Researchers find how to turn serverless apps into massive crypto-mining farms
Crypto-jacking threats have largely (but not exclusively) been confined to the browser. Worryingly, new research from Israeli cybersecurity firm PureSec demonstrates how cryptocurrency mining scripts could be surreptitiously deployed within serverless applications. The research was demonstrated in the company’s new report, called “New Attack Vector: Serverless Crypto-Mining.” This type of attack has significant implications for companies who deploy serverless applications on platforms like AWS Lambda and Microsoft Azure, as it could result in an attacker establishing their own vast crypto-mining operation at their expense. Researchers from PureSec were able to force serverless functions to automatically download an off-the-shelf crypto-mining script.…
This story continues at The Next Web