The cryptocurrency industry has always attracted criminals, just like any other financial segment. However, the recent attacks against Alibaba cloud is rather intriguing. Attackers intend to focus n crypto mining and malware distribution, with a strong sentiment toward Monero cryptojacking.
Criminals Take On Alibaba Cloud
Several technology companies provide cloud hosting and other cloud-based services to their customers.
Amazon is one of the biggest companies, although Alibaba is not far behind.
Through Alibaba’s Elastic Computing Service (ECS) instances, developers can deploy programs or test code in a controlled environment.
Those ECS instances from Alibaba are now under attack from criminals successfully disabling various security features.
The primary objective is to focus on crypto mining objectives.
The options that make Alibaba Cloud stand out from competitors allow for some attractive revenue.
However, due to the native security agent, efforts like crypto mining or cryptojacking are not possible.
The hackers circumvent this security agent through the creation of new firewall rules,.
Moreover, the security agent cannot clean up the running compromise and gets disabled, which is rather elaborate. In some cases, the distributed malware uninstalls the security agent altogether.
After bypassing the security measures, the malware installs XMRig cryptominer or a slightly modified version of the software.
Alibaba’s decision to let users interface with root access directly may be a key factor in these attacks.
Sadly, that also gives attackers the highest privileges, allowing them to advance their attack and escalate the process.
Moreover, the Alibaba ECS will auto-scale to increase computing resources on-demand, providing nearly unlimited resources to cryptojacking.
Making matters worse is the modular model of the malware, allowing the crypto miner to be replaced with other malware to increase profit or infect additional endpoints.
Legitimate users affected by this malware will likely see their Alibaba ECS instance bills skyrocket.
It remains unclear if and when this issue will be fixed.
Please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. CryptoMode is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.