Cryptojacking attacks surge against enterprise cloud environments

Ransomware continues to plague the enterprise, but as interest in cryptocurrency explodes, businesses are now faced with cryptojacking as a serious emerging threat.

More security news

In order to mine cryptocurrency including Bitcoin (BTC) and Ethereum (ETH), power is required.

While some websites are exploring the idea of “borrowing” CPU power from visitors in lieu of advertising to generate revenue through virtual coins, cryptojacking does this without consent.

Enterprise environments are lucrative targets for such attacks due to the possibility of access to expensive, high-powered public cloud compute resources, rather than the sliver of power made available through your average PC owned by the general public.

Back in February, Tesla became a victim of such an attack. An unprotected Kubernetes console belonging to the automaker exposed access credentials for Tesla’s Amazon Web Services (AWS) environment, which was then exploited to mine cryptocurrency.

On Tuesday, RedLock’s latest Cloud Security Trends report, based on the findings of the RedLock Cloud Security Intelligence (CSI) team, has highlighted this emerging trend.

The team suggests that up to 25 percent of organizations have experienced cryptojacking activity within their cloud environments in 2018, in comparison to only eight percent last quarter.

“One possible explanation for this is the ransomware market is becoming saturated and overpriced, and hackers are setting their sights on new revenue streams,” the report says. “Another reason cryptojacking continues to proliferate is that attackers are using advanced evasion techniques when mining cryptocurrencies.”

There are a number of attack vectors which makes cryptojacking possible. In order to exploit cloud environments, threat actors must have a conduit, and this can be in the form of insecure databases.

According to the report, corporations are doing a better job of protecting their databases, but there is still a vast amount of room for improvement. In total, the researchers claim that up to 49 percent of databases in the cloud are not encrypted, but this is a rapid reduction from an estimated 82 percent in 2017.

RedLock says that almost half of organizations — 43 percent — also do not rotate their access keys frequently, and on average, over half — 51 percent — of enterprise players publicly expose at least one cloud storage device.

Businesses that do not employ stringent patch processes are also leaving themselves open to attack. The researchers suggest that 24 percent of organizations account for hosts which are missing high-severity vulnerability patches in public cloud environments.

In addition, RedLock researchers uncovered a new attack vector relating to enterprise public cloud environments caused by public cloud instance metadata APIs.

These APIs are used to manage and configure cloud instances, but in attack scenarios, threat actors can query an API to obtain an instance’s metadata. When unsecured, cyberattackers are able to obtain access credentials to public cloud environments through this technique.

See also: This malware is harvesting saved credentials in Chrome, Firefox browsers

“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock. “That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks.”

“Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security,” the executive added. “This is a constant and shared responsibility.”

Previous and related coverage

READ MORE HERE