Crypto-jacking is the latest buzzword sweeping across the technology and national media. After it was recently revealed that Tesla’s cloud was breached by hackers to illegally mine cryptocurrency, crypto-jacking has become more prominent in the eyes of public like never before.
If we cast our minds back to just a year ago, crypto-jacking was not formally recognised as a cyber-attack. Fast forward to 2018 and it’s a very different picture with the cyber threat landscape evolving at an almost uncontrollable rapid rate.
In fact, recent cyber security research revealed that crypto-jacking attacks in the UK have already surged by 1,200 per cent, despite this year only being a few months old. Indeed, the UK is now home to 4 per cent of the global malware infections that force victim’s computers to mine cryptocurrencies.
It was recently uncovered by RedLock that Tesla’s Amazon Web Services (AWS) cloud infrastructure was injected with malware. Elon Musk was quick to respond to remove the malware, although minimising reputational damage should not detract from the fact that crypto-jacking presents an increasingly dangerous and pervasive security threat to businesses, critical national infrastructure and public services.
The Tesla hack reminds us of how readily and easily cybercriminals can continue to develop more sophisticated techniques to target larger companies. This might not even be in the interest of profit, but instead could be purely to kick up a media furore. In this specific scenario for instance, the hackers accountable were not just attacking the public cloud to steal sensitive data but rather hijacking cloud systems to mine cryptocurrencies like Bitcoin.
The hackers behind the breach didn’t use mining pools in the sense of normal public computing. Rather, they installed mining pool software and then configured it to make an unlisted and semi-public endpoint, thus making it extremely challenging for IP-threat intelligence software to properly address and screen the cyber threat.
The threat is clearly not going away any time soon. And Tesla is not the only large organisation to be caught out by this latest breed of cyber-attack, with the likes of Aviva and Gemalto also having fallen foul to it too.
Moreover, the Australian government was also one of the latest victims, with the Victorian parliament official website being directly affected. Hackers exploited a vulnerability in the well-known plug-in Browsealoud, a programme responsible for converting website text to audio for visually impaired users. A script called Coinhive was subsequently inserted into the software to mine the cryptocurrency Monero.
What’s becoming painstakingly apparent amidst these developments is the great lengths hackers will go to in order to take advantage of the systems of both public and private companies.
How can organisations safeguard themselves from attacks? The new face of digital defence
So, what is the nature of a crypto-jacking threat, and, what does its wider impact look like? For example, the Tesla case highlights the Kubernetes container clusters as a platform of choice for cryptojacking attacks. This container technology has been incredibly efficient in terms of improving a developer’s productivity, hence its growing momentum. However, despite its many benefits to worker productivity, too many businesses still suffer from governance issues and gaps in their skills – both of which are issues that can pose significant security problems.
The footprint of Kubernetes on AWS is far-reaching, with 63 per cent of Kubernetes stacks running on AWS. The prevalence of Kubernetes clusters, paired with their insecure configurations and management complexity is what is potentially allowing attackers to easily carry out cryptocurrency mining attacks.
These gaps in security can lead to multi-stage attacks where a Kubernetes breach can also compromise sensitive keys, data and machines beyond the cluster. This is a significant concern for large companies provisioning thousands of containers every week. Moreover, let’s not forget that these security gaps can lead to considerably higher public cloud bills.
The three-step guide to securing Kubernetes clusters
So, what three easy steps can organisations take to secure their Kubernetes clusters and avoid this latest spate of crypto-jacking? The three fundamentals are a full security assessment, blind spot detection and continuous monitoring, automation and remediation. Let’s go through each in turn:
1. Blindspot Detection – covering all bases
The first crucial step is to detect all your Kubernetes clusters running in AWS. To secure Kubernetes clusters you need to find out where they exist with a variety of discovery tools.
2. Defend your container stack – secure configurations
After finding Kubernetes clusters, you have to then make sure these clusters and their workloads are thoroughly safeguarded from attack. There are multiple layers in a container stack, and each layer needs to be hardened. An extra issue here is the fact that many of the Kubernetes installers default to developer-friendly, but ultimately insecure configurations.
3. Automating Kubernetes checks
Finally, it’s critical that companies today adopt an automated policy solution such as a SecOps Policy Service, in order to continuously monitor, fix and assess container attacks.
Container tech adoption: the fast growth
The Tesla attack is one in a long line of high-profile attacks that remind us of the growing importance of having cyber security basics in place to protect AWS cloud.
As container technology adoption on AWS is growing at a rapid rate, cyber criminals will continue to attempt to identify and attack vulnerabilities arising due to the complexity of managing ever-changing container stacks.
If organisations such as Aviva and Tesla had adhered to the three steps outlined above, they could have prevented these attacks from occurring in the first instance. As it stands, the results of the attacks do not - as of yet - seem to have been significant in terms of hackers causing significant disruptions to public services or infrastructure or in allowing them to mine huge amounts of crypto currency.
Ultimately, these crypto-jacking breaches serve as a timely warning to any large company today. The above security tips should not be considered as an afterthought, but rather as integral steps that can keep modern organisations moving, retain customers and safeguard reputations. The cyber threat landscape is only going to keep evolving, so keeping up with this has never been as critical a task.
Daniel Nelson is AVP of Product Management at BMC Software
Image Credit: Den Rise/Shutterstock