Friday, March 29, 2024

Hackers Hijacked Alibaba Servers to Install Cryptominer Malware

Hackers have recently targeted and hacked the Alibaba Elastic Computing Service (ECS) instances. All this is being done with the motive to install crypto-miner malware so that the threat actors can secure the available server resources for their own personal benefit.

The hacker “AgainstTheWest” on the RaidForums forum had proclaimed that they have hacked into Alibaba Cloud’s servers, and they have also stolen a large amount of source code. 

After investigating the attack, the experts opined that the stolen source code was hacked, and later the hackers have sold it at a price of $5,000, and the payment was done in Bitcoin or Monero.

ECS security agent removed to install miners

Alibaba ECS servers are being hacked and are also targeted by many threat actors because they lack different privilege levels configured on an occurrence.

However, the instances that are available in the servers offer root access by default, and thus it becomes easier for the threat actors to gain access to login credentials so that they can access the target server through SSH.

Moreover, these lacks also allow the threat actors to create firewall rules that generally filter the incoming packets from IP ranges that belong to internal Alibaba servers, and doing this helps the threat actors to stop the detection by the security agent.

Cryptojacking Aliyun

Alibaba Cloud Security provides a guide on how to stop the ongoing infection and malicious activities, as it is the responsibility of the user to prevent this infection from occurring.

One of the important points to note is that Alibaba ECS has an auto-scaling feature, and in this feature users and organizations can allow the service to automatically regulate the computing resources that are based on the volume of user requests.

Mitigating The Impact

Here are a few recommendations offered:-

  • Both CSPs and users have a duty to assure that all the security configurations of workloads, projects, and environments should stay safe. 
  • Customize the security characteristics of cloud projects and workloads. 
  • Try to avoid running applications under root privilege and managing passwords for SSH.
  • Always follow the principle of least privilege.

This type of crypto hijacking is quite dangerous, and that’s why the experts affirmed that it is quite necessary for the users to stay altered and keep a check on their workloads.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles