Summary
SafeBreach Labs researchers developed methods to leverage Microsoft Azure's Automation Service for free, undetectable cryptocurrency mining. They found three ways to execute miners: two using their own environment and Azure's resources for free, and one in a victim's environment undetected. The techniques could potentially be used for any task requiring code execution on Azure.
Affected Services
Azure Automation Service
Remediation
Monitor logs for suspicious Azure Automation activities like runbook drafts, Python package updates, and PowerShell module updates. Implement strict access controls and regularly audit Automation Account usage.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor Azure Automation logs for suspicious activities like frequent runbook executions, unusual package/module imports, and unexpected resource usage. Implement anomaly detection for Automation Account behavior.
Piercing Index Rating
-
Discovered by
Ariel Gamrian, SafeBreach Labs
