Losing thousands of dollars because the cloud account was occupied to 'mine' cryptocurrency
Chris Chin, a developer in Seattle, wakes up on New Year's Day 2022 with a $53,000 bill from Amazon, instead of $100-150 a month.
Earlier this year, a student in California also mentioned on Reddit that he received a bill for $55,000 after his AWS account was stolen. "I am a student and have just lost almost all of my money to pay for tuition," this person said.
Not only AWS, a number of other cloud platforms are also hijacked by hackers and used to mine cryptocurrencies. Last month, a Missouri-based technology company was forced to pay a $760,000 bill because its Microsoft Azure account was hijacked. In 2019, a Google Cloud customer had to pay $14,000 in a similar situation.
The fact that hackers take over cloud data accounts to mine cryptocurrencies is not new, but has exploded in recent months when the value of many digital currencies such as Bitcoin, Ethereum skyrocketed. According to CNBC, cryptocurrency mining often requires a lot of energy as well as computer resources. Meanwhile, if the attacker gets hold of the account on the cloud platform, the attacker can mine the cryptocurrency at no cost. Users will have to pay these amounts to the service provider.
According to Google figures late last year, 86% of account breaches on the Google Cloud platform were used for cryptocurrency mining. 10% are used for the purpose of scanning resources on the Internet, looking for systems with security holes for further attacks.
The majority of victims said that cloud service providers denied responsibility, or blamed customers for misconfiguration, lack of account security for hackers to attack. For example, Google last year announced that 75% of Cloud accounts were hijacked due to "poor customer security practices" or "vulnerable third-party software".
Meanwhile, an Amazon spokesperson mentioned the "shared responsibility model", which emphasized