Cryptomining Malware Can Hijack Alibaba ECS Instances

November 16, 2021

Reports from Trend Micro show that threat actors exploit vulnerabilities in Alibaba ECS instances to install Cryptominers malware.

This is possible because all instances provide root access, allowing threat actors to gain access to the target server without any prior SSH root work.

Once compromised, the enhanced privileges allow the threat actors to access files and also create firewall rules that prevent the installed security agent from detecting any compromises or suspicious behavior.

Threat actors also used the ECS’ auto-scaling system (enables the service to automatically adjust computing resources based on the volume of user requests).

Once compromised, the threat actor can scale up their Monero mining power, causing additional costs for the instance owner. Anyone using Alibaba’s cloud service is advised to make sure their security settings are correct and follow best practices.

For more information, read the original story in Reuters.

Cryptomining Malware Can Hijack Alibaba ECS Instances

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered