Cybersecurity researchers have now detected what they believe to be the very primary stealth cryptocurrency mining campaign to steal AWS [Amazon Web Services] credentials.
The mining campaign was described as being relatively anonymous by Cado Security within their report earlier on 17th Aug. In total, it seems thus far to possess only resulted in the attackers – that operate under the name TeamTNT – pocketing a paltry $300 in illegal profits.
What struck the researchers’ attention was the cryptocurrency-mining worm’s specific functionality for stealing AWS credentials.
Cado Security understands this as a part of a wider trend, revealing that the hackers and attackers are adapting fast to the rising number of organizations that are migrating their computing resources to cloud and container environments.
Hacking the AWS credentials is comparatively simpler, the report indicates. TeamTNT’s campaign has moreover recycled a number of its code from another worm referred “Kinsing,” that is meant to suspend Alibaba Cloud Security tools.
Based on these recycling patterns, the Cado report adds that researchers now expect to ascertain future cryptocurrency-mining worms copying and pasting TeamTNT’s code to hack AWS credentials in future.
As is usually the case with stealth cryptocurrency mining campaigns TeamTNT’s worm deploys the XMRig mining tool to mine Monero [XMR] for the attackers’ profit.
Cado Security investigated MoneroOcean, one among the mining pools employed by the attackers, and used it to compile a list of total 119 compromised systems successfully targeted by the worm.
Stealth crypto mining attacks are alternately called cryptojacking – an industry term for the practice of employing a computer’s processing power to mine for cryptocurrencies without the owner’s consent or information.
Just earlier in March, Singapore-based unicorn startup Acronis revealed the results of its latest cybersecurity survey, that revealed that 86% of IT professionals professed concern about the risks posed to their organizations by such attacks.