Hackers were using Amazon Cloud to mine Bitcoin

According to the RedLock report, hackers were able to breach into the Amazon Cloud services of two companies for Bitcoin mining
09 October 2017   2686

Hackers were able to hack into the AWS cloud services’ infrastructure of two companies in order to mine Bitcoin. According to the security firm RedLock, the two affected companies were Aviva and Gemalto. Hackers didn’t target any sensitive data of either company. The hackers were only interested to access the Amazon Cloud servers in order to mine cryptocurrencies by executing a bitcoin mining command.

According to the publication, the hackers got the opportunitty to mine due to the fact that the administrative consoles of Kubernetes were not protected by a password. It is also noted that hackers did not take advantage of access to confidential information of companies, but only used Amazon Cloud capacities for crypto currency mining.

Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers. The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet.
 

RedLock report

The document also says that many companies pay insufficient attention to the potential vulnerabilities of their security systems in cloud services. According to RedLock, 81% of the companies surveyed are taking inadequate security measures, opening up opportunities for hacking cloud services. 

Chinese Miners to Fall Victims of Ransomware

Looks like ransomware came together with "improved" firmware, that should "overclock" device
21 January 2019   79

In China, a ransomware spreads, victims of which are Bitcoin miners. The damage from its activities is measured in tens of thousands of dollars. This is reported by Trustnodes.

The virus infects miners, released by Bitmain, and requires you to send 10 bitcoins, otherwise threatening to cause overheating of the device.

The problem is solved by formatting the SD card of the infected device, however, as Trustnodes notes, the whole process can take up to four days, while malicious software rapidly spreads to the other miners.

Compromised device
Compromised device

Probably, the virus comes with an "improved" firmware for miners. Some owners install such firmware to “overclock” their ASIC devices and improve their performance.

The first messages about the virus refer to August last year. In particular, Antminer S9, T9 and even L3 + for Litecoin were attacked. Over time, the malware has been improved. Now its distributor himself can decide when to display a message requesting a ransom. One miner also said that one night the address to which the 4,000 devices belonging to him sent the mined cryptocurrency was changed to the address of the hacker, which brought him $ 8,000.