![]() The threat actors can then run scripts that stop the security agent on the compromised device.Ĭryptojacking malware tuning an ECS instance and terminating processesĪnother ECS feature exploited by the actors is an auto-scaling system that enables the service to automatically adjust computing resources based on the volume of user requests. "The threat actor has the highest possible privilege upon compromise, including vulnerability exploitation, any misconfiguration issue, weak credentials or data leakage," explains Trend Micro's report.įurthermore, these elevated privileges allow the threat actors to create firewall rules that drop incoming packets from IP ranges belonging to internal Alibaba servers to prevent the installed security agent from detecting suspicious behavior. This makes it possible for threats actors who gain access to login credentials to access the target server via SSH as root without any preparatory (escalation of privilege) work. Hackers remove ECS security agent to install minersĪccording to a report by Trend Micro, one of the issues with Alibaba ECS is the lack of different privilege levels configured on an instance, with all instances offering root access by default. Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent. In particular, the ECS service is marketed as offering fast memory, Intel CPUs, and promising low-latency operations. Select how you want to install the program: Send email.Threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.Īlibaba is a Chinese technology giant with a global market presence, with its cloud services being used primarily in southeast Asia.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |