Cryptojacking hit the headlines yet again earlier last month, following the news that Tesla’s cloud was compromised by hackers in order for them to illegally mine cryptocurrency.
Barely a year ago, cryptojacking was not even recognized as a class of cyberattack, which gives an idea just how rapidly this latest approach to cyber-crime has developed.
Researchers recently discovered that Tesla’s Amazon Web Services (AWS) cloud infrastructure had been infiltrated with malware. To the electric supercar designer’s credit, the company’s response to remove the malware and lock-down its AWS cloud was rapid and effective, although the fact that the fallout from the attack was minimalized effectively should not take away from the disturbing fact that cryptojacking presents an increasingly dangerous and broad security threat, both to businesses and to essential infrastructure and public services.
If anything, the Tesla infection shows how cyber-criminals are continuing to develop more sophisticated techniques to target large organizations, either for profit or to cause disruption. In this latest instance, the hackers responsible were not just attacking the public cloud to steal sensitive data but hijacking cloud systems to mine cryptocurrency such as Bitcoin.
As mentioned above, Tesla’s cloud was compromised due to insecurely configured Kubernetes clusters on its Amazon Web Services (AWS) cloud account. What it clearly illustrates is the fact that this threat is clearly not going away.
How can companies protect themselves?
Cryptojacking is clearly becoming a new and emerging threat, which is why it’s timely to consider the nature of the threat and its wider impact, specifically in Kubernetes container clusters.
Firstly, why is Kubernetes a platform of choice for cryptojacking? The container technology has been super-effective in terms of helping to improve developers productivity, hence its booming popularity. However, despite its many benefits to workflow efficiency, too many organizations still have knowledge and governance gaps and it is these that can create security gaps.
Secondly, the footprint of Kubernetes on AWS is widespread, with 63% of Kubernetes stacks running on AWS. This prevalence of Kubernetes Clusters, coupled with their management complexity and insecure configurations, is what is potentially leaving the door open for attackers’ cryptocurrency mining attacks.
Aside from notably higher public cloud bills, these gaps can lead to a multi-stage attack where a Kubernetes breach can also compromise sensitive keys, data, and machines beyond the cluster. Which is a major concern for large enterprises provisioning thousands of containers every week.
Three steps to secure Kubernetes clusters
There are three important steps in which an enterprise can secure their Kubernetes clusters and avoid these latest cryptojacking threats: blind spot detection, a full security assessment and continuous monitoring, automation and remediation. Below, we look at each step in a little more detail:
Blind spot detection
Detecting all your Kubernetes clusters running in AWS is the first challenge. To secure their Kubernetes clusters, you need to find out where they exist, using various discovery tools.
Harden your Container Stack
After Kubernetes clusters are discovered, you have to then ensure these clusters and their workloads are properly secured. There are numerous layers in a container stack, and each layer needs to be hardened. An additional security issue here is the fact that many of the Kubernetes installers default to developer-friendly, but insecure configurations.
Automate your Kubernetes checks
Lastly it’s essential that organizations use an automated policy solution such as SecOps Policy Service, in order to continuously monitor, assess and fix container attacks.
Rapid growth in container tech adoption
The Tesla attack is merely the latest high-profile hack of this type to highlight the growing importance of these basic AWS cloud security checks for the enterprise.
As container technology adoption on AWS is growing rapidly, cyber-criminals will continue to attempt to find and attack vulnerabilities that arise due to the complexity of managing ever-changing container stacks.
If companies such as Tesla had followed the three steps we’ve outlined above, they could have prevented these attacks occurring in the first place. As it is, the results of the attacks do not, as yet, seem to have been significant in terms of hackers causing major disruptions to public services or infrastructure or allowing them to mine huge amounts of cryptocurrencies.
However, let these cryptojacking breaches be a warning to any large enterprise or organization and ignore the above security tips at your peril!