There was a little exploit in Microsoft Azure Automation, and someone who knew his way around this technology could have leveraged it to earn quick money and not get busted. One such user did find this exploit, but as it turns out, instead of using the exploit to get rich, he has gone ahead and reported it to Microsoft, who have gone ahead and fixed it.
The person who found this exploit was not a single entity, but a group of researchers from the SafeBreach cybersecurity company. As an experiment, they decided to try and build a crypto miner that worked on other peoples’ resources, needed no management, didn’t cost a dime, and was undetectable. They tried to create this crypto miner using various cloud services, but they succeeded using Microsoft’s Azure Automation.
Once the crypto miner was ready, they tried a lot of different ways to deploy it. First, they tried it out with their environment. Now, the drawback with using your environment is that it costs money, but thanks to a pricing exploit, the crypto miner ran for a month and cost $0. When the test was done, they reported this glitch the Microsoft, who fixed it promptly.
Next, they tried to run the miner on other peoples’ environment. They created a test job for mining and set the status to ‘failed’. When a test job fails, you can create another test job, which they did, and then safely hide the mining operator in the background. The researchers then used the Automation feature on Azure to run the code. The Azure automation tool allows the upload of custom Python packages. The researchers reported that they could create a malware program and rename it to ‘pip’. When uploaded this will replace the conventional pip operation and the rest is in your hands.
When they took these findings to Microsoft, the tech giant said that the ability to upload custom Python packages was a feature and not a glitch. Be that as it may, the researchers advise Microsoft to alert their Azure users to be mindful of their environments and to personally monitor every single resource, as anyone can exploit this ‘feature’ for more nefarious purposes.
