Kaspersky, a United Kingdom-based internet security company that removes viruses and protects against other threats to consumer devices, has affirmed today that miners are still a threat to businesses, especially ones that use cloud infrastructure.
According to the internet security company, despite the drop in price of many cryptocurrencies and the decision of one of the biggest cryptocoins (Ethereum) to move away from mining, malicious miners continue to threaten businesses with companies using cloud infrastructure at the top risk.
How Miners Are Threatening Business
Analyzing how miners are threatening business, Kaspersky pointed out that they can cause for the average user through; high electricity bills and sluggish performance caused by high load on the CPU and video card and most users can put up with slowdowns. Whereas, for business, the threats are far worse.
Kaspersky further stated that an increase in server strain on the business, which, like a DDOS assault, can cause services to go offline. Losses result from services being unavailable or operating unstably. Increased costs of maintaining cloud infrastructure; this is also no laughing matter; when Amazon, Google, or Microsoft add a zero to the bill at the end of the month, this has a disastrous effect on the company’s balance sheet.
It added that in 86% of cases where a Google Cloud Platform account was successfully compromised, miners were installed by the attackers, according to a Google report. However, since cybercriminals do not have to pay the costs associated with mining cryptocurrencies in cloud infrastructure, this does not deter them from continuing their operations.
Combating Miners Activities
Examining how to deal with the activities of these miners, Kaspersky concluded that businesses cannot simply turn a blind eye to the threat of mining. Ideally, it should be prevented in the first place; but if not, it must be detected and stopped as soon as possible.
Google data indicates that poor access control and weak passwords are the main causes of server penetration. The emphasis should therefore be on access to computing resources, create secure passwords everywhere and always activate two-factor authentication to access cloud providers’ resources.
In all, Kaspersky urged for limited employee access to infrastructure management. The fewer people with high access credentials, the less probable it is that access will be compromised. Security solutions that can spot suspicious activity on both physical and virtual machines should also be used.