Fortify your Azure cloud security with Phoenix AzGuardian
Fortify your Azure cloud security and protect yourself against cryptomining fraud and other security threats including insider attacks, privileged account escalation, and brute force attacks with Phoenix AzGuardian.
What is cryptomining fraud in Microsoft Azure?
Cryptomining fraud involves unauthorised individuals or groups gaining access to your Azure resources and using them to mine cryptocurrencies without your knowledge or consent. They leverage the processing power of Azure’s high-performance computing resources to perform the complex calculations necessary for cryptocurrency mining, with your organisation responsible for this usage. It’s a stealthy, illegal operation that, if left undetected, can lead to significant and unexpected Azure consumption costs that severely impact your organisation’s ability to operate and deliver services.
Cryptomining fraud leads to:
Rapid increase:
compromised Microsoft Azure tenancies are facing more frequent incidents of cryptomining fraud
Financial implications:
unauthorised cryptocurrency mining activities consume considerable amounts of processing power, leading to the generation of significant unauthorised cloud consumption costs. Unfortunately, the organisation that owns the Azure environment that is compromised has to bear these costs, not the service provider
Loss of service:
cryptomining fraud activities can lead to service degradation if legitimate Azure resources are impacted or terminated, and entire subscriptions can be completely hijacked or even cancelled during an attack
Regulatory risks:
unauthorised data access and data loss can result from the same breaches that enable unauthorised cryptomining to take place, as the same access can also be used by attackers to access your confidential data, causing serious compliance and regulatory issues
The challenges of maintaining your Azure cloud security
Managing your Azure cloud security to reduce the risk of cryptomining fraud in Microsoft Azure often presents several challenges. This is due to the unique characteristics of cloud environments and the evolving nature of cryptomining fraud techniques. Some key challenges include:
Cryptomining fraud techniques constantly evolve to bypass existing security measures. Attackers adapt their code, utilise obfuscation techniques, and leverage new vulnerabilities to evade detection and continue their unauthorised mining activities.
Traditional security measures may struggle to detect cryptomining fraud activities within Azure. The nature of cloud resources and the decentralised architecture make it crucial to have robust monitoring and visibility solutions in place.
Azure environments encompass a vast array of resources, making it challenging to identify and mitigate cryptocurrency fraud incidents effectively. The distributed nature of cloud infrastructure further complicates the detection and prevention process.
Once an organisation’s Azure environment has been compromised, the resources required for cryptomining can be provisioned and up and running in a matter of minutes, with the resulting unauthorised costs being generated immediately.
Addressing these challenges requires a comprehensive approach to combine robust security configuration with monitoring and detection mechanisms, and maintaining up-to-date knowledge of emerging malicious and unauthorised access techniques that could enable cryptomining fraud to be committed.
Real-world impacts and costs of cryptomining fraud
These are recent examples of cryptomining fraud incidents in the UK. Here you can see what happened, the route taken to gain access, and how costly this became for the organisations.
- This organisation was using Azure as part of a hybrid strategy. They had a medium level of adoption and many services running to support their organisation
- A threat actor gained access into their environment using a service account with elevated privileges and no security controls enabled
- Unknown to the organisation, the threat actor used their Azure environment to spin up cryptomining servers across the globe, which were then left running
- By the time it was detected, the bill was already high and the threat actor had covered their tracks and left with the profits
- This resulted in a cost to the organisation of £568,000
- The organisation used Azure to run one business application and would regularly spend between £200 – £300 a month
- This application was developed by a team of developers from a third-party where they would access the Azure environment using a shared service account
- The threat actor gained access into the environment by finding out the username of this account and using an authentication method called ROPC to generate an access token
- The threat actor waited for the current billing period to end and on the first day of the next period used a script to spin up a cryptomining farm – this took four minutes – and managed to leave this running undetected for a few weeks
- This resulted in a cost to the organisation of £60,000
Managing the risk of cryptomining fraud requires a proactive and layered approach, such as regularly reviewing and updating your security controls, staying informed about the latest Azure security best practices, and engaging in ongoing security assessments and monitoring to secure your Azure environment. But is this enough?
Phoenix AzGuardian: fortifying your Azure cloud infrastructure
To combat this rising threat, Phoenix developed AzGuardian – a powerful, proactive defence mechanism, delivered as a managed service, and designed to safeguard your Azure infrastructure from being exploited for fraudulent usage by proactively implementing a combination of Azure security best practice, threat detection, and response.
As well as protecting against cryptomining fraud, our service secures your organisation against several other security scenarios including insider attack, privileged account escalation, initial access (preventing sign-ins from outside the UK), and brute force attack.
The Phoenix AzGuardian Managed Service features a three-stage approach, described as Prevention, Slowdown, and Stop with each stage providing an additional level of proactive risk mitigation.
Prevention:
the service supports the deployment and adoption of Microsoft best practice methodology to reduce the risk of unauthorised privileged access to an organisation’s Azure environment by a malicious actor
Slowdown:
the service places further limitations within the environment to restrict the activities available to a malicious actor, and deploys monitoring and alerting for real-time visibility of potentially unauthorised events that can be investigated and acted upon to stop an attack before it progresses
Stop:
the service includes a proprietary kill-chain stage designed to automatically terminate Azure resources that meet specified criteria and are suspected to have been created by an unauthorised or malicious actor. This prevents any further resources being created, effectively stopping the attack
As the world’s first proprietary solution of its kind, Phoenix AzGuardian has a proven track record in safeguarding Azure environments by protecting against and neutralising cryptomining attacks and helping preserve the integrity of your Azure cloud infrastructure.
Join the growing number of organisations who continue to experience the benefits and peace of mind of our Phoenix AzGuardian Managed Service first-hand.
Why Phoenix?
Phoenix AzGuardian FAQs
Azure is a cloud computing platform that offers various security features and capabilities to protect the data, applications, and infrastructure hosted on the cloud. However, security is a shared responsibility between Microsoft and the customer, and customers need to follow the best practices and recommendations to prevent or mitigate the impact of common security threats, such as cryptomining fraud.
Phoenix AzGuardian is a managed service that provides comprehensive and proactive security monitoring and management for Azure environments, helping customers improve their security posture, detect, and respond to security incidents, optimise and reduce their costs and risks, and access expert guidance and support from certified Azure specialists.
Cryptomining is the process of using computing power to solve complex mathematical problems and generate new units of cryptocurrency, such as Bitcoin or Ethereum. Cryptomining is not illegal in itself, as long as the miner owns or rents the hardware and software used for the mining operation. However, some threat actors use malicious techniques to compromise and exploit the resources of unsuspecting victims, such as cloud servers, websites, or personal devices, and use them for cryptomining without their consent or knowledge. This is known as cryptomining fraud, and it can have negative consequences for the victims, such as increased costs, reduced performance, degraded service quality, data breaches, and reputational damage. Cryptomining fraud is illegal and unethical, and it poses a serious threat to Azure customers who may not be aware of the unauthorised activity on their cloud environment. Phoenix AzGuardian can help detect and prevent cryptomining fraud attacks on Azure and protect your cloud assets from this emerging threat.
Take action now to enhance your Azure cloud security
Don’t let malicious threat actors gain access to your Azure environment. Adopt our Phoenix AzGuardian Managed Service and fortify your defences against this threat, supporting the security of your Azure infrastructure and the safety of your organisation.
Book a call with one of our Azure Specialists today to understand more about the service and of the real-world UK examples that have affected organisations like yours.
You can also email us at [email protected] or call 01904 562200 – whatever works best for you.