Serverless computing is increasingly popular as it allows developers to upload code for functions to the cloud rather than run it on local servers.
But specialist in serverless security
PureSec has released a report detailing how hackers can turn a single vulnerable serverless function into a virtual cryptomining farm by taking advantage of the scaleable nature of the architecture.
Exploiting the auto-scaling capabilities of serverless architecture, a single attack could hijack resources in order to run hundreds to thousands instances of popular tools that mine cryptocurrencies such as Bitcoin, Ethereum and Monero.
Researchers PureSec were able to force serverless functions, which were vulnerable to remote code execution, to download an off-the-shelf crypto-miner during function execution. The miner performed its cryptomining computations in parallel to the application’s normal execution tasks, making the hijack invisible to the end user.