AWS Cloud Hacked by Bitcoin Miners
Bitcoin mining is among the latest threats to public cloud security as hackers breach enterprise computing resources to hunt for the digital currency.
Cloud security vendor RedLock reported earlier this month that hackers were using Amazon Web Services (NASDAQ: AMZN) cloud computing resources to mine for bitcoins. The process involves collecting all transactions made during a set period into a list, called a block. Bitcoin miners confirm those transactions, and write them into a general ledger. They are then paid in like currency.
The rise of "mining farms" and crypto-currency networks is driving demand for graphics processors, market analysts note. The computing-intensive process is also attracting hackers looking for ways to hitch a ride on public cloud infrastructure.
RedLock reported that several multinational companies using the AWS public cloud fell victim to the hack, noting the rise of "nation-state hackers stealing bitcoins to fund political campaigns.
RedLock researchers found that hackers exploited Kubernetes container orchestrators deployed on AWS, Microsoft Azure (NASDAQ: MSFT) and Google Cloud Platform (NASDAQ: GOOGL). None were password protected, and "were effectively open to the public and created a window of opportunity for hackers," the security noted in a report published earlier this month.
The security analyst further noted that hackers were executing a bitcoin mining command from a Kubernetes container. "This highlights the need for effective network monitoring solutions in public cloud computing environments to detect suspicious activity," RedLock noted.
Among the security steps public cloud users can take are monitoring cloud resources to detect misconfigurations, the security analyst added. "Having a configuration monitoring solution in place across the cloud computing environments could have exposed this serious misconfiguration," the security analyst concluded.
Others agreed. "In recent months there have been many instances of misconfigured Amazon databases expos[ing] sensitive information publicly," added Javvad Malik, a cloud security specialist with cyber vendor AlienVault. "This attack shows that the power of cloud computing is sought-after for bitcoin mining or other nefarious purposes."
In response, some security vendors are pitching cloud-native approaches they claim offer more protection for sensitive databases.
In a separate report, RedLock found that standard security practices such as keeping sensitive databases on-premise are being largely ignored. The vendor found that 31 percent of databases hosted in public clouds were accepting "inbound connection requests" from the Internet. Making matters worse, RedLock said 93 percent of public cloud platforms allowed unrestricted outbound traffic.
That "could potentially enable attackers to make off with sensitive data without the affected company even knowing," the company warned.
Another issue is the ephemeral nature of cloud workloads—an average of only 127 minutes, it reported—adds to the public cloud security challenge.
Other security steps include tracking network traffic and correlating it with cloud computing configurations to detect suspicious activity. Security analysts also recommend stepped up monitoring in order to detect insider threats or compromised public could accounts.