Release the Kraken!
We all know how difficult it is to keep your users from downloading malicious files and/or visiting suspect websites even when you tell them explicit things to look out for (malformed urls, executables, files with multiple extensions, etc). What if the actual malware payload is hidden in Microsoft Office documents that your users send and receive thousands of times daily? One such piece of malware, dubbed “Kraken”, has proven to be highly effective as well as lucrative.
We are seeing a lot of attackers use malware to compromise servers and then repurpose them for their evil ways: adding the servers to their botnet, using them as command & control points or, as we see with Kraken, mining Bitcoins with them. The problem is that Bitcoin mining takes up a lot of computing power and can rob your environment of resources needed for actual business operations. In the case of cloud-based servers falling victim to this attack where resources are elastically allocated when needed (read: a computer that grows in power as you use more), this has a direct financial impact. In fact, we have seen cloud services bills increase tenfold during these attacks. Imagine your AWS bill going from $2,000 a month to $20,000!!
The impact on you can be:
Abuse of your computing resources impacts performance and could possibly bring down an entire system
If your cloud-based servers are used in this attack, the financial impact could be devastating to your business
If resources under your control are used in these types of attacks, your company could be inadvertently associated with criminal behaviour