While this year’s large-scale ransomware attacks such as WannaCry and NotPetya have garnered significant media and public attention throughout the world, a different kind of threat has been brewing quietly in the background. However, it is not your data or even your money that cybercriminals are after, but rather your computing resources.
A report by security intelligence group RedLock found that hackers had been using Amazon Web Services (AWS) cloud computing resources to mine for bitcoins. According to the report, two multinational corporations, Aviva and Gemalto, were affected. Redlock discovered the security issue after realizing that a number of administration consoles on AWS, Microsoft Azure and Google Cloud platforms were not password protected. Consequently, hackers had easy access to the public cloud platforms in order to gain “free" compute power to mine the digital currency.
The Redlock Cloud Security Intelligence (CSI) team explained, “Bitcoin mining involves extremely complex and time-consuming mathematical calculations. The cost of compute doesn’t make it economically viable for one to mine bitcoins on their own hardware. However, that equation changes to a more favourable one when the resources being used belong to someone else. Many criminals are taking advantage of poor cloud security practices and configuration mistakes to take over cloud instances belonging to large organizations where the increase in spend due to Bitcoin mining will likely go unnoticed. Once they infiltrate the cloud environment, it is a simple matter to spin up a powerful virtual machine to generate Bitcoins while the subscribing organization gets stuck with the bill.”
Unauthorised cryptocurrency mining has been around for years, with stealthy mining botnets often bundled with malware that infect computer systems. But the recent cryptocurrency boom has attracted more unscrupulous actors, even nation-state hackers, to join the bandwagon and come up with new methods that can enable them to steal resources from unsuspecting organisations. Alarmingly, a recent report from IBM Managed Security Services (MSS) revealed that mining malware has increased six-fold in 2017.
Redlock’s finding is particularly important because it shows that the power of cloud computing is now highly sought after for bitcoin mining and other nefarious purposes. The breaches also highlight the urgent need for effective network monitoring solutions in public cloud computing environments to help organisations detect suspicious activity.