Most Cloud Server Attacks Seek to Mine Cryptocurrency: Report

Cloud infrastructure attacks are becoming more sophisticated all the time, and according to a new security report, the majority of them have one major goal: mining cryptocurrencycryptocurrency.

A new report issued today by Aqua Security’s cybersecurity-centric Team Nautilus, entitled “Evolution of Attacks in the Wild on Container Infrastructure,” relayed the results of extensive research and testing into the growing trend of attacks on cloud servers.

According to a release, there is a “growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.” And while the majority of the tracked attackers sought to use cloud computing resources to minemine crypto, the release adds that the “methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments.”

Aqua Security traced cloud infrastructure attacks for a full year, tracking more than 16,000 individual attacks back to various international locations. The report adds that there has been a dramatic uptick in such attacks since the start of 2020, suggesting an organized and systematic approach.

“The attacks we observed are a significant step up in attacks targeting cloud native infrastructure,” said Team Nautilus head Idan Revivo, in a release. “We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread use of cloud native technologies makes them a more lucrative target for bad actors.”

The report suggests that “sophisticated evasion techniques” are being deployed, including using “vanilla” images that seem to be uncompromised, disabling other resource-draining malware, having time-delayed downloads for payloads, and using 64-bit encryption.

According to the report, about 95% of the attacks were aimed at mining cryptocurrency, and the total number of attacks jumped up 250% year-over-year.

Elaborate botnet is hijacking Microsoft servers to mine crypto

Guardicore, a data center and cloud security company, issued a report today detailing an extensive campaign by a botnet to hijack Microsoft SQL Server (MS-SQL) machines around the globe and force them to mine the cryptocurrencies Monero and Vollar. Dubbed “Vollgar” by the company—a portmanteau of Vollar and vulgar—the campaign has continued on since it was first detected in May 2018, steadily infecting about 3,000 new machines daily across all sorts of industries, including healthcare and teleco...

This isn’t the first time we’ve heard about malicious attacks on servers with the aim of mining cryptocrypto. Earlier this year, security firm Guardicore issued a report about an active malware campaign that was hijacking Microsoft SQL Server (MS-SQL) machines globally to mine Monero and Vollar. It also noted that some attacks sought to disrupt other malware on hijacked systems, in order to fully command system resources.

Additionally, in January, a security researcher discovered a crypto mining botnet on a United States Department of Defense server, with Monero mining again the key aim.