New Attack Vector – Serverless Crypto Mining

Today we are releasing a report which details how hackers can now turn a single vulnerable serverless function into a virtual crypto-mining farm by taking advantage of the scaleable nature of serverless architectures.

By exploiting the auto-scaling capabilities of serverless, a single attack could hijack serverless resources in order to run hundreds to thousands instances of popular tools that mine cryptocurrencies such as Bitcoin, Ethereum and Monero.

In a research we conducted we were able to force serverless functions, which were vulnerable to remote code execution, to download an off-the-shelf crypto-miner during function execution. The miner performed its crypto-mining computations in parallel to the application’s normal execution tasks, making the hijack invisible to the end user. The targeted company might only discover the issue when they get a monthly serverless bill of tens or even hundreds of thousands of dollars.

Significantly, during a simulated attack, we also caused the serverless platforms to scale, running the same function repeatedly until they reached the platform’s limit for concurrent operations. We effectively turned one single vulnerable function into a virtual crypto-mining farm.

We tested the attack successfully on three leading public-cloud serverless platforms. It is important to stress that this is not a flaw in the platforms, but a result of the auto-scaling nature of serverless architectures and vulnerable application code.

Cryptocurrencies rose sharply in price at the end of 2017, and hackers are constantly seeking new ways to steal computing resource in order to illicitly crypto-mine. Common tactics include Javascript miners hidden in webpages and hijacking corporate cloud infrastructures. More and more crypto-jacking attacks are reported every week. Serverless applications are a crypto-jackers dream, as they scale automatically, and a hacker can easily turn a single vulnerable function into a virtual crypto-mining farm almost instantly. The same strengths and benefits that make serverless ideal for many software companies also attract malicious actors. Like any new technology, serverless brings new security challenges.

All the details are revealed in our report, “Serverles; the Next Frontier for Covert Crypto-Miners ” are published. The report highlights that serverless applications are ideal territory for crypto-mining attacks and are often poorly-protected. To see the full report click here.

blog_image



*** This is a Security Bloggers Network syndicated blog from PureSec Blog (Launch) authored by PureSec Team. Read the original post at: https://www.puresec.io/blog/new-attack-vector-serverless-crypto-mining