Cryptojacking costs victims over 50-times what the attacker makes
According to a new report from Sysdig, the unified container and cloud security company, it costs $430,000 in cloud bills for an attacker to generate $8,100 in cryptocurrency revenue. This works out at a $53 cost to the victim for every $1 the cryptojacker makes.
The report takes an extensive look at TeamTNT, a notorious cloud-targeting threat actor that generates the majority of its criminal profits through cryptojacking. TeamTNT is best known for its crypto‐jacking worm activity, which began in 2019, exploiting vulnerable instances of popular key‐value store Redis.
Sysdig's team recovered 10 TeamTNT XMR wallets used during mining campaigns by analyzing all known attributed samples. It also attributed more wallets to different threat actors who use TeamTNT tactics.
Among other findings the conflict between Russia and Ukraine includes a cyberwarfare component with government supported threat actors and civilian hacktivists taking sides. This has led to a four-fold increase in DDoS attacks between the fourth quarter of 2021 and the first of 2022. Over 150,000 volunteers have joined anti-Russian DDoS campaigns using container images from Docker Hub. The threat actors hit anyone they perceive as sympathizing with their opponent, and any unsecured infrastructure is targeted for leverage in scaling the attacks.
"Security teams can no longer delude themselves with the idea that 'containers are too new or too ephemeral for threat actors to bother'," says Stefano Chierici, senior security researcher at Sysdig and co-author of the report. "Attackers are in the cloud, and they are taking real money. The high prevalence of cryptojacking activity is attributable to the low risk and high reward for the perpetrators."
You can read more and get the full report on the Sysdig blog.