Alibaba ECS Instances (Elastic Computing Service) have become the hackers’ targets, as these are actively hijacking them for cryptomining malware deployment purposes.
Cryptomining Malware Hijacks Alibaba ECS Instances: Details
TrendMicro researchers published a report yesterday on this topic. As the experts say, the problem seems to lie in the fact these instances provide default root access, meaning that Alibaba ECS does not have various privileges levels configuration. This way, hackers who manage to obtain login credentials can also achieve access to the server that is targeted by means of root SSH.
Firewall rules creation is also possible through these elevated privileges. The rules help with incoming packet dropping related to the internal Alibaba server’s IP ranges. This way, hackers will have the possibility to bypass the installed security agent, as this will not be able to identify anomalous activity.
Furthermore, the next step hackers can take is to stop the device security agent by means of specific scripts. According to the researchers under discussion, they also identified different scripts for different processes existing on usual malware used ports. This intends to remove competition by terminating processes associated with another concurrent malware.
The elevated privileges facilitate the path to kernel module