While this campaign targets free services, Binary Defense researchers have observed an uptick in the number of compromises of cloud services like AWS or Azure to mine cryptocurrency. These attacks are effectively theft and can leave organizations with a large bill.
For example, a developer in Seattle incurred a bill for over $53,000 which was normally a $100-$150 per month. In another case, a California College student was sent a bill for $55,000.
It is highly recommended to adopt complex passwords that are unique to each application and account, and to also adopt two-factor authentication. Additionally, organizations can monitor their cloud expenses and be warned of such attacks by setting up billing alarms (for example, in AWS): https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html
https://www.bleepingcomputer.com/news/security/massive-cryptomining-campaign-abuses-free-tier-cloud-dev-resources/
https://cryptonews.net/news/security/3029145/
