{"id":20368,"date":"2022-11-18T15:43:25","date_gmt":"2022-11-18T11:43:25","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/20368\/"},"modified":"2022-11-18T15:43:25","modified_gmt":"2022-11-18T11:43:25","slug":"miners-threaten-cloud-infrastructure","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/20368\/","title":{"rendered":"Mining still a serious threat to business"},"content":{"rendered":"<p>As our recent <a href=\"https:\/\/securelist.com\/cryptojacking-report-2022\/107898\/\" target=\"_blank\" rel=\"noopener\">expert study<\/a> shows, despite both the drop in price of many cryptocurrencies and the decision of one of the biggest cryptocoins \u2014 Ethereum \u2014 to move away from mining, malicious <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/miner\/\" target=\"_blank\" rel=\"noopener\">miners<\/a> continue to threaten business. Companies that use cloud infrastructure are particularly at risk. We explore the dangers of mining and how to protect the computing resources of a company from it.<\/p>\n<h2>Mining is dead. Long live mining<\/h2>\n<p>Many predicted the end of the mining rush after Ethereum\u2019s announcement it would move from confirming transactions using the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Proof_of_work\" target=\"_blank\" rel=\"nofollow noopener\">proof-of-work method<\/a> to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Proof_of_stake\" target=\"_blank\" rel=\"nofollow noopener\">the proof-of-stake model<\/a>. Proof-of-work requires vast computing power, while proof-of-stake needs significantly fewer participants and resources to confirm a transaction \u2014 it\u2019s several thousand times more efficient computationally. The abandonment of the proof-of-work concept, in theory, could have caused a significant decrease in mining\u2019s popularity.<\/p>\n<p>The long-awaited switch <a href=\"https:\/\/techcrunch.com\/2022\/09\/15\/ethereum-switches-to-proof-of-stake-consensus-after-completing-the-merge\/\" target=\"_blank\" rel=\"nofollow noopener\">went ahead<\/a> on September 15, and to some extent it did indeed hit mining\u2019s popularity. For instance, the price of video cards used for mining Etherium dipped sharply as they flooded the secondary market. Those engaged in legal mining <a href=\"https:\/\/www.ft.com\/content\/61c15ce0-7d36-4602-9c54-fd8e5909a4ef\" target=\"_blank\" rel=\"nofollow noopener\">began<\/a> to either switch to mining other cryptocurrencies or to sell their computing systems or come up with other uses for them. However, this decline in activity does not extend to attackers who mine at others\u2019 expense.<\/p>\n<p>The fact is they were never all that focused on mining Etherium \u2014 being only their <a href=\"https:\/\/www.kaspersky.com\/blog\/malicious-cryptominers-2022\/46186\/\" target=\"_blank\" rel=\"noopener nofollow\">third<\/a> most popular coin. Instead, they preferred to mine Monero, which guarantees total anonymity of transactions. To produce Monero, mining is still required, but video cards are not. This cryptocurrency is best mined on ordinary CPUs, which, unlike powerful GPUs, are found in any computer. The most powerful ones work in servers \u2014 naturally, they attract attackers most of all.<\/p>\n<h2>How miners threaten business<\/h2>\n<p>We\u2019ve already talked about the trouble miners can cause for the average user:<\/p>\n<ul>\n<li>High electricity bills<\/li>\n<li>Sluggish performance caused by high load on the CPU and video card<\/li>\n<\/ul>\n<p>It might seem like a storm in a teacup: many keep their computers on all the time anyway, and most users can put up with slowdowns. But for business the threats are far worse. Besides the above, unwanted cryptominers can lead to:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/cryptominers-in-business\/22964\/\" target=\"_blank\" rel=\"noopener nofollow\">Accelerated wear and tear of equipment<\/a>, causing premature failure (also true for private users, but hits business harder)<\/li>\n<li>Increased load on company servers, which, just like a DDOS attack, can take services offline; unavailability or unstable operation of services means losses<\/li>\n<li>Increased costs of maintaining cloud infrastructure; this, too, is no joke \u2014 when at the end of the month Amazon, Google, or Microsoft adds a zero to the bill, this plays havoc with the company\u2019s balance sheet. According to a <a href=\"https:\/\/www.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/43312\/\" target=\"_blank\" rel=\"noopener nofollow\">Google report<\/a>, in 86% of cases of successful compromise of a Google Cloud Platform account, the attackers installed miners; at the same time, the costs of mining cryptocurrency in cloud infrastructure are on average <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cryptominers-hijack-53-worth-of-system-resources-to-earn-1\/\" target=\"_blank\" rel=\"nofollow noopener\">53 times higher than the payoff<\/a>, which, of course, does not stop cybercriminals, since they do not bear the costs<\/li>\n<\/ul>\n<h2>Miners strike terror into infrastructure providers<\/h2>\n<p>Miner attacks pose the worst threat to companies that don\u2019t just use cloud infrastructure, but supply clients with services based on the major providers\u2019 clouds. And especially if they provide IaaS (Infrastructure-as-a-Service) or PaaS (Platform-as-a-Service).<\/p>\n<p>The difference between such businesses and the rest is that they should have to worry not only about malicious miners penetrating the infrastructure covertly, but also about regular, legitimate ones.<\/p>\n<p>If a company provides infrastructure or a platform as a service, its clients have a certain degree of freedom in using that infrastructure or platform: they can generally use it as they please, including running various applications \u2014 among them miners.<\/p>\n<p>It\u2019s not uncommon for cybercriminals to create multiple accounts on such services all at once, and use these to run miners without letting them consume more resources than the service provides under a free account. Such an attack involving hundreds of accounts can place a monstrous load on the servers, bringing the service to its knees and massively increasing the company\u2019s infrastructure outlays. What\u2019s more, it can be harder for an infrastructure provider to detect such an attack than, say, a SaaS company, since it cannot always see all the processes run by clients due to its own privacy policy.<\/p>\n<h2>How business can deal with miners<\/h2>\n<p>It\u2019s clear from the above that businesses cannot simply turn a blind eye to the threat of mining. Ideally, it should be prevented in the first place; but if not, it must be detected and stopped as soon as possible.<\/p>\n<p>According to other data from Google, most cases of server compromise are due to weak passwords and insufficient access control. Hence, the focus should be on access to computing resources:<\/p>\n<ul>\n<li>Set strong and unique passwords everywhere<\/li>\n<li>Always enable two-factor authentication to access the resources of cloud providers (if the password is leaked or brute-forced, the attackers will not gain control over the account without the second factor)<\/li>\n<li>Restrict access to infrastructure management \u2014 the fewer employees have high access privileges, the less likely access will be compromised<\/li>\n<li>Use <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/cloud-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solutions that detect suspicious activity on both physical devices and virtual machines<\/a><\/li>\n<\/ul>\n<p>IaaS and PaaS providers, in addition to the above, should:<\/p>\n<ul>\n<li>Have the ability to monitor user activity in one way or another; if it\u2019s not possible to monitor active processes at the virtual machine level (preventing execution of identical scripts by different users), at least make sure that one and the same repository is not used by several different accounts<\/li>\n<li>Have a well-tuned alert system for atypical activity, and engage experts who can respond quickly<\/li>\n<li>Pay increased attention to the timely remediation of vulnerabilities in software that handles the infrastructure or platform, as attackers can exploit them to hack into and install miners<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Miners still pose a threat to businesses \u2014 especially ones that use cloud infrastructure.<\/p>\n","protected":false},"author":696,"featured_media":20369,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[1457,1504,2218,1429,521],"class_list":{"0":"post-20368","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-business","10":"tag-ethereum","11":"tag-infrastructure","12":"tag-miners","13":"tag-threats"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/20368\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/miners-threaten-cloud-infrastructure\/24868\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/10272\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/27422\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/miners-threaten-cloud-infrastructure\/25207\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/25553\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/miners-threaten-cloud-infrastructure\/28094\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/miners-threaten-cloud-infrastructure\/27385\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/miners-threaten-cloud-infrastructure\/34245\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/miners-threaten-cloud-infrastructure\/46275\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/miners-threaten-cloud-infrastructure\/19787\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/miners-threaten-cloud-infrastructure\/20356\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/miners-threaten-cloud-infrastructure\/29566\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/miners-threaten-cloud-infrastructure\/32939\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/miners-threaten-cloud-infrastructure\/25600\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/miners-threaten-cloud-infrastructure\/31254\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/miners-threaten-cloud-infrastructure\/30961\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/miners\/","name":"miners"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=20368"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20368\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/20369"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=20368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=20368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=20368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}