Cryptojacking: When Hackers Hijack Your Cloud to Mine Money☠️
1 min read
Summary
Cryptojacking is the practice of illicitly using someone else’s cloud computing resources to mine for cryptocurrency and refusing to repay the costs for the use of those resources.
Typically, cryptojackers use a combination of less monitored services in AWS, such as AWS Amplify, AWS Fargate, Amazon SageMaker, and Amazon ECS, to deploy crypto miners, which are algorithms that solve complex mathematical equations to unlock the minting of new coins.
Once they have successfully infiltrated an AWS account, they will usually look to quickly deploy NVIDIA GPU drivers to maximise the computing power they are draining, and they tend to favor Monero (XMR) and Zcash (ZEC) because they are anonymous and easy to mine with CPUs.
To prevent cryptojacking, organizations should ensure MFA is enabled on all accounts, audit and rotate access keys regularly, use version control firmly, and apply the principle of least privilege when assigning permissions, as well as monitoring for unusual spikes in CPU or GPU usage and investigating any suspicious outbound traffic to known mining pools.
Cryptojacking is frequently perceived as a simple form of resource theft, yet it frequently results in major data breaches and compliance concerns.