Researchers at cybersecurity firm SafeBreach have discovered three methods for running a cryptocurrency miner on Microsoft Azure servers without detection or charges.
The researchers were able to exploit a feature of Azure Automation, a cloud service that allows users to automate tasks to run the miner without any additional costs. The miner uses the processing power of Azure servers to mine for cryptocurrency without the knowledge or consent of the server owners.
“This is the first fully undetectable cloud-based cryptocurrency miner that we have seen,” said Ariel Gamrian, a security researcher at SafeBreach. “It is also the first miner that can be executed on a victim’s environment without attracting any attention.”
The researchers believe this technique could be used to mine for cryptocurrency on a large scale without the victims ever knowing. They have notified Microsoft of the vulnerability and are working with them to develop a fix.
3 methods researchers discovered:
Method 1: This method uses a feature of Azure Automation called “Runbooks” to execute the miner. Runbooks are scripts that can be used to automate tasks, such as starting or stopping servers. The researchers created a Runbook to run the miner whenever a new Azure server was provisioned.
Method 2: This method uses a feature of Azure Automation called “WebJobs” to execute the miner. WebJobs are functions that can trigger events, such as when a new email is received. The researchers were able to create a WebJob that would run the miner whenever a new Azure server was provisioned.
Method 3: This method uses a feature of Azure Automation called “Logs” to execute the miner. Logs are records of events that occur in an Azure environment. The researchers created a Log to run the miner whenever a new Azure server was provisioned.
Microsoft has stated that it knows the vulnerability and is working on a fix.
In the meantime, SafeBreach recommends that Azure users take the following steps to protect themselves:
- Enable Azure Security Center: Azure Security Center is a cloud service that provides security monitoring and threat protection for Azure resources.
- Use Azure Key Vault to store sensitive information: Azure Key Vault is a cloud service that helps you manage and protect your cryptographic keys and secrets.
- Enable Azure Active Directory (AAD) multi-factor authentication (MFA): AAD MFA adds an extra layer of security to your Azure accounts by requiring users to provide additional verification, such as a code from their phone when they sign in.