Microsoft encourages organisations to bolster security defences for containers, CI/CD pipelines, dependencies, and runtime environments.
Cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities.
According to a report published by Microsoft, intrusions commenced with the utilisation of the command line interface tool AzureChecker.exe to establish a connection with sac-auth[.]nodefunction[.]VIP and download AES-encrypted data that divulged password spray targets upon decryption.
With AzureChecker.exe accepting a .txt file with username and password combinations, Storm-1977 was able to exploit a guest account to establish more than 200 cryptomining containers, said Microsoft.
Higher odds of account hacking from exposed credentials, image vulnerabilities, API-leaking environment misconfigurations, and app-level intrusions, as well as node-level attacks and pod escapes and unwanted traffic stemming from inadequate network security should prompt organisations to bolster security defences for containers, CI/CD pipelines, dependencies, and runtime environments, Microsoft added.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
