Azure Automation Caught in Cryptomining Trap: Researchers Uncover Undetected Mining Operation

November 9, 2023 William Ross Cryptocurrency News 0

Azure Automation: The New Haven for Cryptominers? Researchers Uncover Stealthy Mining Technique
Hidden Miner on Azure Automation: Researchers Discover Stealthy Cryptomining Technique

Researchers at cybersecurity firm SafeBreach have discovered three methods for running a cryptocurrency miner on Microsoft Azure servers without detection or charges.

The researchers were able to exploit a feature of Azure Automation, a cloud service that allows users to automate tasks to run the miner without any additional costs. The miner uses the processing power of Azure servers to mine for cryptocurrency without the knowledge or consent of the server owners.

“This is the first fully undetectable cloud-based cryptocurrency miner that we have seen,” said Ariel Gamrian, a security researcher at SafeBreach. “It is also the first miner that can be executed on a victim’s environment without attracting any attention.”

The researchers believe this technique could be used to mine for cryptocurrency on a large scale without the victims ever knowing. They have notified Microsoft of the vulnerability and are working with them to develop a fix.

3 methods researchers discovered:

Method 1: This method uses a feature of Azure Automation called “Runbooks” to execute the miner. Runbooks are scripts that can be used to automate tasks, such as starting or stopping servers. The researchers created a Runbook to run the miner whenever a new Azure server was provisioned.

Method 2: This method uses a feature of Azure Automation called “WebJobs” to execute the miner. WebJobs are functions that can trigger events, such as when a new email is received. The researchers were able to create a WebJob that would run the miner whenever a new Azure server was provisioned.

Method 3: This method uses a feature of Azure Automation called “Logs” to execute the miner. Logs are records of events that occur in an Azure environment. The researchers created a Log to run the miner whenever a new Azure server was provisioned.

Microsoft has stated that it knows the vulnerability and is working on a fix.

In the meantime, SafeBreach recommends that Azure users take the following steps to protect themselves:

  • Enable Azure Security Center: Azure Security Center is a cloud service that provides security monitoring and threat protection for Azure resources.
  • Use Azure Key Vault to store sensitive information: Azure Key Vault is a cloud service that helps you manage and protect your cryptographic keys and secrets.
  • Enable Azure Active Directory (AAD) multi-factor authentication (MFA): AAD MFA adds an extra layer of security to your Azure accounts by requiring users to provide additional verification, such as a code from their phone when they sign in.

Related Stories:

Hong Kong’s Clear Regulatory Landscape Allows InnovationCGMD Miner: Pioneering Cloud Mining Excellence in the World of Cryptocurrency NASA to launch drought tracking satelliteNASA Confirms Launch Date for Its Massive Moon Rocket Google on Trial: U.S. Accuses Tech Giant of Antitrust AbuseGoogle AI Researchers Develop New Technique to Improve the Efficiency of Machine Learning Models China mars phobosChina Takes Incredible Close Up Shot of Mars’ Moon Phobos Bitcoin Dominance: the pinnacle of crypto supremacyBitcoin Miners Transfer More Coins to Exchanges Than Ever Before Sonam Bajwa: Acting and Dressing the Fashion SupernovaSonam Bajwa: Acting and Dressing the Fashion Supernova Drop of Energy And Prices Cryptocurrency Makes Ethereum Mining Less ProfitableDrop in Energy And Cryptocurrency Prices Makes Ethereum Mining Less Profitable 5 Best Astrologers in Bhubaneswar 2022; Solutions for life problemsHoroscope Today: Uncover What the Universe Has in Store for You on February 28
William Ross
About William Ross 161 Articles
I am a cryptocurrency enthusiast and writer with over five years of experience in the industry. I have been following the development and innovation of Bitcoin and Ethereum since their inception, and I enjoy sharing my insights and analysis with readers. I have written for various reputable platforms, such as CoinDesk, Cointelegraph, and Decrypt, covering topics such as market trends, regulation, security, and adoption. I believe that cryptocurrency is the future of finance and technology, and I am passionate about educating and informing people about its benefits and challenges.