Cloudy With a Chance of Cryptojacking

Written by

A growing trend amongst cyber-criminals is cloudjacking: the act of stealing processing and storage from someone else’s cloud account.  Many are combining this practice with cryptojacking to further boost their mining capabilities. Together, the two hacking methods can be used to mine cryptocurrency at a highly-accelerated rate.

Public cloud platforms, particularly IaaS platforms, are particularly popular targets for cryptojackers as they offer a huge amount of processing power in an environment where attackers can go undetected.

A recent high profile example of cryptojacking and cloudjacking in action was the discovery that some of Tesla’s Amazon Web Services (AWS) instances were appropriated for an unintended use – mining.

In the Tesla example, attackers ran several mining  programs and hid the IP addresses, effectively disguising their activities from conventional firewall and intruder detection systems. They  also deliberately throttled the mining software to run at a rate that would not trigger high-usage detectors.

How can organizations protect themselves?
Fortunately, many of the security measures used to prevent known  web  vulnerabilities can help prevent cloudjacking and cryptojacking. Below are some of the top tips to boost security:

Train employees to be aware of the threat - As with so many cybersecurity threats, employees are the first line of defense and the more they know, the better equipped they will be. Make sure that any and all security training incorporates information on both cloudjacking and cryptojacking, what to look for, and how to prevent it. In particular, focus on the use of phishing to gain access to computers and IT environments. 

Deploy ad-blocking or anti-cryptomining extensions on web browsers - Training can only be so effective in stopping auto-executing cryptojacking scripts found on malicious websites and in some adverts.  Since many attacks are delivered this way, installing ad blockers can be an effective means of stopping them. Some ad blockers even have the ability to detect crypto mining scripts, making them particularly effective. 

Make sure strong passwords and multi-factor authentication are used on cloud apps and IT assets - Such a simple security step, yet so often the Achilles heel of organizations. Changing default passwords out for strong alphanumeric ones and enforcing multi-factor authentication (MFA) can help prevent a significant number of opportunistic criminals from gaining control of cloud and IT assets even after credentials are compromised. It has been widely reported that the way attackers infiltrated Tesla’s environment was through the company’s Kubernetes administration console, which was not password protected.

Use effective cloud and endpoint protection - Many cloud and endpoint protection solutions are now capable of detecting known crypto miners, meaning even if an employee unwittingly clicks on malicious links or visits infected sites, resulting attempts to compromise the system can be prevented. Of course, cyber criminals are constantly changing their techniques and introducing new code to try and avoid detection.

Ensure the latest security patches and software updates are installed promptly - Security solutions providers regularly release patches that help protect against the very latest malware that has been discovered. Ignoring these patches is all too common, but highly irresponsible, and can leave endpoints and cloud networks unnecessarily exposed. 

Adopt robust data security solutions - Mobile data security solutions  will help to control exactly what’s on user devices and reduce the risk of breach. In the new era of bring your own device (BYOD), conventional mobile device management (MDM) is becoming increasingly difficult to enforce. However, there are now a variety of fully agentless solutions available that can provide all the benefits of MDM, minus the privacy and deployment issues.

The rise of cryptojacking has taken businesses and security experts alike by storm over the past six months. Although not as potentially damaging as other forms of malware, if left undiscovered these attacks can still cause significant damage to an organization’s bottom line and reputation.

What’s hot on Infosecurity Magazine?