Threat actors are utilizing a new attack vector that hijacks legitimate proxyware services, which allows users to sell portions of Internet bandwidth to third parties. In large-scale attacks that exploit cloud-based systems, threat actors can use this vector, termed proxyjacking, to earn possibly hundreds of thousands of dollars per month in passive income, according to security researchers from Sysdig Threat Research Team.

In one attack, threat actors compromised a container in a cloud environment using the Log4j vulnerability, and then installed a proxyware agent that turned the system into a proxy server without the container-owner's knowledge. This attack vector is difficult to detect since it uses network resources and leaves a minimal CPU footprint. To avoid “receiving potentially shocking usage bills” due to proxyjacking activity, organizations are encouraged to set up billing limits and alerts with their respective cloud service providers, which can be an early indicator that something malicious is occurring. Read more at DarkReading.