Cloud Abuse at Scale: How Cybercriminals Exploit Free Tiers for Profit
Miguel
fwd:cloudsec Europe 2025 · Day 1 · Main Room
Miguel Hernandez, a Senior Threat Research Engineer at **Sysdig** with over a decade in security research, presented findings from an 18-month investigation into a sprawling underground ecosystem that systematically abuses cloud provider free tiers for cryptomining profit. What began as routine threat hunting of malicious scripts evolved into mapping an entire supply chain — from automated account creation using stolen student identities and browser macros, to Telegram-based marketplaces selling cloud accounts, to structured training courses teaching free-tier abuse techniques. The research reveals that cloud free-tier abuse is not the work of isolated individuals but a coordinated, semi-professionalized industry.
AI review
An entertaining and well-researched threat intelligence investigation that maps the entire underground ecosystem of cloud free-tier abuse. The techniques themselves are not sophisticated, but the ecosystem view — from stolen student identities through Telegram marketplaces to miners hidden in Vertex AI jobs — provides genuine intelligence value that individual incident reports miss.