Rephrase single title from this title Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation . And it must return only title i dont want any extra information or introductory text with title e.g: ” Here is a single title:”

Ravie LakshmananNov 08, 2023Cloud Security / Cryptocurrency

Cybersecurity researchers have developed what is the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges.

Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one which might be executed on a victim’s environment without attracting any attention.

“While this research is critical due to its potential impact on cryptocurrency mining, we also imagine it has serious implications for other areas, because the techniques could possibly be used to attain any task that requires code execution on Azure,” security researcher Ariel Gamrian said in a report shared with The Hacker News.

The study mainly got down to discover an “ultimate crypto miner” that gives unlimited access to computational resources, while concurrently requiring little-to-no maintenance, is cost-free, and undetectable.

That’s where Azure Automation is available in. Developed by Microsoft, it is a cloud-based automation service that permits users to automate the creation, deployment, monitoring, and maintenance of resources in Azure.

SafeBreach said it found a bug within the Azure pricing calculator that made it possible to execute an infinite variety of jobs totally freed from charge, even though it pertains to the attacker’s environment itself. Microsoft has since issued a fix for the issue.

An alternative method entails making a test-job for mining, followed by setting its status as “Failed,” after which creating one other dummy test-job by profiting from the undeniable fact that just one test can run at the identical time.

The final result of this flow is that it completely hides code execution throughout the Azure environment.

A threat actor could leverage these methods by establishing a reverse shell towards an external server and authenticating to the Automation endpoint to attain their goals.

Furthermore, it was found that code execution could possibly be achieved by leveraging Azure Automation’s feature that permits users to upload custom Python packages.

“We could create a malicious package named ‘pip’ and upload it to the Automation Account,” Gamrian explained.

“The upload flow would replace the present pip within the Automation account. After our custom pip was saved within the Automation account, the service used it each time a package was uploaded.”

SafeBreach has also made available a proof-of-concept dubbed CloudMiner that is designed to get free computing power inside Azure Automation service by utilizing the Python package upload mechanism.

Microsoft, in response to the disclosures, has characterised the behavior as “by design,” meaning the strategy can still be exploited without getting charged.

While the scope of the research is proscribed to the abuse of Azure Automation for cryptocurrency mining, the cybersecurity firm warned that the identical techniques could possibly be repurposed by threat actors to attain any task that requires code execution on Azure.

“As cloud provider customers, individual organizations must proactively monitor each resource and each motion being performed inside their environment,” Gamrian said.

“We highly recommend that organizations educate themselves concerning the methods and flows malicious actors may use to create undetectable resources and proactively monitor for code execution indicative of such behavior.”