Is your Cloud at risk of cryptojacking?

By David Shephard, Bitglass Australia

Credit: ID 132493565 © Igor Stevanovic |

Cloud cryptojacking –image desc for 1 hijacking cloud resources to mine for cryptocurrency – is currently the fastestimage desc for 2-growing cybersecurity threat to the enterprise. So how how do we image desc for 3 protect a cloud environment from falling victim to this new threat.

A recent report found that almost half of organisations have malware in one of their cloud applications. In 2019, cloud cryptojacking malware has become one of the biggest threats to organisations.

This malware sees cybercriminals regularly stealing processing power from devices and other resources in order to mine cryptocurrency. The trend is showing no signs of slowing down anytime soon.

This is because the rising popularity and value of cryptocurrencies like Bitcoin and Monero haveimage desc for 6 made large scale cryptojacking a highly lucrative proposition. As such, it should come as no surprise that hackers are targeting data centres and vulnerable websites that can help them boost their mining capabilities.

Today, cloudimage desc for 7-based resources are typically the main focus for hackers looking to mine cryptocurrency. In particular, infrastructure-as-a-service (IaaS) platforms are being targeted because they offer virtually infinite resources and an environment where attackers can operate under the radar andimage desc for 10 go largely undetected.

A perfect storm

The threat deliveryimage desc for 11 methods used by cybercriminals to initiate cryptojacking are similar to those utilised for other types of threats, such as ransomware or adware.

Typically, hackers will use phishingimage desc for 13 emails to load cryptomining code on to aimage desc for 14 device, or they will infect a website with JavaScript code that auto-executes once loaded into the victim’s browser. This code then runs surreptitiously in the background, meaning it can take a significantimage desc for 15 amount of time before individuals realise they’ve been compromised.

By combining cloudjacking – the act of stealing processing power and storage from a cloud account – with cryptojacking, criminals are able to accelerate the rate at which they illicitly mine cryptocurrency.

Tesla is just one of the high-profile organisations to fallimage desc for 18 victim to this type of attack. Earlier in 2018, it was discovered that some of its Amazon Web Services (AWS)image desc for 21infrastructure was being appropriated for mining. The criminals responsible for the attack concealed their activities from conventional firewall and intruder detection systems by hiding the IP addresses of their mining programs behind a content delivery network; they also throttled the mining software to ensure that it did not trigger high-usage-detection systems.

How to prevent cryptojacking

Incorporatingimage desc for 23 cryptojacking into existing employee security awareness training is a vital preventative step.image desc for 24 The more employees know, the better equipped they will be toimage desc for 25avoid falling prey to an attack. As always, it’s importantimage desc for 26 to focus on the way that hackers use highly targeted phishing techniques to gain access to IT environments.

Additionally, asimage desc for 27 many attacks are delivered via auto-executing cryptojacking scripts on websites, deploying ad-blocking and anti-cryptomining extensions on web browsers isimage desc for 28also critically important.

Next,image desc for 29 a simple and effectiveimage desc for 30 step is to make sure that strongimage desc for 31 passwords and multi-factor authentication are inimage desc for 32 place for allimage desc for 33 cloud apps and IT assets. Attackers compromised Tesla’simage desc for 34 environment through an administration console that was not password protected. Exchanging default passwords for strong, alphanumeric credentials and enforcing multi-factor authentication areimage desc for 35 must-haves for ensuring the protection of sensitive enterprise assets.

Prioritise first-line defence

Promptly installing patches and software updates isimage desc for 36 another action that willimage desc for 37 ensure endpointsimage desc for 38 and cloud-based tools have their security gaps filled, protecting them from the latest threats.image desc for 40 Many successful cloud cryptojacking attacks have exploited well-knownimage desc for 41 vulnerabilities that were left unsecured by enterprises and employees who failed to implement patches in a timely manner.

Similarly,image desc for 43 deploying cloud-based advanced threat protection (ATP) helps defend against known and zero-day malware that can be used to launch cryptomining attacks. With the correct tool in place, any threat can be detected and blocked as it is uploaded to any app, downloaded to any device, or at rest in the cloud.

This is ideally achieved through an agentless solution because agent-based endpoint tools like mobile device management (MDM) can harm device functionality, invade user privacy, and, consequently, prove incredibly difficult to deploy on employees’ personal devices. As bring-your-own-device (BYOD) is becoming common within the vast majority of organisations, securing personal devices through agentless solutions is an absolute must.

In recent months, there’s been a sharp increase in the number of reported cryptojacking incidents. Organisations cannot afford to ignore the threat that malicious mining poses. In addition to increasing energy costs, attacks can also harm system performance for users and customers – which can cause lasting brand damage. By rigorously reviewing first-line defences, organisations can ensure that they do not become victims of thisimage desc for 50 latest perniciousimage desc for 51 cyber threat.

Tags cryptocurrencyBitglassCryptojackingcryptomining

Show Comments