U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Hackers exploit cloud services to build Money-Mining Botnet

Two security experts will present at the next BlackHat conference how to exploit cloud services to build Money-Mining Botnet. Cloud computing is becoming the paradigm most abused by cybercrime, cloud architectures represent privileged targets of cyber criminals that desire to steal data they contain or to abuse their resources to conduct cyber attacks. Two researchers, Rob […]

Cloud computing CACB SASE

Two security experts will present at the next BlackHat conference how to exploit cloud services to build Money-Mining Botnet.

Cloud computing is becoming the paradigm most abused by cybercrime, cloud architectures represent privileged targets of cyber criminals that desire to steal data they contain or to abuse their resources to conduct cyber attacks.

Two researchers, Rob Ragan and Oscar Salazar, have recently demonstrated how it is possible to use a cloud infrastructure to legally mine crypto currency. The researchers have developed a free LiteCoin-mining botnet that has generated $US1750 a week using free cloud sign up promotions.

The automatic tool was used recruit machines for the mining botnet across some 150 popular free services that each generated about 25 cents a day, the researchers will present the exploit to the next BlackHat conference.

“What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service.” the researchers declared.

The researchers are convinced that cybercrime will soon exploit similar techniques to turn cloud hosting services in “free supercomputer”.

“We’re definitely going to see more malicious activity coming out of these services.” “We essentially built a supercomputer for free,” Ragan said.

The attack schema designed by the researchers relies on application-hosting services that lack of security for sign-up procedures, this circumstance has made possible the creation of 1,000 non-existent users on 150 websites which offer cloud application services.

Cloud Computing

The experts haven’t revealed the name of the cloud hosting service providers they successfully exploited to avoid that cybercrime will immediately emulate them.

The two created the botnet starting from a a self-made list of fake email addresses, the fake customers didn’t raise any suspicions in the companies which were providing the services.

A lot of these companies are startups trying to get as many users as quickly as possible [which are] not really thinking about defending against these kinds of attacks,” Salazar told Wired.

Ragan and Salazar described to the Wired the process and the tools used in their experiment:

“Ragan and Salazar created their automated rapid-fire signup and confirmation process with the email service Mandrill and their own program running on Google App Engine. A service called FreeDNS.afraid.org let them create unlimited email addresses on different domains; to create realistic-looking addresses they used variations on actual addresses that they found dumped online after past data breaches. Then they used Python Fabric, a tool that lets developers manage multiple Python scripts, to control the hundreds of computers over which they had taken possession.” state the post published by Wired.

As explained by the researchers, many of the companies targeted use cloud services resold from Amazon, for this reason it could be very difficult to prevent such kind of attacks.

“Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” “That becomes a challenge. You can’t blacklist that whole IP range.”Ragan said. 

It is clear that the technique adopted by the researchers “violates” the majority lot of terms-of-service, the researchers once completed the experiment have dismantled their botnet.

[adrotate banner=”9″]

Pierluigi Paganini

Security Affairs –  (Hacking, cloud services)

[adrotate banner=”13″]