Threat Actors Cost Victims 53 Times More Than They Make
A recent report from Sysdig has revealed that threat actors are making just $1 for every $53 they cost their victims in extra cloud computing bills. The study focused on a campaign by the crypto-jacking group TeamTNT, which utilized over 10,000 compromised endpoints to mine cryptocurrency.
Calculating the Damages
The analysis conducted by Sysdig found that the campaign resulted in $8120 being mined into 10 crypto wallets, while the victims incurred an additional $430,000 in cloud computing costs. This translates to $53 in damages for every $1 in cryptocurrency mined, highlighting the significant financial impact on organizations.
Beyond Cloud Computing Costs
While the financial implications of crypto-jacking are substantial, the damages extend beyond extra cloud bills. The strain placed on servers can lead to hardware degradation, necessitating costly replacements. Moreover, the slowdown in server performance can disrupt IT operations and customer-facing services, resulting in financial and reputational harm.
Prevalence of Illicit Mining
Sysdig’s research indicates that illicit cryptocurrency mining is commonly facilitated through cloud and container compromises. Malware, including crypto-miners, is often disguised as legitimate software in public repositories, deceiving DevOps teams into unwittingly downloading them. In fact, 36% of malicious Docker Hub images contain crypto-miners, underscoring the pervasive nature of this threat.
Addressing the Risk
Stefano Chierici, senior security researcher at Sysdig, emphasized the urgency of confronting these threats. He warned that security teams can no longer underestimate the risks posed by container vulnerabilities, as threat actors are actively exploiting them for financial gain. The prevalence of crypto-jacking highlights the lucrative nature of these attacks, posing a real and immediate threat to organizations operating in the cloud.