Important - Bitcoin mining of VMs

 
 

News,
19 apr. 22 Author: Trond Soerboe

We have seen an increase in cyberattacks towards VMs for bitcoin mining - and since it requires huge amounts of resource to do so, the consequence for partners and customers is that ACR rails and the cost can be very high - this is not a cost that Microsoft bears as the responsibility lies on the partner to set up the environments correctly and based on best practices. It is very important to be proactive and have a dialogue with customers about how they set up safer environments, to minimize the risk of ending up in these situations.

Below are some of the best practices and resources available.  A basic measure to secure the environment is to turn on MFA, and we are happy to discuss other security and monitoring solutions.

Overview info : Managing nonpayment, fraud, or misuse - Partner Center | Microsoft Docs

Why should you secure open ports?

Internet facing hosts are a popular set of targets for various bad actors since early in the existence of the Internet. With the popularity of cloud computing, new vectors of infiltration and obtaining credentials and information were born. Hacking (vulnerability exploitation, backdoor entry, and credential compromise) remains one of the highest breach causes.

Remediation

There are multiple options to secure an open port, please choose the one that is most appropriate for your scenario:

  • JIT (Just In Time) Virtual Machine Access - Azure Security Center offers JIT. With JIT, you can lock down the inbound traffic to your VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
  • Azure firewall - Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
  • Windows Virtual Desktop - Allows you to easily and securely access corporate applications, data, and resources from any device, anywhere.
  • Azure Bastion - Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software.

Network Security Best Practices:

Best practices for network security - Microsoft Azure | Microsoft Docs

If you need help and want to discuss how you can help your customers, we at TechData are here to help you, contact us at via e-mail cloudsoftware.no@techdata.com and we will help you.