A report from the RedLock security intelligence group found at least two companies that had their AWS cloud services compromised by hackers, who wanted to use the power of the computer to extract Bitcoin through mining. They were able to access Amazon Cloud servers after discovering that the Amazon administration panels were completely unprotected, did not even have a password, did not use this information to perform corporate espionage or to steal data and sell them, but to take advantage of computing power in the cloud of this company to mine Bitcoin.
In addition to Amazon, according to RedLock reports in its report, Aviva and Gemalto, two multinationals, were also pointed out in the report as victims of the execution of Kubernetes containers.
After further analysis, the team discovered that the hackers were running a Bitcoin mining command from one of the Kubernetes containers.
Kubernetes is a free code technology created by Google that facilitates the creation of applications for the cloud and in this case, the application was used to steal the energy of the cloud as a parasite software using the computational power of this shifting mining expenses in a matter of energy to the other companies.
The instance had become a parasitic robot that was doing a nefarious activity through the Internet
Hackers are known to sneak into corporate servers to steal data that is later sold for money, or give unknown information. But Bitcoin mining is something totally different from all of this. These hackers are basically stealing a large (and expensive) storage space in the corporate cloud, with the same purpose obviously being profitable.
Although anyone could try to mine Bitcoin, the process consumes a lot of energy and is too expensive just considering the cost of electricity. However, the cost of energy has made mining focus on countries or strategic points where such a cost is the minimum, where mining can be profitable.
To avoid the high cost, most miners join in a group of different computers that combine their computing power to solve complex algorithms. Successfully solving the problem generates a certain number of new Bitcoin. Bitcoin can extract up to a total of 21 million, but the process becomes increasingly difficult as the years pass and the overall computational power is greater.
Recall that RedLock discovered the gaps along with hundreds of other administration consuls that were unblocked through AWS, Microsoft Azure and Google Cloud. But Bitcoin illicit mining does not always come from outside.
Earlier reports confirmed that two IT workers for the Crimean government were dismissed at the end of September after being caught mincing Bitcoins on their work computers, as well as in January, an employee of the US Federal Reserve was convicted and fined for mining on servers owned by the US central bank.