Security News > 2023 > September > Cryptojackers spread their nets to capture more than just EC2
One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.
Researchers from the Sysdig Threat Research Team have uncovered a cryptojacking operation dubbed "AMBERSQUID," which does not directly target EC2 instances that would trigger an approval for more resources.
Instead, according to researchers, it is aimed at often-overlooked services, such as AWS Amplify, AWS Fargate, and AWS Sagemaker.
Researchers said: "The uncommon nature of these services means that they are often overlooked from a security perspective, and the AMBERSQUID operation can cost victims more than $10,000 per day."
Researchers said: "For the first time, we discover attackers abusing AWS Amplify for cryptojacking."
While EC2 is a well-known target, researchers urged security teams to remember that other services also provide access - if indirect - to compute resources, meaning that threat detection needs to be as broad as possible.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/18/cryptojackers_spread_their_nets_to/