Cryptojackers spread their nets to capture more than just EC2

2023-09-18 11:15

One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.

Researchers from the Sysdig Threat Research Team have uncovered a cryptojacking operation dubbed "AMBERSQUID," which does not directly target EC2 instances that would trigger an approval for more resources.

Instead, according to researchers, it is aimed at often-overlooked services, such as AWS Amplify, AWS Fargate, and AWS Sagemaker.

Researchers said: "The uncommon nature of these services means that they are often overlooked from a security perspective, and the AMBERSQUID operation can cost victims more than $10,000 per day."

Researchers said: "For the first time, we discover attackers abusing AWS Amplify for cryptojacking."

While EC2 is a well-known target, researchers urged security teams to remember that other services also provide access - if indirect - to compute resources, meaning that threat detection needs to be as broad as possible.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/18/cryptojackers_spread_their_nets_to/

#cryptojackers #EC2