Threat actors make just $1 for every $53 they cost their victims in extra cloud computing bills, according to a new report from Sysdig.
To calculate its findings, the security vendor analyzed a single campaign from the infamous crypto-jacking threat group known as TeamTNT, which used over 10,000 compromised endpoints to mine for cryptocurrency.
It claimed to have found $8120 in 10 crypto wallets used in the campaign, which resulted in extra cloud bills of $430,000 for the victims. That works out at around $53 in damages for every $1 in cryptocurrency mined, although there may have been additional wallets used in the campaign that Sysdig did not discover.
However, damages from crypto-jacking extend beyond extra cloud computing costs.
It’s claimed that the additional strain servers are put under can wear out hardware faster, forcing owners to invest in replacement kit. It can also slow down the speed at which they run, which might cause disruption to IT operations and the customer-facing services running on them, with a resulting financial and reputational impact on the victim organization.
Illicit cryptocurrency mining is most commonly achieved via cloud and container compromises, according to Sysdig.
Crypto-miners, backdoors and other malware are often inserted into public repositories disguised as legitimate software, where they’re unwittingly downloaded by DevOps teams, the vendor said.
It claimed that 36% of malicious Docker Hub images contain crypto-miners.
“Security teams can no longer delude themselves with the idea that containers are too new or too ephemeral for threat actors to bother,” said Stefano Chierici, senior security researcher at Sysdig.
“Attackers are in the cloud, and they are taking real money. The high prevalence of crypto-jacking activity is attributable to the low risk and high reward for the perpetrators.”