How crypto miners hijack AWS accounts (real case study)

Показать описание

This is the story of how you print free money using other people's AWS accounts. It’s a story that involves an AWS account, a threat actor named GUI-Vil, and unauthorized crypto mining (cryptojacking). This story is real, and it happens more often than you might think. But how does this actually work, and just as importantly, how can we protect our environments from it with AWS security best practices?

This video was inspired and based on Permiso's research (linked below), but it is not a sponsored video. Enjoy!

💬 Chat with me

🔗 Links mentioned in the video:

🎓 Courses

🚨 Disclaimer
This video is strictly for educational purposes and to teach you how you can detect and mitigate this threat from your or your employer's AWS enviroments. Learning about real threats, ethical hacking, and penetration testing is an important way of protecting ourselves against threat actors.

⏱ Timestamps:
00:00 - 00:27 - Preface
00:28 - 01:09 - Introduction
01:10 - 01:19 - Credit for the case study
01:20 - 01:30 - About the threat actor
01:31 - 02:05 - The stages of a cloud attack
02:06 - 04:25 - Gaining initial access
04:26 - 05:31 - Reconnaissance
05:32 - 07:24 - Persistence & maintaining presence
07:25 - 08:43 - Launching crypto mining resources
08:44 - 10:28 - Evading detection
10:29 - 11:40 - Defending against this attack
11:41 - 12:07 - Outro

#awssecurity #cloudsecurity #cloudpentesting #pentesting #securityassessment #cybersecurity #aws #cryptomining #threatmitigation #threatassessment

Рекомендации по теме

Комментарии

great explanation- would love a full course!

MaryBecken

Pls create a full course on it. It will really help me understand cloud security.

danielumukoro

I have done AWS cloud practitioner and know basic web security and have been doing ctf recently, I would love to enroll in this Cloud Security course 🤩

i_am_dumb

Pls create a full course on it. It will really help us understand cloud security in more detail and how can we help our org to avoid prevent attack like this
thanks

IbrarKhan-sbfm

Pls create a full course on this topic

syedshayanshah

How much does the p3.16xlarge earns dollars with nicehash at the moment ? Are we getting a dollar a day with this instance ?

amelieviennot

Amazing Video as alwasys. Yes pls if you can create a Coures on it that would be great. Thanks

adedirangoodness

All your points fair, lots of things were done wrong but i feel like the devs droped the ball by having credentials in cleartext in their gitlab. Maybe they had no other way but have keys in there, but why admin? 😢
Its easy and it works but very dangerous

BreakpointFun

How crypto miners hijack AWS accounts (real case study)

How crypto miners hijack AWS accounts (real case study)

IT Security Podcast: Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

What is Crypto Hijacking? Explaining the Latest Cloud Threat in 2024

The Ethereum Hijack | HUGE CHANGES EXPLAINED

AWS MINING Crypto Mining Farm in Shimian

An Amazon crypto scam left its victim with a $45,000 bill

Tesla cloud account hijacked to mine cryptocurrency

The COMPLETE guide to start mining bitcoin in the AWS Cloud - learn Bitcoin

Bitcoin Full Node Implementation on AWS Cloud | How to Use AWS Marketplace

Earn Bitcoin | How To Earn Bitcoin Fast And Easy | AWS

AWS MINING ENGLISH The best Crypto Mining Service Ever !!!!!!

GitHub Actions versus Bitcoin miners

AWS BITCOIN MINING SERVER

ARE YOU MINING CRYPTO ON AZURE?

mining aws

Crypto Mining Hijack USB Device Demo

I Mined Bitcoin for 24 Hours on Google Cloud Platform

Is this Crypto Project Better Than Amazon's AWS?!?!

Crypto Heist: The Aftermath of a Government Website Cryptojacking Attack - Scott Helme - NDC Oslo

AWS Takes Down Monero Ocean! | See pinned comment!

Avalanche Node + AWS Marketplace

AWS Abuse | Security & Compliance | Amazon Web Service #amazonwebservices

How to detect Crypto Mining with Sysdig Secure

AWS MINING WITH REAL MINING FARM