For several months now, miners have been abusing free accounts of cloud computing platforms and using their resources to mine cryptocurrencies. For example, attackers register new accounts on selected platforms (free tier) and launch mining applications on the provider’s infrastructure.
After the trial or free period ends, miners register a new account and repeat everything from the beginning.
This abuse was first reported last month when it was revealed that miners were putting a huge load on the GitHub infrastructure and abusing the CI / CD function of GitHub Actions. Since then, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, Okteto and so on have been subjected to similar attacks.
Most of these attacks affect companies providing Continuous Integration (CI) services. The hackers realized that they could abuse this by adding their own code and forcing the CI virtual machine to mine cryptocurrency until it was turned off by the cloud provider. So, after GitHub, similar problems were observed with Microsoft Azure, LayerCI, TravisCI, Sourcehut, CloudBees, CodeShip & CircleCI.
“Our team was literally overwhelmed with such problems,” a CodeShip engineer told reporters. “And it’s not just free accounts. Sometimes they they pay a little for our accounts, because it is much cheaper than renting on AWS, and they are mining cryptocurrency at maximum capacity. “
“Attackers are deliberately submitting a huge number of jobs from dozens of frequently registered accounts and deliberately bypass our abuse detection system in order to use as much of our resources for cryptocurrency mining as possible. This is depleting our resources and leading to long build queues for regular users, Sourcehut wrote in a blog post.
GitLab too describes in his blog a similar situation, but talks about ways to combat mining, which he will apply now and in the future.
“To discourage and mitigate abuse, starting May 17, 2021, GitLab will require new free users to provide a valid credit or debit card number,” the company said.
In doing so, GitLab will not charge users, but will use card details to verify identity through a one-time dollar transaction.
Because of its size, GitLab can afford not to turn off free CI for its users. But, unfortunately, other smaller suppliers cannot afford this. So, Sourcehut and TravisCI have already announced that they plan to stop offering free CI levels due to constant abuse.
Microsoft which faced similar problems last year (because of Azure Pipelines), I also solved them quite simply. Since most of the problems arose due to free grants that were distributed to open source developers, starting in February of this year, the company canceled the possibility of receiving free grants for open source projects and advised using GitHub Actions.
Not only CI
According to the newspaper, such attacks are not limited to CI providers. If any web service provides free access to high-performance computing infrastructure, then miners have most likely already tried to abuse it.
Similar incidents have been reported by Render, a Kubernetes Okteto cluster hosting service, and Hetzner, a major German cloud hosting and dedicated server provider, has recently been reported banned mining cryptocurrencies on their servers, as users used large storage devices to mine Chia cryptocurrency.
Guides can now be found on many cryptocurrency forums detailing how to abuse the Oracle Cloud free trial or cheap Alibaba Cloud tiers to deploy a temporary mining server for a small one-time profit.
How the industry will resist such abuses is not yet clear. While some are reluctant to provide free accounts, others are advocating the deployment of automated systems that will detect and respond quickly to abuse in real time.
ProApk on Google News – http://bit.ly/pro-apk-google-news
ProApk on Telegram – http://t.me/proapk_in
ProApk on Twitter – http://twitter.com/xdapirates
ProApk on Facebook – http://bit.ly/pro-apk-facebook