#United States #Boston #Cloud Security #Pentera #crypto-miners

Active Exploitation of Cloud Training Applications

In a startling revelation, Pentera Labs has uncovered alarming evidence of exploited cloud training applications that are under attack from crypto-miners. This research sheds light on the vulnerabilities present within enterprise-managed cloud environments utilized by major players, including Fortune 500 corporations and recognized cybersecurity vendors.

The applications in question typically serve purposes like security demonstrations and hands-on training. Among those identified are open-source projects such as OWASP Juice Shop, DVWA (Damn Vulnerable Web Application), and Hackazon. Pentera's investigation discovered thousands of systems that are alarmingly exposed, predominantly hosted on AWS, Azure, and Google Cloud Platform infrastructures. Approximately 20% of these environments exhibited signs of unauthorized activity consistent with crypto-mining operations.

The research indicates that these vulnerable applications are frequently deployed with default settings, featuring minimal isolation and excessively permissive cloud role configurations. The findings suggest that many exposed training environments were directly linked to active cloud identities and privileged roles, thus allowing attackers to potentially migrate beyond the deliberately vulnerable applications into the wider customer cloud infrastructure.

Noam Yaffe, Senior Security Researcher at Pentera Labs, expressed the gravity of the situation: "One misconfigured training app was sufficient for attackers to access cloud credentials and deploy miners at an organization’s expense. Although these systems might be classified as 'non-production', the access they expose is alarmingly real for countless organizations."

As the investigation unfolded, Pentera Labs also encountered webshells, obfuscated scripts, and mechanisms of persistence within the compromised hosts, further indicating that adversaries are utilizing these publicly accessible 'lab' systems as entry points into enterprise cloud accounts. From this vantage, attackers could expand their reach in a variety of ways, including lateral movement across cloud resources, privilege escalation through overly permissive roles, tampering with Continuous Integration/Continuous Deployment (CI/CD) pipelines, or entrenching themselves into the software supply chain processes.

This comprehensive investigation, along with its findings and methodology, is available for further reference. The research was initially spearheaded by Security Researcher Noam Yaffe, and Pentera Labs has proactively disclosed its findings to affected organizations to help them address these vulnerabilities effectively.

About Pentera:
Pentera stands at the forefront of AI-driven Security Validation, offering enterprises a platform dedicated to proactively testing all cybersecurity controls against the latest cyber threats. By identifying actual risks across the entire attack surface, Pentera ensures the automatic orchestration of remediation workflows to efficiently mitigate exposure. These capabilities are indispensable for Continuous Threat Exposure Management (CTEM) operations, with thousands of security professionals globally trusting Pentera to close security gaps before malicious actors can capitalize on them.

For more detailed insights and updates, visit pentera.io.