Subj : Exposed AWS credentials stolen within minutes by Github hackers
To   : All
From : TechnologyDaily
Date : Tue Oct 31 2023 16:15:05

Exposed AWS credentials stolen within minutes by Github hackers

Date:
Tue, 31 Oct 2023 16:08:49 +0000

Description:
Hackers are quick to grab AWS keys exposed on GitHub and use them to set up 
cryptojackers.

FULL STORY
======================================================================

GitHub has a unique security feature - it scans the code for exposed Amazon 
Web Services ( AWS ) keys (among other things) and if it finds them, it 
reports them to AWS which can act to prevent misuse - all within minutes. 

However, it doesnt work with 100% accuracy, and sometimes keys stay exposed 
for a bit longer. Some hackers managed to take advantage of that window of 
opportunity, grabbing the keys and creating Amazon Elastic Compute Cloud 
(EC2) instances. 

They would later use those instances to mine the Monero cryptocurrency. 
Mining Monero 

The findings were published by Unit 42, the cybersecurity arm of Palo Alto 
Networks, whose researchers dubbed the cryptojacking campaign EleKtra-Leak 
and claim it took hackers only five minutes to grab the exposed keys. 

In roughly a week of time, the attackers managed to generate at least 474 
different miners, the researchers added. 

"We believe the threat actor might be able to find exposed AWS keys that 
aren't automatically detected by AWS and subsequently control these keys 
outside of the AWSCompromisedKeyQuarantine policy," said William Gamazo and 
Nathaniel Quist, senior principal researcher and manager of cloud threat 
intelligence at Unit 42. 

"According to our evidence, they likely did. In that case, the threat actor 
could proceed with the attack with no policy interfering with their malicious 
actions to steal resources from the victims. 

"Even when GitHub and AWS are coordinated to implement a certain level of 
protection when AWS keys are leaked, not all cases are covered. We highly 
recommend that CI/CD security practices, like scanning repos on commit, 
should be implemented independently." 

After grabbing the keys, the crooks would analyze the account, looking for 
enabled regions. After that, they create security groups and launch as many 
EC2 instances as they can. 

Monero is described as a private cryptocurrency, one that is almost 
impossible to track. That is why its one of the most popular choices among 
cybercriminals, especially those engaged in ransomware and cryptojacking. Now 
that most people understand how Bitcoins transparent ledger works, its not as 
popular among criminals (although it still ranks quite high). 

 Via TheRegister More from TechRadar Pro US government, thousands of 
businesses now thought to have been affected by SolarWinds security attack 
Here's a list of the best firewalls today These are the best malware removal 
tools around



======================================================================
Link to news story:
https://www.techradar.com/pro/security/exposed-aws-credentials-stolen-within-m
inutes-by-github-hackers


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.