Exposed Training Apps Enable Crypto-Mining in Cloud Environments
These articles are AI-generated summaries. Please check the original sources for full details.
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Pentera Labs’ research identified a recurring pattern of intentionally vulnerable training applications being deployed in real-world cloud environments, enabling exploitation, lateral movement, and crypto-mining activity across enterprise infrastructure. The investigation found that these applications were often deployed with default configurations, minimal isolation, and overly permissive cloud roles, allowing attackers to move beyond the vulnerable applications and into the customer’s broader cloud infrastructure.
Why This Matters
The technical reality of deploying training applications in cloud environments often diverges from ideal models, as these environments are frequently treated as low-risk or temporary assets, excluded from standard security monitoring and lifecycle management processes. This oversight can lead to significant costs, as evidenced by the 20% of exposed training application instances found to contain artifacts deployed by malicious actors, including crypto-mining activity, resulting in potential financial losses and reputational damage.
Key Insights
- Nearly 2,000 live, exposed training application instances were verified, with close to 60% hosted on customer-managed infrastructure running on AWS, Azure, or GCP: Pentera Labs, 2026
- Default credentials, known weaknesses, and public exposure were sufficient to turn training applications into an entry point for broader cloud access, highlighting the need for robust security measures: Pentera Labs research
- Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning common attack techniques, but require proper deployment and maintenance: OWASP
Practical Applications
- Use Case: Palo Alto, F5, and Cloudflare, among other Fortune 500 organizations, have cloud environments associated with exposed training applications, demonstrating the need for vigilant security practices.
- Pitfall: Treating training environments as low-risk or temporary assets can lead to overlooked security vulnerabilities, allowing attackers to exploit these environments and gain access to broader cloud infrastructure.
References:
- http://thehackernews.com/2026/02/exposed-training-open-door-for-crypto.html
- Pentera Labs research blog
Continue reading
Next article
Implementing Pause and Resume for Large File Uploads in React Using Filestack
Related Content
‘Damn Vulnerable’ Training Apps Leave Vendors' Clouds Exposed
Researchers discovered over 1,900 publicly accessible, deliberately vulnerable training applications exposing cloud environments of major security vendors.
Securing Cloud Workloads and Infrastructure: Balancing Innovation with Identity and Access Control
A free webinar from CyberArk addresses the growing challenge of securing multi-cloud environments and mitigating identity risks.
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Five critical vulnerabilities in Fluent Bit, used in billions of containers, enable remote code execution and cloud infrastructure takeovers.