Australian cloud access security brokerage (CASB) Bitglass has published an article in Security Briefing Australia warning that “cloud resources” have become the most coveted target of hackers pervading cryptocurrency mining malware.
“Cloud computing” is essentially the outsourcing of data storage to firms running large data centres.
While cryptojackers have also worked to create cryptojacking botnets comprised of hundreds or thousands of unrelated individuals’ devices, targeting enterprise data centres is not only more simple to administer, it may also be more lucrative.
According to Bitglass Australia APJ vice president David Shephard, “hackers are targeting data centres and vulnerable websites that can help them boost their mining capabilities…” and cryptojacking malware attacks are, “currently the fastest-growing cybersecurity threat to the enterprise.”
The trend may already be alarmingly pervasive, says Shephard:
“A recent report found that almost half of the organisations surveyed have malware in one of their cloud applications, making it one of the biggest threats to organisations.”
In a cryptojacking attack, computing resources are hijacked to process transactions for a cryptocurrency network, usually Monero, a coin popular for its purported un-traceability.
Zombifying malware is injected into a business’s systems, usually through a phishing email designed to seduce an employee into clicking an infectious link or ad.
Hackers will sometimes fashion the infectious email by very carefully profiling targeted employees.
Shephard says the cryptojacking malware, “Trend is showing no signs of slowing down anytime soon…because the rising popularity and value of cryptocurrencies like Bitcoin and Monero have made large-scale cryptojacking a highly lucrative proposition.”
Tesla is one example of a high profile company targeted by cryptojacking.
Shephard warns that the risks should be carefully addressed because, besides compromising the integrity of a data network, a successful hack, “…can cause lasting brand damage.”
According to Shephard, “Attackers compromised Tesla’s environment through an administration console that was not password protected…(and) concealed their activities from conventional firewall and intruder detection systems by hiding the IP addresses of their mining programs behind a content delivery network; they also throttled the mining software to ensure that it did not trigger high-usage-detection systems.”
Bitglass recommends the following preventive measures:
- “Incorporating cryptojacking into existing employee security awareness training is a vital preventative step. The more employees know, the better equipped they will be to avoid falling prey to an attack. As always, it’s important to focus on the way that hackers use highly targeted phishing techniques to gain access to IT environments.”
- “(As) many attacks are delivered via auto-executing cryptojacking scripts on websites, deploying ad-blocking and anti-cryptomining extensions on web browsers is also important.”
- “(Ensuring) strong passwords and multi-factor authentication are in place for all cloud apps and IT assets.”
- “Promptly installing patches and software updates.”
- “(D)eploying cloud-based advanced threat protection (ATP) helps defend against known and zero-day malware.”
- “As bring-your-own-device (BYOD) is becoming common within the vast majority of organisations, securing personal devices through agentless solutions is an absolute must.”
Optimal cybersecurity is a no brainer and win-win for customer and company alike, says Shephard:
“With the correct tools in place, any threat can be detected and blocked as it is uploaded to any app, downloaded to any device, or at rest in the cloud.”