Security experts have raised concerns about the increasing trend of threat actors targeting Alibaba Cloud (Aliyun) infrastructure to deploy cryptocurrency mining malware. This popular Chinese tech giant’s Elastic Computing Service (ECS) instances are being exploited by financially motivated hackers in South-East Asia, according to a report by cybersecurity software company Trend Micro.
The report highlights several features of the Alibaba ECS platform that are being leveraged by these malicious actors to increase their chances of success. Despite the presence of a security agent, some threat actors are able to uninstall or disable it once they compromise the system. Even if the security agent detects a malicious script, it is ultimately the responsibility of the customer to take action. It is crucial for customers to configure the product properly as the default Alibaba ECS instance provides root access, giving threat actors the highest possible privilege upon compromise.
The researchers at Trend Micro also pointed out that threat actors are targeting Alibaba Cloud ECS by inserting code snippets to remove software unique to Alibaba ECS. Additionally, the auto-scaling feature of Alibaba ECS, which automatically adjusts computing resources based on user requests, can be exploited by cryptomining malware to run up additional charges for customers.
Notably, Trend Micro observed that threat actors are not only targeting Alibaba Cloud but also other regional players like Huawei Cloud. Attackers have been known to remove rivals from compromised infrastructure, underlining the importance of enhancing cloud security measures.
To mitigate the risk of falling victim to such attacks, Trend Micro recommends that customers enhance their Cloud Service Provider (CSP) protection with third-party malware-scanning and vulnerability detection tools. It is also crucial to follow the principle of least privilege, customize the security features of cloud projects and workloads, and remain vigilant against potential threats.
Despite reaching out to Alibaba for a response to its findings, Trend Micro has not received a reply at the time of publishing. As the threat landscape continues to evolve, it is essential for organizations using cloud services to prioritize security measures and stay informed about emerging threats in order to safeguard their data and infrastructure.