting a code snippet for removing software found only in Alibaba ECS," concluded the analysis.

To protect themselves from threat actors stealing cloud resources, users should create a less privileged user for running applications and services within each Alibaba ECS instance, researchers recommended.

News URL

https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/

#cloud #cryptomining #cybercriminal #malware

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Alibaba		6	0	7	2	2	11

News URL

Related news

Related vendor