{"id":46314,"date":"2022-04-21T00:00:00","date_gmt":"2022-04-21T00:00:00","guid":{"rendered":"urn:uuid:26859996-9c10-e611-8ab9-1da8192ae3f2"},"modified":"2022-04-21T00:00:00","modified_gmt":"2022-04-21T00:00:00","slug":"cryptomining-overview-for-devops","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cryptomining-overview-for-devops\/","title":{"rendered":"Cryptomining Overview for DevOps"},"content":{"rendered":"

<\/p>\n

<\/div>\n

What is cryptomining?<\/span><\/p>\n

Malicious cryptomining or cryptocurrency-mining is when cybercriminals exploit unpatched vulnerabilities, weak credentials, or misconfigurations to enter systems and utilize its computer power to generate cryptocurrency.<\/p>\n

DevOps and cryptomining<\/span><\/b><\/p>\n

While ransomware seems to be the hot topic, cryptomining is still a cyberattack with dire consequences. Remember Apache Log4j (Log4Shell)\u2014to be honest, who can forget? This critical vulnerability was mostly observed in the wild in cryptomining attacks.<\/p>\n

Think of the uptick in cryptomining like the Klondike Gold Rush in the Yukon; as the value in gold increased, so did gold mining and exploration. Similarly, as the value of cryptocurrencies like Bitcoin increase, the more cybercriminals are likely to mine for cryptocurrency.<\/p>\n

This article explores the latest report from Trend Micro Research, which investigated the most prominent cryptomining groups to determine the impact on DevOps processes and tools and establish mitigation strategies.<\/p>\n

Impacts of cryptomining for DevOps teams<\/span><\/p>\n

Resource consumption and cost<\/i><\/b>
Cryptominers abuse compute power to mine as much cryptocurrency possible in the shortest amount of time. So naturally, their attacks target cloud services due to its scalability and ability to quickly spin up new instances. What does this mean for DevOps teams? If your environment is set to auto-scale, legitimate projects can be scaled up and cost more, making these attacks difficult to detect until you receive a humongous bill.<\/p>\n

CI\/CD pipeline abuse<\/i><\/b>
Miners have also turned to abusing CI\/CD platforms as they\u2019re often quite powerful and most providers have a free tier. This is the ideal situation, because it doesn\u2019t require the effort or risk of exploiting another company\u2019s cloud deployments. Instead, they simply sign up for the free tier, write script, and push them to public repositories like GitHub where unsuspecting developers leverage. And voila, they\u2019re now in complete control of your CI\/CD pipeline.<\/p>\n

For example, a cryptominer created a simple repo on GitHub which looked legitimate at first glance. However, in this repo, the user had the definition for five different CI providers, so for every commit received, it launched all of those resources, allowing them to mine cryptocurrency to their heart\u2019s content.<\/p>\n

Workflow downtime<\/i><\/b>
One of the tell-tale signs of cryptomining is your systems lagging. For instance, you might notice your hosted CI agent is slower than usual or picking up jobs with more delay. Furthermore, if your services do start lagging, security operations may add extra delays as they investigate the cause. As a developer, you simply don\u2019t have the time for even the smallest interruption. You need to be as agile as possible, deploying new (and secure) projects to market at breakneck speed.<\/p>\n

Part of a larger attack<\/i><\/b>
As we mentioned, most organizations are focused on fending off data exfiltration or ransomware attacks, but cryptomining should be approached with the same seriousness. Trend Micro Research compared a successful cryptomining attack to \u201ca canary in a coal mine\u201d, which means it\u2019s an indicator of poor security hygiene that can expose you to wide variety of attacks. This is because cryptomining groups use the same tools, techniques, and tactics to gain access to your systems and services used by other cybercrime groups who sell access or ransomware malware.<\/p>\n

Mitigation strategies for cryptomining<\/span><\/p>\n

So, how can you proactively prevent cryptomining attacks from leeching off your cloud compute services? The good news is, since these groups use the same attack tactics as other cybercriminals, your defense strategy will bolster your security process across your attack surface. This means that you don\u2019t need to look for specific point products that can only defend against cryptomining. Instead, search for a cybersecurity platform vendor that can address cryptocurrency attacks and other critical threats without adding complexity for security teams.<\/p>\n

DevOps teams should look for a cybersecurity platform that helps security teams detect and respond to threats as early in the build process as possible without slowing down developers. Consider the following capabilities to help your security and development teams better understand, communicate, and mitigate threats:<\/p>\n