Microsoft has banned cryptocurrency mining using its online services. The cloud computing giant is taking measures to increase the stability of its cloud services by putting restrictions on cryptocurrency mining.
Microsoft’s acceptable use policy regarding the use of online services states that “Neither Customer nor those that access an Online Service through Customer, may use an Online Service to mine cryptocurrency without Microsoft’s prior written approval”.
In its advisory to partners titled – ‘Important actions partners need to take to secure the partner ecosystem’, Microsoft has mentioned that, “The Acceptable Use Policy has been updated to explicitly prohibit mining for cryptocurrencies across all Microsoft Online Services unless written pre-approval is granted by Microsoft”.
Microsoft suggests that partners seek written pre-approval from Microsoft before using Microsoft Online Services for mining cryptocurrencies, regardless of the term of a subscription. It will minimize potential fraud damage to the customers’ subscriptions.
This change is to help protect customers and reduce the risk of disrupting or impairing services in the Microsoft Cloud. Cryptocurrency mining can cause problems for Online Services and their users and is often associated with unauthorized access to and use of customer accounts.
Rise in crypto-jacking malware
Cryptojacking is becoming more common in the global threat landscape. Different kinds of attackers are switching to crypto mining. Malicious miners can infect machines and earn a stable profit for their operators. Mining malware can remain in a target system unnoticed for months or longer.
The number of new malicious software modifications that mine cryptocurrency increased dramatically in 2022. Kaspersky detected 215,843 new modifications of miners in the first 10 months of 2022.
Last year, Microsoft warned about LemonDuck, which is an actively updated and robust malware mainly known for its botnet and cryptocurrency mining objectives. LemonDuck steals people’s login information, disables security features, spreads through email, moves from one computer to another, and finally drops more tools for human-operated activity.
Malicious actors are also leveraging GitHub Actions (GHA) and Azure virtual machines (VMs) for cloud-based cryptocurrency mining. They have been targeting the cloud environment for cryptocurrency mining activities and cybercriminals compromise cloud infrastructure for less lucrative CPU-based cryptocurrency-mining operations.