When executives consider the risk to their systems they often consider only the value of their data and that of their customers. Too rarely do they consider the intrinsic value of their raw computing power or how their computing systems could be used as part of a larger attack.
Case in point, last week security firm RedLock published a report that included a finding that a number of large enterprises had their computing systems compromised and used to mine Bitcoins. That’s right – the digital break-ins weren’t to steal data or money, or to conduct identity theft or industrial espionage — it was to mint Bitcoin.
According to their findings, researchers found a number of wide open (not even password protected) Kubernetes admin consoles deployed on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. “These instances were effectively open to the public and created a window of opportunity for hackers. Having a configuration monitoring solution in place across the cloud computing environments could have exposed this serious misconfiguration,” they wrote [.pdf].
As the team analyzed further, they found that the attackers were running a Bitcoin mining operation and that their cloud workloads had been metamorphosed into a single-purpose machine dedicated to activities not sanctioned by the owners. The researchers also found access keys and tokens laying in the container in cleartext, which could be used to burrow deeper into the compromised organization.
It can’t be said enough, if you are running workloads in the cloud they must be constantly monitored to ensure they are up to date, configured to security and compliance policy, and otherwise secured.
We’ll continue to see cloud environments hijacked so that the criminals can benefit from free computing resources. The oldest and most common type of such hijacking of computing resources is typically to conduct denial of service attacks. Historically, attackers have overtaken computers to turn them into bots that would send bogus traffic at targeted websites, application services, or other resources. In the past year we’ve seen such attacks move from PCs and servers to overrunning hundreds of thousands of IoT devices to create massive botnets.
Of course, this is nothing new. Many cyber attacks over the years have had nothing to do with anything of monetary value and instead were about experimentation, exploring, revenge, love, online activism, and virtually any other human motivation imaginable.
Of course enterprise security teams and executives need not consider every potential motivation any given attacker may have themselves — it it’s imperative that they realize there are different motivations and one of them is simply to subvert their digital assets as part of a broader attack.
This is a Security Bloggers Network syndicated blog post authored by Cybersecurity Matters. Read the original post at: Cybersecurity Matters – DXC Blogs