Threat actors are making a significant profit through crypto-jacking, according to a recent report from Sysdig. The security vendor found that for every $1 earned in cryptocurrency mining, victims are facing a staggering $53 in extra cloud computing costs. This finding was the result of analyzing a single campaign by the notorious threat group TeamTNT, which utilized more than 10,000 compromised endpoints to mine for cryptocurrency.
In this specific campaign, Sysdig identified $8120 in 10 crypto wallets used by the threat actors. However, the victims of this attack incurred a total of $430,000 in extra cloud bills. This disparity highlights the financial impact that crypto-jacking can have on organizations. It’s not just about the immediate costs of cloud computing – there are additional consequences to consider.
The strain that servers endure from crypto-jacking can lead to hardware wear and tear, ultimately requiring organizations to invest in new equipment. Additionally, the compromised servers may experience decreased performance, potentially disrupting IT operations and customer-facing services. This disruption can have both financial and reputational implications for the victimized organization.
Sysdig notes that illicit cryptocurrency mining is most frequently achieved through cloud and container compromises. Threat actors often disguise crypto-miners, backdoors, and other malware as legitimate software in public repositories. DevOps teams may unknowingly download these malicious payloads, leading to further exploitation.
According to Sysdig, 36% of malicious Docker Hub images contain crypto-miners. Stefano Chierici, a senior security researcher at Sysdig, emphasized the importance of recognizing the prevalence of crypto-jacking in the cloud. He stated, “Security teams can no longer ignore the threat posed by attackers in the cloud. The high prevalence of crypto-jacking activity is due to the low risk and high reward for perpetrators.”
As organizations continue to migrate their workloads to the cloud, it’s crucial to prioritize security measures to protect against crypto-jacking and other malicious activities. By staying vigilant and implementing robust security protocols, businesses can mitigate the risks associated with crypto-mining threats in the cloud.