Breaking

Monday, May 21, 2018

Cryptojacking attacks surge against enterprise cloud environments

Researchers suggest that crypto jacking cyberattacks levied at enterprise cloud environments are on the rise -- and a combination of poor security practices are to blame.


Ransomware continues to plague the enterprise, but as interest in cryptocurrency explodes, businesses are now faced with crypto jacking as a serious emerging threat.

In order to mine cryptocurrency including Bitcoin (BTC) and Ethereum (ETH), power is required.

While some websites are exploring the idea of "borrowing" CPU power from visitors in lieu of advertising to generate revenue through virtual coins, crypto jacking does this without consent.

Enterprise environments are lucrative targets for such attacks due to the possibility of access to expensive, high-powered public cloud computing resources, rather than the sliver of power made available through your average PC owned by the general public.

Back in February, Tesla became a victim of such an attack. An unprotected Kubernetes console belonging to the automaker exposed access credentials for Tesla's Amazon Web Services (AWS) environment, which was then exploited to mine cryptocurrency.

On Tuesday, RedLock's latest Cloud Security Trends report, based on the findings of the Redrock Cloud Security Intelligence (CSI) team, has highlighted this emerging trend.

The team suggests that up to 25 percent of organizations have experienced crypto jacking activity within their cloud environments in 2018, in comparison to only eight percent last quarter.

"One possible explanation for this is the ransomware market is becoming saturated and overpriced, and hackers are setting their sights on new revenue streams," the report says. "Another reason crypto jacking continues to proliferate is that attackers are using advanced evasion techniques when mining cryptocurrencies."

There are a number of attack vectors which makes crypto jacking possible. In order to exploit cloud environments, threat actors must have a conduit, and this can be in the form of insecure databases.

According to the report, corporations are doing a better job of protecting their databases, but there is still a vast amount of room for improvement. In total, the researchers claim that up to 49 percent of databases in the cloud is not encrypted, but this is a rapid reduction from an estimated 82 percent in 2017.

Redrock says that almost half of the organizations -- 43 percent -- also do not rotate their access keys frequently, and on average, over half -- 51 percent -- of enterprise players publicly expose at least one cloud storage device.

Businesses that do not employ stringent patch processes are also leaving themselves open to attack. The researchers suggest that 24 percent of organizations account for hosts which are missing high-severity vulnerability patches in public cloud environments.

In addition, Redrock researchers uncovered a new attack vector relating to enterprise public cloud environments caused by public cloud instance metadata APIs.

These APIs are used to manage and configure cloud instances, but in attack scenarios, threat actors can query an API to obtain an instance's metadata. When unsecured, cyberattackers are able to obtain access credentials to public cloud environments through this technique.

"We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there's definitely more to do," said Gaurav Kumar, CTO of RedLock. "That's why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks."

"Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security," the executive added. "This is a constant and shared responsibility."


1 comment:

  1. Cryptojacking attacks are becoming the latest threat to cyber and personal security with cyber criminals creating a profitable new revenue stream from it as the ransomware market becomes overpriced and overcrowded
    Thank you.

    ReplyDelete