Amazon Web Services Elastic Computer Cloud implementations have been targeted by financially motivated Indonesian threat operation GUI-vil to facilitate cryptomining activities, The Hacker News reports.
Initial access is achieved by GUI-vil by exploiting publicly exposed AWS keys or identifying GitLab instances that could be compromised with remote code execution bugs, with GUI-vil then proceeding to escalate privileges and conduct reconnaissance efforts while creating new users to conceal malicious activity, according to a report by Permiso's P0 Labs.
Aside from establishing access keys for newly created identities in an effort to continue S3 Browser utilization, GUI-vil has also been developing login profiles for current users in a bid to avoid detection.
"The group's primary mission, financially driven, is to create EC2 instances to facilitate their crypto mining activities. In many cases the profits they make from crypto mining are just a sliver of the expense the victim organizations have to pay for running the EC2 instances," said researchers.
AWS EC2 exploited in new cryptomining attacks
Amazon Web Services Elastic Computer Cloud implementations have been targeted by financially motivated Indonesian threat operation GUI-vil to facilitate cryptomining activities, The Hacker News reports.
For cybersecurity professionals seeking the most current insights and solutions to keep up with such high demand, SailPoint Technologies' Navigate conference offers a prime opportunity. The 11th annual event, running Oct. 21-24 in Orlando, is expected to draw 1,500 decision-makers, administrators, operators, and developers for four days of sessions, keynotes, networking, and training.
Despite enterprises' increased use of multi-factor authentication, phishing techniques like adversary-in-the-middle attacks allow attackers to bypass this security feature and steal credentials.